Static PIE: How and Why

Presented at DerbyCon 6.0 Recharge (2016), Sept. 25, 2016, 1 p.m. (50 minutes).

Self-relocating executables without external dependencies (static PIE) have been an area of interest in embedded systems and defensive security research inside OpenBSD. We will explore how to create these binaries, how they are currently being used in defensive security, and novel offensive applications involving code execution in highly restricted environments. We will then demonstrate a new Metasploit payload that reflectively injects itself into running Linux processes.

Presenters: