The Power of Data-Oriented Attacks

Дата: 08.01.2020. Автор: CISO CLUB. Категории: Подкасты и видео по информационной безопасности

The Power of Data-Oriented Attacks: Bypassing Memory Mitigation Using Data-Only Exploitation Techniques

As Control Flow Integrity (CFI) enforcement solutions are widely adapted by major applications, traditional memory vulnerability exploitation techniques aiming to hijack the control flow have become increasingly difficult. For example, Microsoft’s Control Flow Guard (CFG) is an effective CFI solution against traditional memory exploits. However, due to the CFG implementation limitations, we have seen new exploitation techniques such as using the unprotected ret instruction to bypass CFG.

by Bing Sun, Chong Xu and Stanley Zhu

Full Abstract & Presentation Materials: https://www.blackhat.com/asia-17/briefings.html#the-power-of-data-oriented-attacks-bypassing-memory-mitigation-using-data-only-exploitation-techniques

CISO CLUB

Об авторе CISO CLUB

Редакция портала cisoclub.ru. Добавляйте ваш материал на сайт в разделе "Разместить публикацию".
Читать все записи автора CISO CLUB

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *