Suche senden
Hochladen
Exploits & Mitigations - Memory Corruption Techniques
•
Als PPTX, PDF herunterladen
•
0 gefällt mir
•
787 views
C
Cysinfo Cyber Security Community
Folgen
Exploits & Mitigations - Memory Corruption Techniques
Weniger lesen
Mehr lesen
Software
Melden
Teilen
Melden
Teilen
1 von 16
Jetzt herunterladen
Empfohlen
証明駆動開発のたのしみ@名古屋reject会議
証明駆動開発のたのしみ@名古屋reject会議
Hiroki Mizuno
Scaling to Millions of Concurrent SPARQL Queries on the Cloud
Scaling to Millions of Concurrent SPARQL Queries on the Cloud
Marin Dimitrov
Building a Serverless Computation Environment with Python
Building a Serverless Computation Environment with Python
Ricardo Da Silva
9447 writeup reverse_rolling
9447 writeup reverse_rolling
Pu Lee
Terraform
Terraform
Adam Vincze
Intro to reverse engineering owasp
Intro to reverse engineering owasp
Tsvetelin Choranov
Advance ROP Attacks
Advance ROP Attacks
n|u - The Open Security Community
Erlang on OSv
Erlang on OSv
Zvi Avraham
Empfohlen
証明駆動開発のたのしみ@名古屋reject会議
証明駆動開発のたのしみ@名古屋reject会議
Hiroki Mizuno
Scaling to Millions of Concurrent SPARQL Queries on the Cloud
Scaling to Millions of Concurrent SPARQL Queries on the Cloud
Marin Dimitrov
Building a Serverless Computation Environment with Python
Building a Serverless Computation Environment with Python
Ricardo Da Silva
9447 writeup reverse_rolling
9447 writeup reverse_rolling
Pu Lee
Terraform
Terraform
Adam Vincze
Intro to reverse engineering owasp
Intro to reverse engineering owasp
Tsvetelin Choranov
Advance ROP Attacks
Advance ROP Attacks
n|u - The Open Security Community
Erlang on OSv
Erlang on OSv
Zvi Avraham
Introduction to Binary Exploitation
Introduction to Binary Exploitation
Cysinfo Cyber Security Community
ATM Malware: Understanding the threat
ATM Malware: Understanding the threat
Cysinfo Cyber Security Community
Elliptic curve cryptography
Elliptic curve cryptography
Cysinfo Cyber Security Community
Buffer overflow Attacks
Buffer overflow Attacks
Cysinfo Cyber Security Community
Dll preloading-attack
Dll preloading-attack
Cysinfo Cyber Security Community
Watering hole attacks case study analysis
Watering hole attacks case study analysis
Cysinfo Cyber Security Community
Dissecting Android APK
Dissecting Android APK
Cysinfo Cyber Security Community
Return address
Return address
Cysinfo Cyber Security Community
Format string vunerability
Format string vunerability
Cysinfo Cyber Security Community
Dynamic Binary Instrumentation
Dynamic Binary Instrumentation
Cysinfo Cyber Security Community
Homomorphic encryption
Homomorphic encryption
Cysinfo Cyber Security Community
Reversing malware analysis training part11 exploit development advanced
Reversing malware analysis training part11 exploit development advanced
Cysinfo Cyber Security Community
Advanced malware analysis training session11 part2 dissecting the heart beat ...
Advanced malware analysis training session11 part2 dissecting the heart beat ...
Cysinfo Cyber Security Community
Investigating Malware using Memory Forensics
Investigating Malware using Memory Forensics
Cysinfo Cyber Security Community
Advanced malware analysis training session3 botnet analysis part2
Advanced malware analysis training session3 botnet analysis part2
Cysinfo Cyber Security Community
Advanced malwareanalysis training session2 botnet analysis part1
Advanced malwareanalysis training session2 botnet analysis part1
Cysinfo Cyber Security Community
Reversing malware analysis training part6 practical reversing
Reversing malware analysis training part6 practical reversing
Cysinfo Cyber Security Community
Reversing malware analysis training part10 exploit development basics
Reversing malware analysis training part10 exploit development basics
Cysinfo Cyber Security Community
POS Malware: Is your Debit/Credit Transcations Secure?
POS Malware: Is your Debit/Credit Transcations Secure?
