A "Crash" Course in Exploiting Buffer Overflows w/Parker Garrison

Details:
Buffer overflows are consistently used by some of the largest-scale attacks in recent history, including by Conficker in 2008 and WannaCry (EternalBlue) in 2017. These are possible when an application uses a function with copies more memory than it has allocated for a destination buffer, thereby overwriting other critical data in the program.
Despite this, many security professionals don't know how to test for and craft a buffer overflow exploit for a custom application. In this workshop we will do exactly that; then introduce exploit mitigations including ASLR and NX, demonstrating a way around each of this mitigations.

BIO:
J. Parker Garrison
UNC Charlotte | B.S. Computer Science, concentration​ in ​Cybersecurity; M.S. Cybersecurity, concentration in Network Security​​ expected 5/2019
ISACA Student Group of UNCC: President; UNCC OWASP Student Chapter: President; CCI Student Council Speaker
GIAC GXPN: https://youracclaim.com/user/parker; SANS Security Hall of Fame: https://sans.org/security/
Resume: http://parkergarrison.com/resume/JParkerGarrison_Resume.pdf

Things to Know

• CPE credits will credited for those who possess certifications that require it.
• Security food is usually defined as pizza and wings.
• Please arrive a little early for Meet and Greet if you are able.
• We are a resource, leverage us a such.
• Trial and error is how we did it; will give you a head-start. Just ask.

Tentative Agenda:

6:00 - 6:30 Meet and Greet
6:30 - 6:45 OWASP Chapter Meeting Announcements
6:45- 7:00 Fire Talks
7:00 - 7:45 Presentation (Speaker)
7:45 - 8.00: Q & A session
8:00 - 8:15 Closing Remarks and Dismissal