I WANT MY EIP: BUFFER OVERFLOW 101

From Mike Saunders (@hardwaterhacker)

When I started learning buffer overflows, I thought it was something everybody else already knew. But the reality is, there are lots of us, just like me, who want to know more but are either overwhelmed by the idea that buffer overflows are beyond their capabilities or just don’t know where to get started. This is a 101-level talk; we’ll talk about how a buffer overflow works, how to fuzz an app to identify an overflow opportunity, and how to create a simple overflow that will result in a compromise of a target system. If you can already smash the stack, spray the heap, and write ROP chains in your sleep, this isn’t the talk for you. If you want to learn more about how simple buffer overflows work and how to write them, this talk is for you. When you leave, you will have the information and resources to help you write your first overflow when you walk out the door.

 

Download the slides here

 

Python Source Code here

 

For more information or questions for Mike, Join the Red Siege community Discord server: redsiege.com/discord

You can always reach out to our team at redsiege.com/#contact