Explore the intricacies of exploit development in this ACCU 2019 conference talk by Patricia Aas. Dive into the world of security vulnerabilities and secure coding from an attacker's perspective, focusing on C and x86_64 assembly. Learn about the "Weird Machine" concept, exploit development techniques, and the importance of understanding potential security risks in programming. Examine a simple exploit step-by-step, including target program analysis, stack buffer overflows, and shellcode creation. Gain insights into debugging techniques, stack canaries, and address layout randomization. Discover how to approach exploitation as a programming tool and develop a deeper understanding of secure coding practices. This talk is ideal for programmers looking to enhance their knowledge of cybersecurity and defensive programming strategies.
Overview
Syllabus
Introduction
Patricia Aas
The Weird Machine
The Weird State
The Mental Model
Exploit Development
Target Program
Program
CWE
Use of inherently dangerous function
Happy day scenario
Unhappy day scenario
Global Thermonuclear War
Stack Canary
Debug Build
Prefer C
Debug
Stack variables
Short string
Control
Automate
Fixing C
Stack Buffer Overflow
SLR Address Layout
Pattern Offset
Shellcode
Exploit Framework II
Code Size
STrace
Shell Code
Shut Sea
Inline Assembly
Calling Convention
Character Buffers
Shell
Pipe
Cheating
Weird States
deterministically correct
Taught by
ACCU Conference
