Mid-2000s videogames are a great target for finding RCE exploits. They were written in a different era, when things like ASLR and DEP were still seen as useless luxuries that just tank performance. Besides, who is gonna go through the effort to set up a fuzzer for these ancient games?

In this talk we'll pick a classic 2000's game, go over the process of fuzzing the game's server with a very fancy snapshot fuzzer, and fuzzing the client with the dumbest possible bit-flipper I could write in an hour. Both of these approaches lead to bugs that we'll exploit for remote code execution.