Loading…
BSides Austin 2018 has ended
Friday, March 9 • 1:30pm - 2:30pm
Peering into the Abyss - Understanding the dark side of Uninitialized Structures

Sign up or log in to save this to your schedule and see who's attending!

Structures are an important data type within programming languages. However, they are often improperly initialized, which results in vulnerabilities ranging from information leaks to memory corruption resulting in arbitrary code execution. Be it a local struct or a global variable, improper initialization could have dire consequences with real-world security implications.

This talk covers many of the various ways structures can be initialized and the types of vulnerabilities that can occur if done incorrectly. By reviewing examples in the Apple macOS kernel and in the Microsoft Windows kernel, we identify code patterns to seek out to enable researchers to find bugs and for developers to prevent them. Finally, we’ll end by looking at how developers can make modifications to their compilation process to avoid these issues.

Speakers
W

WanderingGlitch

WanderingGlitch is a security researcher with Trend Micro’s Zero Day Initiative (ZDI). In this role, he analyzes and performs root-cause analysis vulnerabilities submitted to the program, which represents the world’s largest vendor-agnostic bug bounty. His focus includes performing... Read More →


Friday March 9, 2018 1:30pm - 2:30pm
Big Tex Auditorium

Attendees (19)