Paging All Hackers: Virtual Memory Attacks

Presented at CactusCon 11 (2023), Jan. 28, 2023, 11 p.m. (60 minutes).

Memory paging is a foundational technology in modern computing environments, and a thorough understanding is a critical tool in any exploit developer’s toolkit. In this talk, we’ll explore paging from the ground up, building an awareness of the abundance of OS-level technologies that are enabled by paging. This understanding will serve us while covering approaches to exploitation, as well as while covering notable security attacks both relying on paging tricks and exploiting them. We’ll examine paging’s role both in advanced security features such as ASLR and authenticated pointers, as well as how paging infrastructure and its guarantees can be abused or circumvented by an attacker to gain remote code execution. We will also demonstrate several novel attacks on-stage, with an approachable explanation of exactly how we’re managing to carry out these attacks.

Presenters:

  • Phillip Tennen - Lead Engineer at Data Theorem
    Phillip Tennen is a lead engineer at Data Theorem and card-carrying operating systems nerd. His areas of interest include automated binary analysis, binary file formats, and building low-level systems. Building on top of his foundation as an iOS tweak developer, he plays a key role in Data Theorem's automated app analysis pipeline. He enjoys the piano and all varieties of dexterity games.

Links:

Similar Presentations: