Time: 1:00 PM - 4:30 PM
Speaker: Johnny Cuzzola, Director of Information Security, Thompson Rivers University
IMPORTANT: This workshop requires a minimum of 5 participants to proceed. Only coffee break is included with the workshop fee.
Session Overview:
In this demonstration, we will examine the anatomy of a buffer overflow - a foundational software vulnerability that continues to appear even amid modern hardware protections and advanced programming languages. We will walk through the lifecycle of a buffer overflow scenario: identifying the underlying flaw, understanding how an attacker could craft an exploit, and exploring how such an attack can compromise a remote service. Along the way, we will consider whether these vulnerabilities are becoming more or less prevalent today and review the defensive mechanisms that have evolved since the technique was first described in 1972.
Audience:
This is a technical presentation best suited for participants with familiarity in C programming and basic assembly language. Attendees should have a general understanding of networking fundamentals, software development, and either Linux or Windows operating systems. The session will be particularly valuable for those interested in penetration testing, as well as those with backgrounds in computer science, software engineering, IoT or embedded system design, and anyone who is cybersecurity-curious and eager to deepen their understanding of low-level vulnerabilities.
By the end of this session, attendees will understand:
(1) The historical evolution of buffer overflows and the ongoing interplay between offensive techniques and defensive countermeasures.
(2) The art and science behind buffer overflows through a guided, conceptual exploration of how custom exploits are constructed.
(3) The differing levels of risk posed by buffer overflow vulnerabilities across traditional IT systems, IoT/OT environments, and embedded infrastructure.
Prerequisites:
There are no prerequisites. Ideally, attendees should have a general understanding of networking fundamentals, software development, and either Linux or Windows operating systems.