I first got to see Matt Miller speak in person a few Bluehat's ago when he was talking about 'Temporal return addresses' . . . ah yes - the talk was entitled "Temporal Chronomancy" according to Mr. Shostack's blog and it was all the way back in 2005. The basic premise behind the talk was that there are various counters / timers etc. that reside in a processes memory space that at specific dates and times become interesting 'op-codes' that can be used by exploit writers to do interesting things . . . IF they performed their exploit at exactly the right time . . . the talk freaking blew my mind . . . it was perhaps the best / most memorable Bluehat talk I've ever seen.
Anyways - I told you that story to set some precedent for this one. Matt Miller works at Microsoft now - on my extended team and he recently spoke again at Bluehat v8 (didn't get to attend sadly) and he delivered a talk on Mitigations Unplugged where he goes into GS / DEP / ASLR etc. etc. You'll have to trust me that these are topics that he's more than qualified to speak about. 🙂 I haven't watched the video yet (it's 45 minutes) but I plan on making some time this week - if you have more free time than me - you should definitely check it out: http://technet.microsoft.com/en-us/security/dd285253.aspx
TIP: Be on the lookout for future blog posts from Matt over on the SVRD blog . . .