Greenwaves and Ham

This talk is about how an unauthenticated heap-based buffer overflow vulnerability was discovered and exploited within a router distributed by a market-leading ISP. Despite the targeted process utilizing mitigations such as DEP and ASLR, it still fell prey to known exploitation techniques. This talk will go over the thought process, failures, and road-blocks that were encountered and how they were overcame. The audience should walk away with a clear understanding of how to find ideal exploit primitives within their targeted device for heap-based vulnerabilities.

Bio: Elvis is a Senior Researcher on Exodus Intelligence’s 0day team. Prior to Exodus, he worked at TippingPoint DVLabs where he researched submissions to the world’s largest and most diverse bug bounty program and developed filters for them. After DVLabs, Elvis worked as a consultant for Praetorian performing penetration tests for large manufacturers of embedded devices. While at Exodus, Elvis has developed a good amount of 0day exploits against market leading routers, firewalls, and smart devices.