Mateusz “j00ru” Jurczyk
Mateusz is a big fan of memory corruption. His main areas of interest are client software security, vulnerability exploitation and mitigation techniques, and delving into the darkest corners of low-level kernel internals with a very strong emphasis on Microsoft Windows. He is currently working as an Information Security Engineer at Google.
Beyond MOV ADD XOR – the unusual and unexpected in x86.
Intel x86 and the derived AMD64 architecture families are by far the most widespread and commonly known ones, powering millions and millions of desktop PCs, server racks and even some mobile devices. Although understanding low-level X86 assembly code has been subject to extensive study by hobbyists, professional reverse engineers and exploit developers alike, the research typically covers only a small subset of both instruction set and features the architecture has to offer. In this presentation, we will address numerous interesting, often security-relevant tidbits, unpopular features and unusual behaviors that we have came across during our journey through the manuals, books and research papers, as well as our own experience. Basic knowledge of x86 assembly and its execution environment is highly recommended.