Peering into the Abyss - Understanding the dark side of Uninitialized Structures

Presented at BSides Austin 2018, March 9, 2018, 1:30 p.m. (60 minutes).

Structures are an important data type within programming languages. However, they are often improperly initialized, which results in vulnerabilities ranging from information leaks to memory corruption resulting in arbitrary code execution. Be it a local struct or a global variable, improper initialization could have dire consequences with real-world security implications. This talk covers many of the various ways structures can be initialized and the types of vulnerabilities that can occur if done incorrectly. By reviewing examples in the Apple macOS kernel and in the Microsoft Windows kernel, we identify code patterns to seek out to enable researchers to find bugs and for developers to prevent them. Finally, we'll end by looking at how developers can make modifications to their compilation process to avoid these issues.

Presenters:

  • WanderingGlitch
    WanderingGlitch is a security researcher with Trend Micro's Zero Day Initiative (ZDI). In this role, he analyzes and performs root-cause analysis vulnerabilities submitted to the program, which represents the world's largest vendor-agnostic bug bounty. His focus includes performing root-cause analysis on hundreds of zero-day vulnerabilities submitted by ZDI researchers from around the world. He has presented at numerous security conferences including Black Hat, DEFCON, REcon, Power of Community, and BreakPoint. When not researching the latest bugs in software, WanderingGlitch enjoys rock climbing and playing musical instruments.

Links:

Similar Presentations: