No announcement yet.

Maxwell Dulin,Zachary Minneker, Kenzie Dolan, Justin drtychai Angra - House of Heap Exploitation

  • Filter
  • Time
  • Show
Clear All
new posts

  • Maxwell Dulin,Zachary Minneker, Kenzie Dolan, Justin drtychai Angra - House of Heap Exploitation

    Maxwell Dulin, James Dolan, Zachary Minneker, Kevin Choi - House of Heap Exploitation


    Thursday from 1400 to 1800
    EventBrite Link:

    Heap exploitation is an incredibly powerful tool for a hacker. As exploit mitigations have made exploitation more difficult, modern exploit development has moved to the heap. However, heap exploitation is a major wall in the binary exploitation journey because of its complexity. To conquer this difficultly, the workshop tackles the complexity head on by diving into the weeds of the allocator directly, taking on many hands-on exercises/challenges and creating easy to grasp diagrams to understand all of the concepts.

    This workshop is for learning heap exploit development in glibc Malloc, which is the default allocator on most Linux distrobutions. With this hands-on introduction into glibc Malloc heap exploitation you will learn how the allocator functions, heap specific vulnerability classes and to pwn with a variety of techniques. To make the material easy to consumable, there are many hands-on exercises, a pre-built virtual machine with everything necessary for binary exploitation and an immense amount of visuals for explaining the material. After taking this course you will understand the internals of the glibc Malloc allocator, be able to uncover heap memory vulnerabilities and pwn the heap with a variety of techniques, with the capability to go further into the art afterwards.

    Skill Level: Intermediate. This is not a beginner course; this will not go through the basics of binary exploitation very much.
    Materials Needed:
    Laptop with enough power for a moderately sized Linux VM
    Administrative access to the laptop
    8GB RAM minimum
    30GB harddrive space
    Virtualbox or another virtualization platform installed

    Maxwell Dulin (also known as Strikeout) loves hacking all things under the sun. In his day job, he works as a security engineer primarily focused on web applications. But at night, he leaves the tangled web into the open space of radio signals, garage doors, scoreboards, RC cars, and pwn challenges. From the latter, he gained enough expertise to create a heap exploitation course that has been delivered at a number of security conferences, including DEFCON. In his spare time, he has found Linux kernel 0-days, and reverse engineered numerous wireless devices. To summarize, if you put something in front of him, he'll find a way to break it and make it do what he wants.

    Zachary Minneker is a security researcher and security engineer at Security Innovation. His first computer was a PowerPC Macintosh, an ISA which he continues to defend to this day. At Security Innovation, he has performed security assessments on a variety of systems, including robots for kids, audio transcription codecs, and electronic medical systems. He has previous experience administrating electronic medical systems, and deep experience in fuzzing, reverse engineering, and protocol analysis. His research has focused on techniques for in-memory fuzzing, macOS sandbox security, and IPC methods.

    Kenzie Dolan (they/she) works for Security Innovation as a Senior Security Engineer focusing on engagements ranging from IoT hacking to kiosk exploitation. Their current research interests include emerging threats against Mobile and IoT devices. They have a degree in Computer and Information Science from University of Oregon. In their free time, Kenzie enjoys composing music, playing video games or hiking in the greater Seattle area.

    Raised on a steady diet of video game modding, when Nathan found programming as a teenager, he fit right into it. Legend says he still keeps his coffee (and tear) stained 1980s edition of The C Programming Language by K&R stored in a box somewhere. A few borrowed Kevin Mitnick books later, he had a new interest, and began spending more and more time searching for buffer overflows and SQL injections. Many coffee fueled sleepless nights later, he had earned OSCP, and graduated highschool a few months later. After a few more years of working towards a math degree and trying fervently to teach himself cryptanalysis, he decided to head back to the types of fun hacking problems that were his real first love, and has worked at Security Innovation ever since.

    Justin "drtychai" Angra (he/they) is former nuclear physicist and current security researcher. They have spent over a decade working on low-level vulnerability research and exploitation methodologies. Their primarily focusing has been on fuzzing JavaScript compilers, security validation, building weird shit in Rust, and software penetration testing. They're a member of the OpenToAll and Neg9 CTF teams and enjoys working with spray paint in their free time.

    Max Class Size: 100

    Last edited by number6; July 4, 2022, 15:55.

  • #2
    This is such a great opportunity for getting in touch with people that have such experience. I already signed up, is there any way that we could have more details about the location at Harrah's?


    • number6
      number6 commented
      Editing a comment
      The only information I have about DEF CON Workshops was provided to me by the people that run DEF CON Workshops and the Eventbrite details.
      Once the conference maps are published, I'd expect some kind of update on where workshops will happen.

      URL1: " Stay tuned for Maps of the Convention Spaces!"

      After maps are online, locations for many things at DEF CON should appear on these maps and help you find details about the location of a specific workshop.