Last Week for OnDemand Special Offer: iPad Air w/ Smart KB, Surface Go, or $300 Off

London June 2018

London, United Kingdom | Mon, Jun 4 - Tue, Jun 12, 2018
This event is over,
but there are more training opportunities.

Weaponizing Memory Leak Bugs

  • Stephen Sims
  • Monday, June 4th, 7:00pm - 8:00pm

Modern browsers participate in various exploit mitigations, often making it very difficult to exploit a discovered vulnerability. One of the most troublesome mitigations is Address Space Layout Randomisation (ASLR). This control changes the layout of memory each time a process is started or the system is rebooted, removing any address predictability often desired by an attacker. Memory leak bugs can allow an attacker visibility into the affected process, rendering ASLR useless. Join Stephen for this advanced talk where he'll demonstrate weaponizing a memory leak bug affecting Internet Explorer 11 or Edge. This will include triggering the bug, followed by walking through it in a debugger, and finally weaponizing it to aid in exploitation of the browser.

Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
Monday, June 4
Session Speaker Time Type
So, You Wanna Be a Pentester? Adrien de Beaupre Monday, June 4th, 6:00pm - 7:00pm SANS@Night
Weaponizing Memory Leak Bugs Stephen Sims Monday, June 4th, 7:00pm - 8:00pm SANS@Night
Tuesday, June 5
Session Speaker Time Type
Danger Stewards - Measuring Risk and Predicting the Future for Fun and Profit Doc Blackburn Tuesday, June 5th, 6:00pm - 7:00pm SANS@Night
The Forensic World of Windows 10 Updates Alissa Torres Tuesday, June 5th, 7:00pm - 8:00pm SANS@Night