The presentation discusses the utilization of undefined behavior paths to find vulnerabilities in software and provides suggestions for programmers, compiler developers, and fund hunters.
- Undefined behavior paths can be utilized to find vulnerabilities in software
- Suggestions for programmers include understanding and defending against undefined behavior and utilizing defined behavioral warnings
- Compiler developers should provide more accurate and useful undefined behavioral warnings
- Fund hunters can benefit from defined behavioral information
- An anecdote is provided to illustrate the point of utilizing undefined behavior paths
- The presentation concludes with suggestions for programmers, compiler developers, and fund hunters
The presentation provides an example of utilizing undefined behavior paths to achieve remote code execution on a Chrome browser with a single undefined behavior. The vulnerability was found in the IDB open DB request object, which allowed for control of the value of EAX reduction and ultimately control of EIP. The presentation also discusses the use of Git to produce a few volumes and the encoding of XOR and EX instructions in shell code.