Exploitation In The Modern Era presented at Blackhat Europe 2011

by Chris Valasek (Accuvant Labs), Ryan Smith (Accuvant Labs),

Tags: Security

Summary : While we may see the number of bugs disclosed differ from year to year, the amount of quality exploits has seen a significant downward trend (this could be a complete lie, due to an unlevel desk and a shaky hand). Not only have exploit mitigation technologies played a huge part in the pwning-decline, but many times the vulnerability and application environment is requisite material and may be quite complicated. The lowest of the low hanging fruit has been picked, it's time to acquire a step ladder.
This presentation will cover techniques used for modern exploitation. They will range from memory management and hard/soft leaks to esoteric techniques. Although lacking any new, generic techniques, the presentation will demonstrate exploitation on select targets and tell the story from bug to working exploit.
We will finish up the presentation with multiple, real-world test cases to show how in-depth knowledge was used to leverage code execution in a variety of common applications.