Cysinfo Cyber Security Community
Introduction to ICS/SCADA security
Introduction to ICS/SCADA security
Cysinfo Cyber Security Community
owasp lithuania chapter - exploit vs anti-exploit
owasp lithuania chapter - exploit vs anti-exploit
Kęstutis Meškonis
Buffer overflow attacks
Buffer overflow attacks
Japneet Singh
Weitere ähnliche Inhalte
Andere mochten auch
Introduction to Binary Exploitation
Introduction to Binary Exploitation
Cysinfo Cyber Security Community
ATM Malware: Understanding the threat
ATM Malware: Understanding the threat
Cysinfo Cyber Security Community
Elliptic curve cryptography
Elliptic curve cryptography
Cysinfo Cyber Security Community
Buffer overflow Attacks
Buffer overflow Attacks
Cysinfo Cyber Security Community
Dll preloading-attack
Dll preloading-attack
Cysinfo Cyber Security Community
Watering hole attacks case study analysis
Watering hole attacks case study analysis
Cysinfo Cyber Security Community
Dissecting Android APK
Dissecting Android APK
Cysinfo Cyber Security Community
Return address
Return address
Cysinfo Cyber Security Community
Format string vunerability
Format string vunerability
Cysinfo Cyber Security Community
Dynamic Binary Instrumentation
Dynamic Binary Instrumentation
Cysinfo Cyber Security Community
Homomorphic encryption
Homomorphic encryption
Cysinfo Cyber Security Community
Reversing malware analysis training part11 exploit development advanced
Reversing malware analysis training part11 exploit development advanced
Cysinfo Cyber Security Community
Advanced malware analysis training session11 part2 dissecting the heart beat ...
Advanced malware analysis training session11 part2 dissecting the heart beat ...
Cysinfo Cyber Security Community
Investigating Malware using Memory Forensics
Investigating Malware using Memory Forensics
Cysinfo Cyber Security Community
Advanced malware analysis training session3 botnet analysis part2
Advanced malware analysis training session3 botnet analysis part2
Cysinfo Cyber Security Community
Advanced malwareanalysis training session2 botnet analysis part1
Advanced malwareanalysis training session2 botnet analysis part1
Cysinfo Cyber Security Community
Reversing malware analysis training part6 practical reversing
Reversing malware analysis training part6 practical reversing
Cysinfo Cyber Security Community
Reversing malware analysis training part10 exploit development basics
Reversing malware analysis training part10 exploit development basics
Cysinfo Cyber Security Community
POS Malware: Is your Debit/Credit Transcations Secure?
POS Malware: Is your Debit/Credit Transcations Secure?
Cysinfo Cyber Security Community
Introduction to ICS/SCADA security
Introduction to ICS/SCADA security
Cysinfo Cyber Security Community
Andere mochten auch
(20)
Introduction to Binary Exploitation
Introduction to Binary Exploitation
ATM Malware: Understanding the threat
ATM Malware: Understanding the threat
Elliptic curve cryptography
Elliptic curve cryptography
Buffer overflow Attacks
Buffer overflow Attacks
Dll preloading-attack
Dll preloading-attack
Watering hole attacks case study analysis
Watering hole attacks case study analysis
Dissecting Android APK
Dissecting Android APK
Return address
Return address
Format string vunerability
Format string vunerability
Dynamic Binary Instrumentation
Dynamic Binary Instrumentation
Homomorphic encryption
Homomorphic encryption
Reversing malware analysis training part11 exploit development advanced
Reversing malware analysis training part11 exploit development advanced
Advanced malware analysis training session11 part2 dissecting the heart beat ...
Advanced malware analysis training session11 part2 dissecting the heart beat ...
Investigating Malware using Memory Forensics
Investigating Malware using Memory Forensics
Advanced malware analysis training session3 botnet analysis part2
Advanced malware analysis training session3 botnet analysis part2
Advanced malwareanalysis training session2 botnet analysis part1
Advanced malwareanalysis training session2 botnet analysis part1
Reversing malware analysis training part6 practical reversing
Reversing malware analysis training part6 practical reversing
Reversing malware analysis training part10 exploit development basics
Reversing malware analysis training part10 exploit development basics
POS Malware: Is your Debit/Credit Transcations Secure?
POS Malware: Is your Debit/Credit Transcations Secure?
