Mastering Golang: Unleashing the Power and Perils (mostly perils) of Concurrency | Ilja Van Sprundel

August 10 | 4:00pm - 5:00pm

ABSTRACT:

In this presentation, we delve into the intricate world of concurrency in Golang applications. As internet-powered technologies advance, the potential for concurrency-related security vulnerabilities increases, posing significant risks. My presentation, ' Exploiting concurrency issues in Golang applications for fun and profit ' explores the discovery, analysis, and exploitation of these concurrency issues, providing a comprehensive understanding of their implications.

We begin by outlining effective methodologies for identifying concurrency flaws within Golang environments, emphasizing automated tools and manual inspection techniques. Following the discovery phase, we assess the severity and exploitability of these issues through in-depth analysis and real-time demonstrations. A key highlight includes a live demonstration of an exploit, illustrating how seemingly minor concurrency errors can lead to severe security breaches.

The session culminates with actionable advice on best practices for developing robust, concurrency-issue-free Golang code.

Ilja Van Sprundel, Senior Director of Operating Systems

Ilja van Sprundel is experienced in exploit development, OS security, and network and application testing. As IOActive's Senior Director of Operating Systems Security he performs primarily gray-box penetration testing engagements on mobile (specializing in iOS) and runtime (specializing in Windows kernel) applications that require customized fuzzing and source code review, identifying system vulnerabilities and designing custom security solutions for clients in technology development, telecommunications, and financial services.

He specializes in the assessment of low-level kernel code and architecture/infrastructure design, having security reviewed literally hundreds of thousands of lines of code. However, as a Director, he also functions in a managerial capacity by overseeing penetration testing engagements, providing oversight regarding technical accuracy, serving as the point of contact between technical consultants and technical stakeholders, and ensuring that engagements are delivered on time and in alignment with customer's expectations.

Ilja also is responsible to mentor and guide Associate-level consultants as they grow both their penetration testing and general consulting skillsets. He is the driver behind the team's implementation of cutting-edge techniques and tools, guided by both research and successful exploits performed during client engagements.

Ilja won the 21c3 Stack Smashing content and is a member of the Netric security research group. He also is an ongoing and regular contributor to the security industry's knowledge base by way of giving numerous publications and publishing many important security advisories.