Talk Intermediate 10:00 - 11:00 August 14, 2022

Cezary Cerekwicki

Your memory-safe stack is not memory-safe at all. For instance, many popular Python libraries have substantial amounts of memory-unsafe code. Python is not unique here. You can find some potential for memory safety bugs in practically every software stack. If three simple, realistic conditions are met, you may have an RCEs waiting to be found. Let me tell you how I dealt with such a case. It’s a story of an actual attack against an open-source software used in production by my employer to process content served to millions of users. All 30 zero-days found have been responsibly disclosed and fixed. I will provide guidance on how to find patterns like this in your stack and fix it.

Cezary Cerekwicki

Head of Product Security at Opera Software

Responsible for the AppSec program, covering all Opera products globally. Spiritual leader of security champions. Vacation approver of penetration testers. Bug bounty distributor. Holder of some certificates. Occasionally hacks things.