03-21, 14:30–14:55 (Europe/Ljubljana), PA
Mid-2000s videogames are a great target for finding RCE exploits. They were written in a different era, when things like ASLR and DEP were still seen as useless luxuries that just tank performance. Besides, who is gonna go through the effort to set up a fuzzer for these ancient games?
In this talk we'll pick a classic 2000's game, go over the process of fuzzing the game's server with a very fancy snapshot fuzzer, and fuzzing the client with the dumbest possible bit-flipper I could write in an hour. Both of these approaches lead to bugs that we'll exploit for remote code execution.
Rick is a part of the Pwn2Own team "PHP Hooligans". He has competed in five editions of Pwn2Own, exploiting a wide range of targets including
routers, printers, and automotive targets. Aside from Pwn2Own, Rick is an avid CTF player, having competed as part of 0rganizers and ICC's team
Europe.