The Power of Data-Oriented Attacks: Bypassing Memory Mitigation Using Data-Only Exploitation Techniques
As Control Flow Integrity (CFI) enforcement solutions are widely adapted by major applications, traditional memory vulnerability exploitation techniques aiming to hijack the control flow have become increasingly difficult. For example, Microsoft’s Control Flow Guard (CFG) is an effective CFI solution against traditional memory exploits. However, due to the CFG implementation limitations, we have seen new exploitation techniques such as using the unprotected ret instruction to bypass CFG.
by Bing Sun, Chong Xu and Stanley Zhu
Full Abstract & Presentation Materials: https://www.blackhat.com/asia-17/briefings.html#the-power-of-data-oriented-attacks-bypassing-memory-mitigation-using-data-only-exploitation-techniques