Write Once, Pwn Anywhere

Presented at Black Hat USA 2014, Aug. 7, 2014, 9 a.m. (60 minutes)

Modern Windows use mitigation techniques such as DEP and ASLR to mitigate exploitation. The combination of ASLR and DEP have been proven to be a solid shield in most cases. Mitigation bypass is always one of the hottest topic in the security community. This presentation contains two kind of new DEP bypass techniques, two kind of new ASLR bypass techniques, and many lesser known exploration skills. These techniques don't need ROP, JIT, third-party plugins or Non-ASLR modules. They are OS-independent, even CPU-independent in some cases. So exploits can easily "Write Once, Pwn Anywhere" now. These techniques are fairly different from traditional exploit technique. So they may also be difficult to detect and identify if you don't know them.

Presenters:

• Yang Yu - Tencent, Inc.
  YANG is Director of Security Lab at Mobile Internet Group of Tencent. He has more than a decade of experience researching and working in the computer security space. He has spoken at many security conferences in the past, on different topics at CanSecWest, HITCon, XCon, and etc. He is also a $100,000 Microsoft Mitigation Bypass bounty winner.

Links:

• https://www.blackhat.com/us-14/archives.html#write-once-pwn-anywhere
• https://infocon.org/cons/Black Hat/Black Hat USA/Black Hat USA 2014/video/Write Once, Pwn Anywhere.mp4
• https://www.youtube.com/watch?v=_z647GBTSlk
• https://www.blackhat.com/docs/us-14/materials/us-14-Yu-Write-Once-Pwn-Anywhere.pdf
• https://www.blackhat.com/docs/us-14/materials/us-14-Yu-Write-Once-Pwn-Anywhere-wp.pdf

Similar Presentations:

• ToorCon San Diego 16 (2014) / EMET 5.0 - armor or curtain?
• 31C3 (2014) / EMET 5.1 - Armor or Curtain?
• DeepSec 2014 „Do you want to know more?“ / Reliable EMET Exploitation