Advanced Exploit Writing: Use-After-Free Vulnerabilities
- Stephen Sims, SANS Senior Instructor
- Thursday, March 13th, 5:45pm - 7:30pm
We are pleased to acknowledge the Association of Information Security Professionals (AISP) as the co-sponsor of the following special presentation.
Attendance at this event is free of charge however seating is limited and will be allocated on a first-registered basis. Please register by clicking on the *Get Registered* link below.
Use-After-Free vulnerabilities are responsible for the majority of browser-based (client-side) attacks On the Windows OS. In April, 2013, a Use-After-Free vulnerability was being exploited as part of an attack affecting the US Department of Labor website. We will walk through this vulnerability through exploitation, using modern techniques to bypass exploit mitigation controls and performing patch diffing to identify the flaw.
Stephen Sims, SANS Senior Instructor
Stephen Sims is an industry expert with over 15 years of experience in information technology and security. Stephen currently works out of San Francisco as a consultant. He has spent many years performing security architecture, exploit development, reverse engineering, and penetration testing. Stephen has an MS in information assurance from Norwich University and is a course author and senior instructor for the SANS Institute. He is the author of SANS' only 700-level course, SEC710: Advanced Exploit Development, which concentrates on complex heap overflows, patch diffing, and client-side exploits. Stephen is also the lead author on SEC660: Advanced Penetration Testing, Exploits, and Ethical Hacking. He holds the GIAC Security Expert (GSE) certification as well as the CISSP, CISA, Immunity NOP, and many other certifications.
Stephen will be teaching SEC660: Advanced Penetration Testing, Exploits, and Ethical Hacking at the SANS Secure Singapore event.
The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:
- SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
|Incident Response and Forensics In The Cloud||Paul Henry, SANS Senior Instructor||Tuesday, March 11th, 7:15pm - 9:00pm||SANS@Night|
|Advanced Exploit Writing: Use-After-Free Vulnerabilities||Stephen Sims, SANS Senior Instructor||Thursday, March 13th, 5:45pm - 7:30pm||SANS@Night|