Chop Suey: An Exceptional Dish with a Side of Buffer Overflows
Dangers lie on the long and unwinding road of an exception from its throw to a catch handler. Stack buffer overflows can confuse the unwinding code. We'll talk about how we investigated what's going on and accidentally found a new exploitation technique. You'll join us on a short trip through our one-year journey investigating exploit primitives, looking for them in real-world software, and building new exploits for old bugs. For science.
Fabian Freyer has a love-hate relationship with reverse engineering and binary exploitation. Using the advanced method of excessive amounts of intense staring at hexdumps in Binary Ninja, trying to figure out every bit of the software he’s looking at, only to be disappointed it doesn’t give a flag to hand into the scoreboard. After years of CTF playing, he’s turned to using his skills as an independent security researcher but is currently taking a break from breaking things to build things at a hosting provider. Since then, he’s been scratching that itch by doing security research into mitigations at a systematic level.
Marius Muench is a postdoctoral researcher at Vrije Universiteit Amsterdam. His research interests cover (in-)security of embedded systems, as well as binary and microarchitectural exploitation. He obtained his Ph.D. from Sorbonne University in cooperation with EURECOM. He developed and maintains avatar2, a framework for analyzing embedded systems firmware.