Video of talk "Path Dependence: History Matters" given by Laura Nolan at our #CupánTaeConf Virtual Series is up. Enjoy!

https://youtu.be/2lVu5_B7yUM?si=nn08g_BbCq2nTEhS

#TechTalks #IrishTechCommunity #TechCommunity

@Patricia @cupantaeconf

In 2010 Format String vuln relies on many features of printf

#CupanTaeConf

@Patricia @cupantaeconf

How to find it UB and integer Sanitizer

#CupanTaeConf

@Patricia @cupantaeconf

And in 2021
#CupanTaeConf

@Patricia @cupantaeconf

in 2002 we talked about buffer overflow and in 2017 ...

#CupanTaeConf

@Patricia @cupantaeconf

omg 😹 and oldie but a good one

#CupanTaeConf

@Patricia @cupantaeconf

How to find it ?

#CupanTaeConf #BadBinder

@Patricia @cupantaeconf

We can see the pattern of the vulnerability explained before

#CupanTaeConf

@Patricia @cupantaeconf

ooof! root exploit 💥

#CupanTaeConf #

@Patricia @cupantaeconf

in 2019 Bad Binder vulnerability.!
Binder is Android's IPC mechanism

#CupanTaeConf #Android #BadBinder

@Patricia @cupantaeconf

... she showed us some code on how to fix the vuln and how to find them.

Some tools exist, like ASan but they replace malloc, so tricky

#CupanTaeConf #chocolateDoom

@Patricia @cupantaeconf

Showing when the Unlink happens... the shape of the vulnerability

#CupanTaeConf #ClassicVulnerabilities

@Patricia @cupantaeconf

#CupanTaeConf

@Patricia @cupantaeconf

Going over doubly-linked lists as the z_malloc is an implementation of malloc that has some extra metadata which uses a doubly linked list, and the vulnerability relies on this structure

#CupanTaeConf #ClassicVulnerabilities

@Patricia @cupantaeconf

We keep seeing the same pattern of something similar to what today call Unlink Vulnerability

#CupanTaeConf #patriciaRocks!

We are live now if you want to join us https://cupantaeconf.com/classic-vulnerabilities-by-patricia-aas/
@Patricia @cupantaeconf

#CupanTaeConf #vulnerabilities

Tea minus 1 Day till #CupánTaeConf with Patricia Aas who will be talking about "Classic Vulnerabilities". #CyberSecurity #TechTalk

🗓️ Tue May 7 (6PM IST/7PM)CEST followed by chats @ 7PM IST/8CEST

🎟️ Tickets (€5) & det: https://cupantaeconf.com/classic-vulnerabilities-by-patricia-aas/

Credit: Audio by @bandadeer

#Community #CupánTae #NeedACuppaTea #CodingGrace

A sip of tea from Laura Nolan: https://youtube.com/shorts/Rk29vY-rYkE?si=ZUeCnZJhg9JqAWvS

🔜 Video will be out soon.

But if you want to join us live with our 3rd speaker, Patricia Aas, she will be talking about "Classic Vulnerabilities" on Tue May 7 @ 6PM.
🎟️ https://cupantaeconf.com/classic-vulnerabilities-by-patricia-aas/

#CupánTaeConf #TechTalks

I won't be there on the night because I'll be co-hosting @codinggrace's newest virtual talks called @cupantaeconf.

Our final speaker of our first series is Patricia Aas talking about "Classic Vulnerabilities".

You can still get tickets (€5) and join us virtually:
https://cupantaeconf.com/classic-vulnerabilities-by-patricia-aas/

#TechTalks #CupanTae #CupanTaeConf #Community

John Looney's livestreamed (unplugged) talk on "Second System Effect - not a new problem" is now available.

https://youtube.com/live/DC397Cbi3Hc?feature=share

Note: When we upload the polished video, we will remove the live-stream.

#CupanTaeConf #CupánTae #TechTalks #Community