Confidence - (24-25.05 2011 Krakow)
Language: polski | engish

Chris Valasek

Chris Valasek is the Senior Research Scientist for Accuvant LABS. His focus on original research in areas such as vulnerability discovery, exploitation techniques and reverse engineering has allowed him to contribute massive results to the community in these niche areas. While Chris is best known for his publications regarding the Microsoft Windows Heap, his research has broken new ground in areas such as vulnerability discovery, exploitation techniques, reverse engineering, source code and binary auditing, and protocol analysis. Chris’ most recent major speaking engagements include “Understanding the Low Fragmentation Heap” (Black Hat USA 2010 / EkoParty 2010), “Defenseless in Depth” (BayThreat 2011) and “Exploitation in the Modern Era (aka. The Blueprint)” (Blackhat Europe 2011).

Topic of Presentation:
Modern Heap Exploitation using the Low Fragmentation Heap

Language:
English

Abstract:
Exploit mitigation technologies have made reliable heap exploitation increasingly difficult since the inception of the 4-byte over write, over ten years ago. At the same time, applications needed to become more stable without using absurd amounts of memory (Who doesn’t keep their web browser with multiple tabs open for days?). Heap memory management has matured over time, but with complex new code comes new opportunity for exploitation.

This presentation will focus on understanding the Low Fragmentation heap on Windows 7 (32-bit). After a foundation of integral concepts is laid, new exploitation techniques will be thoroughly discussed. Finally, we will use this new found knowledge to leverage supposed non-exploitable vulnerabilities. Specifically we will cover a case study showing how to craft an exploit for the IIS FTP 7.5 denial of service (http://blogs.technet.com/b/srd/archive/2010/12/22/assessing-an-iis-ftp-7-5-unauthenticated-denial-of-service-vulnerability.aspx), resulting in full control of EIP.

We hope to see you there! http://illmatics.com/FTPOwned.PNG