THANH ‘RED DRAGON’ NGUYEN (VNSECURITY)
PRESENTATION TITLE: PEDA: Polishing Up GDB for Exploit Development
In this presentation we will show how PEDA (Python Exploit Development Assistance for GDB) will help to turn GDB into a powerful tool for exploit development.
GDB is a de-facto, powerful source level debugger for Linux/Unix, but it was not designed for exploit development which usually involves time consuming tasks like searching and tracing for input, runtime inspection, construction of ROP gadgets and payload, bypassing exploit mitigation, etc. PEDA – a set of Python GDB scripts – was designed as a framework for interactive exploit development on Linux/Unix with many handy commands and ability to expand, customize easily to fit specific needs.
During this talk we will discuss various usage scenarios of PEDA for debugging, fuzzing, and building advanced exploits. Bring your laptops!
ABOUT THANH NGUYEN (RED DRAGON)
Thanh Nguyen is an independent security researcher with over 15 years of security experience in a wide range of technologies from high scalable & distributed architecture to low level OS development, bios, firmware, chipset and micro-architecture. Thanh was a security architect at Intel Corporation where he focused on securing and hacking of various key Intel next generation technologies including Silvermont Atom & SoC platforms, Intel vPro & Management Engine, Ivy bridge/Haswell microarchitecture & GPU… Thanh is the founder of VNSECURITY, CLGT Capture-The-Flag team and member of “The Hacker’s Choice”, which was the first group to e.g. crack A5 GSM in 2006 within a minute.
CO-PRESENTER: LONG LE
Long Le, CISA, is a security manager at one of the largest software outsourcing companies in Vietnam. He has been actively involved in computer security for more than 10 years since he and his friends founded the pioneer Vietnamese security research group VNSECURITY (http://vnsecurity.net). Described as neither a researcher nor a hacker, he loves playing wargames and Capture-The-Flag with the CLGT team in his spare time. He was also a speaker at various conferences including BlackHat USA, HackInTheBox, SyScan, PacSec.