Bypass Control Flow Guard Comprehensively

Presented at Black Hat USA 2015, Aug. 6, 2015, 12:10 p.m. (50 minutes).

Control Flow Guard (CFG) is an exploit mitigation technique that Microsoft enabled in Windows 8.1 Update 3 and Windows 10 technical preview. CFG checks the target of indirect call and raises an exception if the target is invalid, thus preventing a vital step of many exploit techniques.

This talk analyses the weak-point of CFG and presents a new technique that can be used to bypass CFG comprehensively and make the prevented exploit techniques exploitable again. Furthermore, this technique is based on a generic capability, thus more exploit techniques can be developed from that capability.


Presenters:

  • Yunhai Zhang - NSFOCUS
    Yunhai Zhang is a security researcher of NSFOCUS security team. He has worked on computer security for 10 years. He won the Microsoft Mitigation Bypass Bounty in 2014.

Links:

Similar Presentations: