Byoungyoung Lee is a PhD student at Georgia Tech. He has interests in both practical and academic software security research. He is one of the contributors of the DarunGrim project, a popular binary diffing tool. With this project, he runs the ExploitShop blog, which uncovers many different Microsoft patched vulnerabilities. He has spoken at Black Hat and Infosec Southwest before, and he also has actively participated in wargames and advanced to DEF CON CTF finals several times. He also loves to write fuzzers targeting various software products for bug bounties.
[Abstract] From stack overflows to use-after-free, memory corruption bugs have been one of most popular attack vectors to subvert a software system. In this talk, we introduce various instrumentation techniques to effectively identify memory corruption bugs with the help of compilers. Depending on different types of vulnerabilities, we will describe how each technique can/cannot identify the vulnerability, and present our recent research results on how to find new vulnerability types.