Introduction to ICS/SCADA security
Introduction to ICS/SCADA security
Ähnlich wie Exploits & Mitigations - Memory Corruption Techniques
owasp lithuania chapter - exploit vs anti-exploit
owasp lithuania chapter - exploit vs anti-exploit
Kęstutis Meškonis
Buffer overflow attacks
Buffer overflow attacks
Japneet Singh
Failure Of DEP And ASLR
Failure Of DEP And ASLR
n|u - The Open Security Community
Object Oriented Exploitation: New techniques in Windows mitigation bypass
Object Oriented Exploitation: New techniques in Windows mitigation bypass
Sam Thomas
Varnish, The Good, The Awesome, and the Downright Crazy
Varnish, The Good, The Awesome, and the Downright Crazy
Mike Willbanks
Varnish, The Good, The Awesome, and the Downright Crazy.
Varnish, The Good, The Awesome, and the Downright Crazy.
Mike Willbanks
Efficient Bytecode Analysis: Linespeed Shellcode Detection
Efficient Bytecode Analysis: Linespeed Shellcode Detection
Georg Wicherski
You Call that Micro, Mr. Docker? How OSv and Unikernels Help Micro-services S...
You Call that Micro, Mr. Docker? How OSv and Unikernels Help Micro-services S...
rhatr
Varnish Cache
Varnish Cache
Mike Willbanks
Sintsov advanced exploitation in win32
Sintsov advanced exploitation in win32
DefconRussia
Invoke dynamic your api to hotspot
Invoke dynamic your api to hotspot
Boundary
Reverse engineering20151112
Reverse engineering20151112
Bordeaux I
Bh ad-12-stealing-from-thieves-saher-slides
Bh ad-12-stealing-from-thieves-saher-slides
Matt Kocubinski
Stealing from Thieves: Breaking IonCUBE VM to RE Exploit Kits
Stealing from Thieves: Breaking IonCUBE VM to RE Exploit Kits
Мохачёк Сахер
C++ in kernel mode
C++ in kernel mode
corehard_by
Louisville Infosec - Metasploit Class - Fuzzing and Exploit Development with ...
Louisville Infosec - Metasploit Class - Fuzzing and Exploit Development with ...
nullthreat
ROP 輕鬆談
ROP 輕鬆談
hackstuff
20190521 pwn 101_by_roy
20190521 pwn 101_by_roy
Roy
Jvm memory model
Jvm memory model
Yoav Avrahami
Livio slides-libflexsc-usenix-atc11
Livio slides-libflexsc-usenix-atc11
Livio Soares
Ähnlich wie Exploits & Mitigations - Memory Corruption Techniques
(20)
owasp lithuania chapter - exploit vs anti-exploit
owasp lithuania chapter - exploit vs anti-exploit
Buffer overflow attacks
Buffer overflow attacks
Failure Of DEP And ASLR
Failure Of DEP And ASLR
Object Oriented Exploitation: New techniques in Windows mitigation bypass
Object Oriented Exploitation: New techniques in Windows mitigation bypass
Varnish, The Good, The Awesome, and the Downright Crazy
Varnish, The Good, The Awesome, and the Downright Crazy
Varnish, The Good, The Awesome, and the Downright Crazy.
Varnish, The Good, The Awesome, and the Downright Crazy.
Efficient Bytecode Analysis: Linespeed Shellcode Detection
Efficient Bytecode Analysis: Linespeed Shellcode Detection
You Call that Micro, Mr. Docker? How OSv and Unikernels Help Micro-services S...
You Call that Micro, Mr. Docker? How OSv and Unikernels Help Micro-services S...
Varnish Cache
Varnish Cache
Sintsov advanced exploitation in win32
Sintsov advanced exploitation in win32
Invoke dynamic your api to hotspot
Invoke dynamic your api to hotspot
Reverse engineering20151112
Reverse engineering20151112
Bh ad-12-stealing-from-thieves-saher-slides
Bh ad-12-stealing-from-thieves-saher-slides
Stealing from Thieves: Breaking IonCUBE VM to RE Exploit Kits
Stealing from Thieves: Breaking IonCUBE VM to RE Exploit Kits
C++ in kernel mode
C++ in kernel mode
Louisville Infosec - Metasploit Class - Fuzzing and Exploit Development with ...
Louisville Infosec - Metasploit Class - Fuzzing and Exploit Development with ...
