(sponsors - cutscene) Security BSides Athens 2020

So hello again. My name is Vassilis Papaioannou, and this will be my second speech for BSides Athens. The subject will be about exploiting application local logic. So let me start by describing the setting. We have an application which is fully protected against standard memory-based attacks such as buffer overflows or other similar memory corruptions. So let's assume we have our application binary, and it's protected with full DEP, ASLR, stack canaries, CFI, and all the relevant exploit mitigations. And we're using a modern operating system like the current Windows 10, modern browser, or relevant architecture. So, even if an attacker finds a way to exploit a memory corruption vulnerability, they cannot execute arbitrary code because all of these defenses stop them.