An introduction to format string vulnerabilities within the Windows Intel Architecture environment. During this presentation will introduce the audience to the concepts of format strings and associated vulnerabilities. I will take the audience from the basics of what is a format string and how it’s used, through discovering and leveraging of format string vulnerabilities. I will show how format strings vulnerabilities can be used to read data from process stack, arbitrary memory and also methods used to write data to arbitrary memory. Leveraging vulnerable format string functions we will also discuss the basics of triggering various exceptions to gain control of the flow of execution within a vulnerable application. This presentation will include a number of live demonstrations.
Deral Heiland
Deral Heiland CISSP, serves as a Senior Security Engineer for CDW where he is
responsible for security assessments, and consulting for corporations and
government agencies. In addition, Deral is the founder of Ohio Information
Security Forum a not for profit organization that focuses on information
security training and education. Deral Is also a member of the foofus.net
security team.Deral has presented at numerous conferences including ShmooCon,
Defcon, CarolinaCon, Securitybyte India, and has also been a guest lecturer at
the Airforce Institute of Technology (AFIT). Deral has over 18 years of
experience in the Information Technology field, and has held multiple positions
including: Senior Network Analyst, Network Administrator, Database Manager,
Financial Systems Manager and Senior Information Security Analyst where he was
responsible for delivering security guidance and leadership in the area of risk
and vulnerability management for a global Fortune 500 manufacturer.
If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.
Copyright 2020, IronGeek