[1/7] Here are 5 talks I enjoyed in understanding the state-of-the-art in memory corruption strategies and exploit mitigations. This should be valuable to anyone who is moving from traditional "CTF-style" exploitation and wants to know what they're up against in today's era.
1
14
35
[2/7] The Layman's Guide to Zero-Day Engineering by @gaasedelen and @itszn13 is a talk on some of the meta observations, misconceptions, and advice that's relevant to any modern & complex reversing project. Inspiring for those diving into the deep end. invidious.snopyta.org/watch?v=WbuGMs2O…
1
1
3
[3/7] The (Memory Corruption) Safety Dance by @mdowd summarizes the state-of-the-art in mitigations and how they've impacted discovery and development. Explains how a 3-tiered defensive approach has driven up costs, e.g. turning a 1-week effort into months invidious.snopyta.org/watch?v=r2nVZ9BO…
1
2
2
[4/7] Mitigation Bypass: The Past, Present, and Future by @_f0rgetting_ makes us remember how easy exploitation once was, then incrementally cranks up the complexity of strategies to what's required today. Details various bypass techniques used over time. invidious.snopyta.org/watch?v=WsoFmN3o…
1
2
5
[5/7] Modern Windows Userspace Exploitation by @amarsaar concretizes elements from @_f0rgetting_'s talk by solving a single CTF challenge from a Win7 env to Win10 RS5. Illustrates how powerful OS mitigations have become without a change to the codebase. invidious.snopyta.org/watch?v=kg0J8nRI…
1
1
3
[6/7] Lastly, Windows 10 Mitigation Improvements by @dwizzleMSFT and @epakskape gives insight into the defensive perspective and layered strategy used to raise the bar for exploitation. Interesting data points on vulnerability trends. invidious.snopyta.org/watch?v=gCu2GQd0…
3:02 PM · Jan 8, 2019
1
1
3
