What would you do if you were given a binary service that contained multiple vulnerabilities and were told you must run and defend that binary for the next 3 days? And oh, by the way, you don’t get root, virtual machines, docker containers, firewall configs, or any other form of privileged access. This is exactly the challenge faced in elite attack/defense capture the flag competitions. Many of the lessons learned from these war-games can reveal new defensive opportunities in real world scenarios. This talk will discuss realistic strategies and techniques available in such a precarious defensive position. We will go far beyond simply finding bugs and patching them in the binary. For example, how might we analyze and filter network traffic without network, firewall, or root access? Could stack frame and heap allocation sizes be patched and why would that matter? How can we limit disk access as a regular user? What can we do to determine if we were exploited? All of these questions will be answered during the talk.
