Last Chance: MacBook Air, Dell XPS 13 or $600 off with SANS Online Training Ends December 7

Secure Singapore 2014

Singapore, Singapore | Mon, Mar 10 - Sat, Mar 15, 2014
This event is over,
but there are more training opportunities.

Advanced Exploit Writing: Use-After-Free Vulnerabilities

  • Stephen Sims, SANS Senior Instructor
  • Thursday, March 13th, 5:45pm - 7:30pm

We are pleased to acknowledge the Association of Information Security Professionals (AISP) as the co-sponsor of the following special presentation.

Attendance at this event is free of charge however seating is limited and will be allocated on a first-registered basis. Please register by clicking on the *Get Registered* link below.

17:45-18:30 Registration

18:30-19:30 Presentation

Use-After-Free vulnerabilities are responsible for the majority of browser-based (client-side) attacks On the Windows OS. In April, 2013, a Use-After-Free vulnerability was being exploited as part of an attack affecting the US Department of Labor website. We will walk through this vulnerability through exploitation, using modern techniques to bypass exploit mitigation controls and performing patch diffing to identify the flaw.

Presenter Bio:

Stephen Sims, SANS Senior Instructor

Stephen Sims is an industry expert with over 15 years of experience in information technology and security. Stephen currently works out of San Francisco as a consultant. He has spent many years performing security architecture, exploit development, reverse engineering, and penetration testing. Stephen has an MS in information assurance from Norwich University and is a course author and senior instructor for the SANS Institute. He is the author of SANS' only 700-level course, SEC710: Advanced Exploit Development, which concentrates on complex heap overflows, patch diffing, and client-side exploits. Stephen is also the lead author on SEC660: Advanced Penetration Testing, Exploits, and Ethical Hacking. He holds the GIAC Security Expert (GSE) certification as well as the CISSP, CISA, Immunity NOP, and many other certifications.

Stephen will be teaching SEC660: Advanced Penetration Testing, Exploits, and Ethical Hacking at the SANS Secure Singapore event.

 

Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
Tuesday, March 11
Session Speaker Time Type
Incident Response and Forensics In The Cloud Paul Henry, SANS Senior Instructor Tuesday, March 11th, 7:15pm - 9:00pm SANS@Night
Thursday, March 13
Session Speaker Time Type
Advanced Exploit Writing: Use-After-Free Vulnerabilities Stephen Sims, SANS Senior Instructor Thursday, March 13th, 5:45pm - 7:30pm SANS@Night