Exploiting Parsing Vulnerabilities presented at BlackHatAsia 2002

by Greg Hoglund,

Summary : This talk will focus on reverse engineering parsing code using a combination of IDA-Pro and runtime debugging tools. Several important techniques are revealed that will assist the practitioner in locating and exploiting user input problems in software. The author will present a custom debugging tool called 'The Pit' which automates data input tracing in runtime executables. To make the most of this talk, attendees should have a basic understanding of software debugging and assembly language.