Crafting an Infoleak exploit - A Hands On tutorial
2025-10-21 , Schengen 1 & 2

"You do not find infoleaks, you create them" -Halvar Flake
In this hands-on 2 hour workshop we will learn how a memory corruption bug can be turned into both an RCE as well as an Infoleak bug to bypass ASLR. Students will work with a memory corruption vulnerability in a popular web server and turn it into an infoleak bug.


Memory corruption bugs don't always have to result in arbitrary code execution. Sometimes a memory corruption bug can be put to an entirely different purpose, in this case turning it into an Infoleak bug to bypass ASLR.

This workshop demonstrates how to make infoleak bugs happen seemingly from thin air. Students will work with a 12 year old vulnerability in a popular web server and turn it into a brand new Infoleak bug.

Outline
- Case study of an integer overflow bug in a popular web server.
- Understanding the chain of function calls and frames on the stack.
- Understanding the basis of an infoleak.
- Using GDB to hit trace black box binaries to analyse the sequence of function calls.
- Diverting the flow of functions after memory corruption to produce meaningful output.
- Populating the output with arbitrary values.
- Leaking the stack pointer address.
- Leaking libc base address.
- Putting the infoleak exploit together

The case study will be presented for X86 as well as ARM32 binaries.

Theory - 1 hour
Exercise - 1 hour

Students will be provided with a docker container with the necessary debugging and exploit development tools. Students are expected to bring a laptop with a working Docker installation.

Saumil is an internationally recognised speaker and instructor, having regularly presented at conferences like Blackhat, RSA, CanSecWest, PacSec, EUSecWest, Hack.lu, Hack-in-the-Box, Deepsec and others. He has authored two books titled "Web Hacking: Attacks and Defense" and "The Anti-Virus Book".

Saumil graduated with an M.S. in Computer Science from Purdue University, USA and a B.E. in Computer Engineering from Gujarat University. He spends his leisure time breaking software, flying kites, traveling around the world, and taking pictures.