ROP 輕鬆談
ROP 輕鬆談
20190521 pwn 101_by_roy
20190521 pwn 101_by_roy
Jvm memory model
Jvm memory model
Livio slides-libflexsc-usenix-atc11
Livio slides-libflexsc-usenix-atc11
Mehr von Cysinfo Cyber Security Community
Understanding Malware Persistence Techniques by Monnappa K A
Understanding Malware Persistence Techniques by Monnappa K A
Cysinfo Cyber Security Community
Understanding & analyzing obfuscated malicious web scripts by Vikram Kharvi
Understanding & analyzing obfuscated malicious web scripts by Vikram Kharvi
Cysinfo Cyber Security Community
Getting started with cybersecurity through CTFs by Shruti Dixit & Geethna TK
Getting started with cybersecurity through CTFs by Shruti Dixit & Geethna TK
Cysinfo Cyber Security Community
Emerging Trends in Cybersecurity by Amar Prusty
Emerging Trends in Cybersecurity by Amar Prusty
Cysinfo Cyber Security Community
A look into the sanitizer family (ASAN & UBSAN) by Akul Pillai
A look into the sanitizer family (ASAN & UBSAN) by Akul Pillai
Cysinfo Cyber Security Community
Closer look at PHP Unserialization by Ashwin Shenoi
Closer look at PHP Unserialization by Ashwin Shenoi
Cysinfo Cyber Security Community
Unicorn: The Ultimate CPU Emulator by Akshay Ajayan
Unicorn: The Ultimate CPU Emulator by Akshay Ajayan
Cysinfo Cyber Security Community
The Art of Executing JavaScript by Akhil Mahendra
The Art of Executing JavaScript by Akhil Mahendra
Cysinfo Cyber Security Community
Reversing and Decrypting Malware Communications by Monnappa
Reversing and Decrypting Malware Communications by Monnappa
Cysinfo Cyber Security Community
DeViL - Detect Virtual Machine in Linux by Sreelakshmi
DeViL - Detect Virtual Machine in Linux by Sreelakshmi
Cysinfo Cyber Security Community
Analysis of android apk using adhrit by Abhishek J.M
Analysis of android apk using adhrit by Abhishek J.M
Cysinfo Cyber Security Community
Understanding evasive hollow process injection techniques monnappa k a
Understanding evasive hollow process injection techniques monnappa k a
Cysinfo Cyber Security Community
Security challenges in d2d communication by ajithkumar vyasarao
Security challenges in d2d communication by ajithkumar vyasarao
Cysinfo Cyber Security Community
S2 e (selective symbolic execution) -shivkrishna a
S2 e (selective symbolic execution) -shivkrishna a
Cysinfo Cyber Security Community
Dynamic binary analysis using angr siddharth muralee
Dynamic binary analysis using angr siddharth muralee
Cysinfo Cyber Security Community
Bit flipping attack on aes cbc - ashutosh ahelleya
Bit flipping attack on aes cbc - ashutosh ahelleya
Cysinfo Cyber Security Community
Security Analytics using ELK stack
Security Analytics using ELK stack
Cysinfo Cyber Security Community
Linux Malware Analysis
Linux Malware Analysis
Cysinfo Cyber Security Community
XXE - XML External Entity Attack
XXE - XML External Entity Attack
Cysinfo Cyber Security Community
Image (PNG) Forensic Analysis
Image (PNG) Forensic Analysis
Cysinfo Cyber Security Community
Mehr von Cysinfo Cyber Security Community
(20)
Understanding Malware Persistence Techniques by Monnappa K A
Understanding Malware Persistence Techniques by Monnappa K A
Understanding & analyzing obfuscated malicious web scripts by Vikram Kharvi
Understanding & analyzing obfuscated malicious web scripts by Vikram Kharvi
Getting started with cybersecurity through CTFs by Shruti Dixit & Geethna TK
Getting started with cybersecurity through CTFs by Shruti Dixit & Geethna TK
Emerging Trends in Cybersecurity by Amar Prusty
Emerging Trends in Cybersecurity by Amar Prusty
A look into the sanitizer family (ASAN & UBSAN) by Akul Pillai
A look into the sanitizer family (ASAN & UBSAN) by Akul Pillai
Closer look at PHP Unserialization by Ashwin Shenoi
Closer look at PHP Unserialization by Ashwin Shenoi
Unicorn: The Ultimate CPU Emulator by Akshay Ajayan
Unicorn: The Ultimate CPU Emulator by Akshay Ajayan
The Art of Executing JavaScript by Akhil Mahendra
The Art of Executing JavaScript by Akhil Mahendra
Reversing and Decrypting Malware Communications by Monnappa
Reversing and Decrypting Malware Communications by Monnappa
DeViL - Detect Virtual Machine in Linux by Sreelakshmi
DeViL - Detect Virtual Machine in Linux by Sreelakshmi
Analysis of android apk using adhrit by Abhishek J.M
Analysis of android apk using adhrit by Abhishek J.M
