Steve Povolny, Senior Security Researcher, HP DVLabs
Vulnerabilities that exist in today’s commercial and custom software are the primary target for attackers. The most severe of these vulnerabilities are those that can result in remote code execution – that is an attacker can take complete control of another system for the purposes of stealing information, defacing property or just causing trouble. In this session, Brian Gorenc, will demonstrate how to analyze a vulnerability and the steps required to weaponize it. Centering on a vulnerability in a Microsoft application, the demo will show you how an attacker can quickly move from proof-of-concept to remote code execution. The discussion will also include thoughts on mitigation strategies for reducing risk.