Protecting C++ [Russian]

  • Stream 1
  • Intramural
  • 15:00
  • RU

In this article
https://imgur.com/gallery/huZRM
the author discusses comparison of C++ with different kinds of weapons. We can compare C++ with nunchucks: in experienced hands this is an effective tool however for newbie this might be dangerous for health.
What dangers are hidden behind "unsafe" label? The long answer will cover several directions, one of them being cybersecurity.
In this talk we will look at C/C++ code exploits:
* executing shell-code on stack
* return to libc
* overwriting vptr
* heap overrun
But we will focus on means of preventions from suck kind of attacks:
* canary on stack
* ASLR
* non-executable regions
* testing and sanitizers
* fuzzing
* SDL processes

Presentation

Pavel Filonov

Research Development Team Lead, Kaspersky Lab, Moscow, Russia

Look The Report Video