The semantics of attacking C/C++ metadata have been well documented
with the majority of attacks being known for over a decade. In
this time the loyal opposition have developed semi-effective
methodologies for addressing language-based issues such as ASLR, NX, et
cetera. Furthermore the popularity of interpreted and managed languages
continues to increase, which ultimately decreases the volume of deployed
unmanaged code.
This of course begs the question, what is the future of insecurity? This
talk implies that at least the partial answer lay in a shift in paradigm
of thinking, in where the actual application becomes an interface to the
interpreter or virtual machine-- almost all of which are written in
unmanaged code. This talk is intended as a first in a series and will
focus on memory corruption bugs in PERL & Python and their respective
call stacks.