Nytro Posted November 16, 2014 Report Posted November 16, 2014 [h=1]Use After Free Exploitation - OWASP AppSecUSA 2014[/h] Publicat pe 30 sept. 2014 Recorded at AppSecUSA 2014 in DenverAppSec USA 2014 - AppSec USA 2014Thursday, September 18 • 10:30am - 11:15am Use After Free ExploitationUse After Free vulnerabilities are the cause of a large number of web browser and client-side compromises. Software bugs residing on the heap can be difficult to detect through standard debugging and QA. This presentation will first define the Use After Free vulnerability class, and then dive deep into detecting the bug in a debugger and weaponizing it into a working exploit against Internet Explorer. We will also cover the concept of memory leaks which can allow for a complete Address Space Layout Randomization (ASLR) bypass.SpeakersStephen SimsConsultantStephen Sims is an industry expert with over 15 years of experience in information technology and security. Stephen currently works out of San Francisco as a consultant performing reverse engineering, exploit development, threat modeling, and penetration testing. Stephen has an MS in information assurance from Norwich University and is a course author and senior instructor for the SANS Institute. Quote