Understanding evasive hollow process injection techniques monnappa k a
Understanding evasive hollow process injection techniques monnappa k a
Security challenges in d2d communication by ajithkumar vyasarao
Security challenges in d2d communication by ajithkumar vyasarao
S2 e (selective symbolic execution) -shivkrishna a
S2 e (selective symbolic execution) -shivkrishna a
Dynamic binary analysis using angr siddharth muralee
Dynamic binary analysis using angr siddharth muralee
Bit flipping attack on aes cbc - ashutosh ahelleya
Bit flipping attack on aes cbc - ashutosh ahelleya
Security Analytics using ELK stack
Security Analytics using ELK stack
Linux Malware Analysis
Linux Malware Analysis
XXE - XML External Entity Attack
XXE - XML External Entity Attack
Image (PNG) Forensic Analysis
Image (PNG) Forensic Analysis
Kürzlich hochgeladen
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
Jittipong Loespradit
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
Willy Marroquin (WillyDevNET)
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
masabamasaba
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
panagenda
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
VictorSzoltysek
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
masabamasaba
The title is not connected to what is inside
The title is not connected to what is inside
shinachiaurasa2
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
Delhi Call girls
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
masabamasaba
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
Jhone kinadey
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK Software
Jim McKeeth
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto
masabamasaba
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Steffen Staab
Software Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
Arshad QA
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
masabamasaba
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
masabamasaba
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
masabamasaba
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
masabamasaba
Harnessing ChatGPT - Elevating Productivity in Today's Agile Environment
Harnessing ChatGPT - Elevating Productivity in Today's Agile Environment
VictorSzoltysek
Kürzlich hochgeladen
(20)
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
The title is not connected to what is inside
The title is not connected to what is inside
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK Software
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Software Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
Harnessing ChatGPT - Elevating Productivity in Today's Agile Environment
Harnessing ChatGPT - Elevating Productivity in Today's Agile Environment
Exploits & Mitigations - Memory Corruption Techniques
1.
Exploits and Mitigations Memory
Corruption Techniques Sameer Patil CysInfo
2.
Topics to cover •
Stack bof, DEP • ROP attacks and Mitigations • Heap Spray • Abusing vptrs • Use After Free • Flash exploitations • Heap Memory Management • Mitigations
3.
Virtual Memory Mapping
4.
Stack BOF • EIP
overwrite • Mitigation-> DEP
5.
ROP Attack • Defeat
DEP • Shifting the stack location • Chain of small gadgets Stack Pivot
6.
ROP Attack CODE 0x02010000: pop eax ret ... 0x02010020: pop
ebx ret ... 0x02010030: add eax, ebx ret ... ACTION eax = 1 ebx = 2 eax = eax + ebx
7.
ROP Mitigations • ASLR •
Stack limit check during API call (caller check) • API call using retn instruction • SimExecFlow
8.
Heap Spray • Introduced
by skylined • Overwrite EIP • Payload-> NOP + shellcode
9.
Virtual Functions and
vptrs
10.
Abusing vptrs
11.
Use after Free •
Dangling pointer • Addref() to keep count of direct references • Vulnerability- Replace object with another object
12.
Flash Exploitation (CVE-2014-1776) ROP chain
13.
Heap Memory Management •
Front-End Allocators – LookAside Lists – Low Fragmentation Heap • Back End Allocator – FreeLists
14.
Mitigations • Isolated Heap •
MemoryProtect • Vector and bytearray objects hardening • ROP mitigations
15.
References • Mechanism behind
IE CVE-2014-1776 • Heap Feng Shui in JavaScript • UBIQUITOUS FLASH, UBIQUITOUS EXPLOITS • kBouncer: Efficient and Transparent ROP Mitigation • Bypassing EMET 4.1
16.
Thank You!
Jetzt herunterladen