Weaponizing Browser-Based Memory Leak Bugs - Stephen Sims
- Thursday, August 23rd, 2018 at 3:30 PM EST (19:30:00 UTC)
- Stephen Sims
You can now attend the webcast using your mobile device!
Overview
Modern browsers participate in various exploit mitigations, often making it very difficult to exploit a discovered vulnerability. One of the most troublesome mitigations is Address Space Layout Randomization (ASLR). This control changes the layout of memory each time a process is started or the system is rebooted, removing any address predictability often desired by an attacker. Memory leak bugs can allow an attacker visibility into the affected process, rendering ASLR useless. Join Stephen for this advanced talk where he'll demonstrate weaponizing a memory leak bug affecting Internet Explorer 11 or Edge. This will include a summary of the relative bug class, triggering the bug, followed by walking through it in a debugger, and finally weaponizing it to aid in exploitation of the browser.
Stephen Sims is the lead course author of our advanced penetration testing and exploit writing and development courses, SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking and SEC760: Advanced Exploit Development for Penetration Testers
Speaker Bio
Stephen Sims
Stephen Sims is an industry expert with over 15 years of experience in information technology and security. Stephen currently works out of San Francisco as a consultant. He has spent many years performing security architecture, exploit development, reverse engineering, and penetration testing. Stephen has an MS in information assurance from Norwich University and is a course author and senior instructor for the SANS Institute. He is the author of SANS' only 700-level course, SEC760: Advanced Exploit Development for Penetration Testers, which concentrates on complex heap overflows, patch diffing, and client-side exploits. Stephen is also the lead author on SEC660: Advanced Penetration Testing, Exploits, and Ethical Hacking and co-author of SEC599: Defeating Advanced Adversaries – Purple Team Tactics & Kill Chain Defenses. He holds the GIAC Security Expert (GSE) certification as well as the CISSP, CISA, Immunity NOP, and many other certifications. In his spare time Stephen enjoys snowboarding and writing music.
Need Help? Visit our FAQ page or email webcast-support@sans.org.
Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.
