It is no secret that the days of jmp esp are far gone. In the age of Virtualization-Based Security and Hypervisor Protected Code Integrity -- code execution, as a result of a memory corruption vulnerability, is not as trivial as it once was. However, a few times a year, there is always that vulnerability which makes headlines, is remotely exploitable, and obtains code execution in ring 0. What gives? This talk addresses the history of binary exploitation and the mitigations operating systems instrument to thwart those vulnerabilities, how adversaries constantly adopt novel and creative solutions to bypass said mitigations, and the future of exploit development in both user mode and kernel mode.
Connor McGarr
(Red Team Consultant at CrowdStrike)
Connor is a red team consultant for CrowdStrike. If you can manage to pull him away from WinDbg and IDA, you can find him writing blogs and enjoying time with his family and dog. Connor is passionate about anything related to Windows internals, vulnerability research, C, or offensive tradecraft.