In this talk I will present various tools that I used for finding vulnerabilities in open source software. I will try to demonstrate the various bug patterns and how I look for them using examples in everyday software. I will explain how to go from a bug to a vulnerable bug.
Finally, I will explain what is use-after-free (auf) and the bug patterns to look for. Use uaf bugs can be quite tricky to find and quite complicated to exploit. But can be quite dangerous if an attacker understands them well. To demonstrate how powerful uaf in a scripting engine can be, I will walk the audience through a uaf in a modern browser bugs and the some techniques used to exploit them.
Jean-Marc Leblanc Reverse Engineer, EWA-Canada
Currently working as a reverse engineer at EWA-Canada, Jean-Marc has worked for multiple respected security enterprises for past 5 years including national security agencies and contract work at google. On top of his professional security research, he has done a lot of personal vulnerability research on large popular applications. He has successfully claim bug bounties from google chrome and shopify. He has presented multiple talk at various conferences including last years script engine hacking for fun and profit at northsec and “why U A.F.ter calc?” at Ihack Ottawa.