Classic Vulnerabilities

Explore the rich history of native exploitation and classic vulnerabilities in this NDC Security 2022 conference talk by Patricia Aas. Delve into decades-old vulnerabilities and exploitation techniques that continue to surface in recent years. Learn how modern tooling equips us to find and fix these "classic" vulnerabilities. Examine specific examples from the past, including memory allocation issues, Android IPC vulnerabilities, and use-after-free exploits. Discover how undefined behavior and compiler optimizations can lead to security risks. Gain insights into recent CVEs and their connections to long-standing security challenges. Understand the importance of cross-pollination in security knowledge and the ongoing relevance of heap overflow vulnerabilities in today's software landscape.

Introduction
Living in the future
Systems programming vs binary exploitation
Patricia Aas
Back in time
Back in 2000
Example
Memory Allocation
Free Function
Typical Unlinking
Basic Insight
Bad Binder
Android IPC
Googles Response
Config Debug List
Use After Free
Overwrite Address Limits
Address Sanitizer
Frack Magazine
Undefined Behavior
CV 201716
CV 201717
CV 201718
CV 2021
CV 2010 Code
Format Streams 2010
Apple iOS 2021
Compilers
Crosspollination
Heap Overflow