Workshop: Once upon a malloc… (Aleksander Mundjar)
| May 15th, 2023Level: Advanced Subject Matter
The idea is to first explain in depth how dynamic memory management works in glibc, as well as what could go wrong in the process of allocating or freeing memory. We will take a look at heap-based buffer overflows, use after free vulnerabilities, and why these two are the leading cause of software-based exploits even in 2023. how other allocators(for example scudo) prevent them, and of course also how to exploit them in different scenarios and environments(this will be the live demo part). I will also present the protections that have been put in place by system software developers in order to try and restrict the damage that these vulnerability classes can cause if exploited successfully.
Bio:
Aleksander Mundjar is CTF player, cybersecurity researcher, college student.