Presented at
DEF CON 15 (2007),
Aug. 4, 2007, 6 p.m.
(50 minutes)
As of today, Vista, XP, 2K03, OS X, every major Linux distro, and each of the BSD's either contain some facet of (stack|buffer|heap) protection, or have one available that's relatively trivial to implement/enable. So, this should mean the end of memory corruption-based attacks as we know it, right? Sorry, thanks for playing.
The fact remains that many (though not all) implementations are incomplete at best, and at worst are simply bullet points in marketing documents that provide a false sense of safety.
This talk will cover the current state of software and hardware based memory corruption mitigation techniques today, and demystify the myriad of approaches available, with a history of how they've been proven, or disproved. We'll then walk through some real-world analysis of attacks against vulnerable code, and look at how effective the various protection mechanisms are at stopping them.
As an addition to this talk, I thought I'd put my money where my mouth is, so I'm offering a shiny new server up for "Øwn the box? Own the box!", running two services with known vulnerabilities that, hopefully, are protected by the countermeasures described in the talk. If it's compromised before the talk, the winner should be prepared to come up on stage and share how he / she succeeded.
Presenters:
-
Shawn Moyer
- Chief Researcher, SpearTip Technologies
Shawn Moyer is the Chief Researcher of SpearTip Technologies, a forensics, assessment and incident response consultancy. He has led security projects for major financial companies, credit card vendors, and the federal government, written for Information Security magazine, and spoken previously at BH and other conferences. He's currently spending most of his waking moments building a soon-to-be-released security appliance. In his spare time, he's been working on translating Snow Crash into Esperanto.
Links:
Similar Presentations: