Memory Disclosure and You presented at Security B-Sides 2011

by Raid ( Raid ) ,

Tags: Security

Summary : Memory Disclosure and You is a talk aiming to discuss the relevance of a bug class often miscategorized or ignored by the security masses. Memory disclosure has always been useful to attackers, and in modern times has become paramount in attacking software hardened by protection schemes. This talk gives an introduction to memory disclosure, and covers a brief history of it's use by attackers. The content then moves into how memory disclosure bugs can be found and exploited, as well as how other traditional memory corruption bugs can be leveraged for memory disclosure to further aid in their exploitation. Provided code examples will cover a variety of scenarios.
The attendees will walk away with an understanding of the bug class, and real world examples to solidify the concept. Attendees will also leave with an understanding of the flawed ideology which has resulted in so many protection schemes being defeated by memory disclosure. This understanding, in conjunction with the presented code artifacts, will empower the attendees to be able to identify, for either remediation or exploitation, the presence and impact of memory disclosure.