The Info Leak Era on Software Exploitation

Presented at Black Hat USA 2012, July 25, 2012, 2:15 p.m. (60 minutes)

Previously, and mainly due to application compatibility. ASLR has not been as effective as it has been expected. Nowadays, once some of the problems to fully deploy ASLR has been solved, it has become the key mitigation preventing reliable exploitation of software vulnerabilities. Defeating ASLR is a hot topic in the exploitation world.

During this talk, it will be presented why other mitigations without ASLR are not strong ones and why if you defeat ASLR you mainly defeat the rest of them. Methods to defeat ASLR had been fixed lately and the current way for this is using information leak vulnerabilities.

During this talk it will be presented several techniques that could be applied to convert vulnerabilities into information leaks: Creating an info leak from a partial stack overflow Creating an info leak from a heap overflow with heap massaging Creating an info leak from an object though non virtual calls Member variables with function pointers Write4 pointers Freeing the wrong object Application specific info leaks: CVE-2012-0769, the case of the perfect info leak Converting an info leak into an UXSS


Presenters:

Links:

Similar Presentations: