Bonus Session Registration

Advanced Exploit Writing: Use-After-Free Vulnerabilities

• Stephen Sims, SANS Senior Instructor
• Thursday, March 13th, 5:45pm - 7:30pm

We are pleased to acknowledge the Association of Information Security Professionals (AISP) as the co-sponsor of the following special presentation.

Attendance at this event is free of charge however seating is limited and will be allocated on a first-registered basis. Please register by clicking on the *Get Registered* link below.

17:45-18:30 Registration

18:30-19:30 Presentation

Use-After-Free vulnerabilities are responsible for the majority of browser-based (client-side) attacks On the Windows OS. In April, 2013, a Use-After-Free vulnerability was being exploited as part of an attack affecting the US Department of Labor website. We will walk through this vulnerability through exploitation, using modern techniques to bypass exploit mitigation controls and performing patch diffing to identify the flaw.

Presenter Bio:

Stephen Sims, SANS Senior Instructor

Stephen Sims is an industry expert with over 15 years of experience in information technology and security. Stephen currently works out of San Francisco as a consultant. He has spent many years performing security architecture, exploit development, reverse engineering, and penetration testing. Stephen has an MS in information assurance from Norwich University and is a course author and senior instructor for the SANS Institute. He is the author of SANS' only 700-level course, SEC710: Advanced Exploit Development, which concentrates on complex heap overflows, patch diffing, and client-side exploits. Stephen is also the lead author on SEC660: Advanced Penetration Testing, Exploits, and Ethical Hacking. He holds the GIAC Security Expert (GSE) certification as well as the CISSP, CISA, Immunity NOP, and many other certifications.

Stephen will be teaching SEC660: Advanced Penetration Testing, Exploits, and Ethical Hacking at the SANS Secure Singapore event.