Explore the evolution and effectiveness of memory safety vulnerability mitigation strategies in this 34-minute conference talk by Mark Dowd from Azimuth Security. Delve into the explosive growth of technologies aimed at combating memory corruption vulnerabilities over the past decade. Examine traditional and new approaches to thwarting exploitation techniques, and evaluate their impact on cybersecurity. Gain insights into the future of preventing wide-scale exploitation of memory corruption vulnerabilities through a comprehensive analysis of defense-in-depth strategies, including bug minimization, exploit mitigations, and isolation. Learn about the costs associated with vulnerability discovery and exploit development through real-world browser exploit walkthroughs from 2009 and 2015.
Overview
Syllabus
Introduction
What will we cover?
Applicability
Defense-In-Depth - A three-tiered approach
Defense-In-Depth - Bug Minimization
Defense-In-Depth - Exploit Mitigations
Defense-In-Depth - Isolation
Let's talk about cost - Discovery cost
Browser Exploit Walkthrough 2009 (UAF)
Browser Exploit Walkthrough 2015 (UAF) - Core Security (IE11) MS15-106
Let's talk about cost - Development cost
The Future
Taught by
Kaspersky
