I Want My EIP: Buffer Overflow 101
Mike Saunders to Speak at NolaCon
Red Siege Information Security Principal Consultant Mike Saunders will present “I Want My EIP: Buffer Overflow 101” at NolaCon, an information security/hacker conference in New Orleans from May 15 – 17.
“When I started learning buffer overflows, I thought it was something everybody else already knew. But the reality is, there are lots of us, just like me, who want to know more but are either overwhelmed by the idea that buffer overflows are beyond their capabilities or just don’t know where to get started,” Saunders said. “This is a 101-level talk; we’ll talk about how a buffer overflow works, how to fuzz an app to identify an overflow opportunity, and how to create a simple overflow that will result in a compromise of a target system.”
Saunders, who has been involved in IT and security for more than 25 years, will bring shirts and stickers to give away. He stressed that the presentation was for buffer overflow beginners, but that for those interested in the subject it would provide immediately usable information.
“If you can already smash the stack, spray the heap, and write ROP chains in your sleep, this isn’t the talk for you. If you want to learn more about how simple buffer overflows work and how to write them, this talk is for you,” Saunders said. “When you leave, you will have the information and resources to help you write your first overflow when you walk out the door.”
NolaCon will be held at the Hyatt Centric in New Orleans with a Training from May 11-14 and Conference from May 15 – 17. 2020 marks the events seventh year, and topics are focused on today’s information security needs including malware, exploits, vulnerabilities, social engineering and forensics. Saunders presentation time has not yet been announced.
Mike Saunders has over 25 years of experience in IT and security and has worked in the ISP, financial, insurance, and agribusiness industries. He has held a variety of roles in his career including system and network administration, development, and security architect. Mike been performing penetration tests for nearly a decade. Mike is an experienced speaker and has spoken at DerbyCon V and VII, BSides MSP, BSides Winnipeg, and the NDSU Cyber Security Conference. He has participated multiple times as a member of NCCCDC Red Team. Mike holds the GCIH, GPEN, GWAPT, GMOB, CISSP, and OSCP certifications.
Related StoriesView More
Obfuscating Shellcode Using Jargon
By Red Siege | July 31, 2023
by Mike Saunders, Principal Security Consultant In a recent blog , we discussed how encrypting shellcode leads to increased entropy, which may result in your shellcode loader being blocked and/or […]Learn More
Browser Only Web Application Testing
By Red Siege | July 24, 2023
By: Ian Briley, Security Consultant Spoiler Alert: Burp is the number one tool most people use while testing web applications. If you want to be an open-source champion, ZAP from […]Learn More
Introduction to Mythic C2
By Red Siege | June 28, 2023
By: Justin Palk, Senior Security Consultant Continuing along with my occasional series looking at how to set up and use various C2 frameworks, this is a guide to Mythic C2. Developed […]Learn More