Jump to content
Sign in to follow this  

Security Espresso 0x23 (Virtual)

Recommended Posts




Guess who's back! After a rather long pause, Security Espresso's Meetups are back, in an online format! We're sure that you miss the gatherings and the beers, but rest assured it's all going to happen anyway!

Our first virtual meetup will happen online and will be streamed to YouTube. Make sure to join our Telegram group if you didn't already so you can ask any questions you might have for the speakers: https://t.me/secespresso

Without further ado, here are the speakers for Security Espresso Meet-up 0x23:


19:00 → 19:45
☠️ Principles of heap-based exploits on Windows 7 & 10 x32
📣 Stefan Nicula - Senior Threat Researcher @ Avira Protection Labs, Twitter: @stefan_nicula

A successful userland heap memory corruption exploit on Windows requires a good grasp on the mechanisms behind the Heap Manager. The talk aims to tackle Windows Heap Manager internals such as Backend vs Frontend Allocators, VirtualAlloc, heap memory layout, Windows 10 vs Windows 7 Heap Manager differences and Windows Heap Integrity protection. We will also explore heap exploit principles for Use-after-free and Double Free exploits like primitives, allocators, precise heap spraying, stack pivot and ROP chaining.

In a future part 2 of the presentation, we will dive into more advanced techniques related to memory information leak, type confusion, abusing vtable pointers and Windows ATP protection bypasses.

19:45 → 20:00
⏸ Break


20:00 → 20:45
🕶 Opsec guide for the security enthusiast
📣 Dan Demeter - Security Researcher @ GReAT, Twitter: @_xdanx
📣 Marco Preuss - Director @ GReAT, Europe, Twitter: @marco_preuss

As more and more metadata is passively collected at a large scale, one might question the boundaries set by governments in regards to privacy and personal life. We believe privacy  is a fundamental human right and, by using the right tools, it can still be achieved.
During this beginner’s opsec guide we will present techniques and tools to protect your digital communications, as well as your equipment.

Some covered topics:
- Corporate communication crisis management
- Encryption and secure communication
- Physical device security
- Network activity monitoring
- Travelling to foreign countries


20:45 → ∞
🍻 Virtual beer on Discord! Attendance policy: BYOD (bring your own drink).
🔗 Join us: https://discord.gg/7kCdJp8

  • Upvote 2

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Create New...