Rating is available when the video has been rented.
This feature is not available right now. Please try again later.
Uploaded on Oct 25, 2011
Speakers: James Oakley and Sergey Bratus
Date: January 29, 2011
Event: Shmoocon 2011, hacker/infosec conference in Washington, DC, keynoted this year by Peiter 'Mudge' Zatko, a senior DARPA project manager.
Sponsors: Many software and security companies such as Microsoft,
Two-line abstract: The exception handling mechanism present in all recent GCC-compiled executables is based on the DWARF standard. It is ubiquitously used but not well-understood, and in fact contains a Turing-complete bytecode virtual machine. We show how this bytecode can be changed to contain a Trojan payload with no native binary code.