This lecture wants to make the audience a bit more familiar with a species of bugs that is not yet as boring and overfished as your vanilla buffer overflow: concurrency issues. Bring your debugger and some rubber gloves, because when investigating these beasts, you will need them. Concurrency of operation can be found in most larger software systems; think multi-threading, think UNIX signals, think asynchronous I/O operations, to give just a few hints. However, since concurrency always adds complexity in non-obvious ways, there are all kinds of things that it can make go wrong. Usually, this boils down to the violation of assumptions the system's developers have made - and violated assumptions have always been a hacker's best friend. After a brief introduction to what concurrency issues actually are, this presentation will show how to approach finding and exploiting these issues in software systems and highlight some of the challenges the nosy hacker faces in doing so. The presented material will be supported by examples from real-world software.
Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.
Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.