hack::soho | Exploring Concurrency Issues in Golang Apps for Fun & Profit | Ilja van Sprundel

Join us for an evening of fun at this month’s hack::soho taking place 28 November, 6pm – 9pm GMT, set up to be a loose networking environment where cyber security professionals can chat, get some complimentary food & drink, and discuss rising global trends. This month’s hack::soho will feature a talk, ‘Exploring Concurrency Issues in Golang Applications for Fun and Profit’ from Ilja van Sprundel, IOActive Senior Director of Operating Systems Security. The abstract of the talk is below!

hack::soho is a monthly event hosted at our London, UK office for the cybersecurity and hacking community to discuss all things security over food and refreshments. We welcome you to invite others in your circle to extend our collective network.

ABSTRACT
In this presentation, we delve into the intricate world of concurrency in Golang applications. As internet-powered technologies advance, the potential for concurrency-related security vulnerabilities increases, posing significant risks. My presentation, ‘Exploring concurrency issues in golang applications for fun and profit,’ explores the discovery, analysis, and exploitation of these concurrency issues, providing a comprehensive understanding of their implications.

We begin by outlining effective methodologies for identifying concurrency flaws within Golang environments, emphasizing automated tools and manual inspection techniques. Following the discovery phase, we assess the severity and exploitability of these issues through in-depth analysis and real-time demonstrations. A key highlight includes a live demonstration of an exploit, illustrating how seemingly minor concurrency errors can lead to severe security breaches.

The session culminates with actionable advice on best practices for developing robust, concurrency-issue-free Golang code.

Ilja van Sprundel, Senior Director of Operating Systems Security
Ilja van Sprundel is experienced in exploit development and network and application testing and assessing. As IOActive’s Sr. Director of Operating Systems Security, he performs primarily white-box code reviews and grey-box penetration testing engagements that require customized fuzzing and source code review, identifying system vulnerabilities, and designing custom security solutions for clients in technology development telecommunications, and financial services. van Sprundel specializes in the assessment of low-level code, having security reviewed literally millions of lines of code. However, as a Director, he also functions in a managerial capacity by overseeing penetration testing engagements, providing oversight regarding technical accuracy, serving as the point of contact between technical consultants and technical stakeholders, and ensuring that engagements are delivered on time and in alignment with customer’s expectations. van Sprundel also is responsible to mentor and guide Associate-level consultants as they grow both their penetration testing and general consulting skillsets. He is the driver behind the team’s implementation of cutting-edge techniques and tools, guided by both research and successful exploits performed during client engagements.