This presentation is intended to give the viewer insight into an approach to the vulnerability discovery and exploitation process. I'll cover a memory disclosure vulnerability and a stack-based buffer overflow I discovered that together can be abused to bypass stack cookies (/GS), SafeSEH (/SAFESEH), full process Address Space Layout Randomization (ASLR, /DYNAMICBASE) and High Entropy ASLR (HEASLR), Data Execution Prevention (DEP), Structured Exception Handler Overwrite Protection (SEHOP), and the Enhanced Mitigation Experience Toolkit 4.0 (EMET) to gain reliable code execution against a multitude of platforms, but with a focus on achieving reliability against Windows 8 x64.