A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


Format String Vulnerabilities 101 Derbycon 2012 (Hacking Illustrated Series InfoSec Tutorial Videos)

Format String Vulnerabilities 101
Derbycon 2012

An introduction to format string vulnerabilities within the Windows Intel Architecture environment. During this presentation will introduce the audience to the concepts of format strings and associated vulnerabilities. I will take the audience from the basics of what is a format string and how itís used, through discovering and leveraging of format string vulnerabilities. I will show how format strings vulnerabilities can be used to read data from process stack, arbitrary memory and also methods used to write data to arbitrary memory. Leveraging vulnerable format string functions we will also discuss the basics of triggering various exceptions to gain control of the flow of execution within a vulnerable application. This presentation will include a number of live demonstrations.

Deral Heiland

Deral Heiland CISSP, serves as a Senior Security Engineer for CDW where he is responsible for security assessments, and consulting for corporations and government agencies. In addition, Deral is the founder of Ohio Information Security Forum a not for profit organization that focuses on information security training and education. Deral Is also a member of the foofus.net security team.Deral has presented at numerous conferences including ShmooCon, Defcon, CarolinaCon, Securitybyte India, and has also been a guest lecturer at the Airforce Institute of Technology (AFIT). Deral has over 18 years of experience in the Information Technology field, and has held multiple positions including: Senior Network Analyst, Network Administrator, Database Manager, Financial Systems Manager and Senior Information Security Analyst where he was responsible for delivering security guidance and leadership in the area of risk and vulnerability management for a global Fortune 500 manufacturer.

Back to Derbycon 2012 video list

Printable version of this article

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast