Modern C/C++ Security: Vulnerabilities and Exploitation

We'll have two talks at this User Group meeting: Clark Gaebel who will give an overview of the new Rust programming language, and Chris Roholf.

Introduction to Rust: Rust is a modern systems programming language meant to compete in the exact same space as C and C++. It brings modern ideas about safety without compromising performance. If you are writing systems-level software (kernels, garbage collectors, low-latency applications, etc.), I think you'll find Rust extremely interesting. For example, there is performance sensitive code that is possible to write in pure Rust that would be impossible to write even in C, and no tricks possible in C/C++ that you can't do in Rust.

Modern C++ Security: Ever wonder what exploitable use-after-free vulnerabilities look like in C++ code? What about type confusions in complex web browser engines? C++ may be evolving but memory corruption is still alive and well. While the concept of memory corruption is not new, the trends in C/C++ vulnerability research change with time in order to adapt to new security protections. We will discuss some of the newer and more complex bug classes prevalent in applications today and what tools and techniques can be used to find and fix them.

Chris Rohlf is the founder of Leaf Security Research (http://leafsr.com), a boutique software security consulting firm. Chris has been involved in the security space for over 10 years and regularly performs source code audits, reverse engineering, architecture reviews, and general security consulting for clients of all sizes.