Breaking Payloads With Runtime Code Stripping and Image Freezing

Breaking Payloads With Runtime Code Stripping and Image Freezing

Black Hat via YouTube Direct link

Control Flow Recovery

15 of 29

15 of 29

Control Flow Recovery

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

Breaking Payloads With Runtime Code Stripping and Image Freezing

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 Securing Software (is hard!) Software bugs
  3. 3 Exploits and Payloads Initial stage gains program counter control
  4. 4 Loading the Payload
  5. 5 Breaking the Payload
  6. 6 Remove unused Functionality
  7. 7 "Modern" Software
  8. 8 Adobe Reader DLL Dependencies
  9. 9 Adobe Reader DLL Usage
  10. 10 Viber DLL Usage
  11. 11 Control Flow Graph (CFG)
  12. 12 Code Stripping: DLL CFGS
  13. 13 Code Stripping: mark used code
  14. 14 Code Stripping: remove unused code
  15. 15 Control Flow Recovery
  16. 16 Control Flow Graph Recovery
  17. 17 Kill Files
  18. 18 Kill Node (example 1)
  19. 19 DLL Injection
  20. 20 DLL Preloading . Strip code from dynamically loaded DLLS
  21. 21 Image Freezing
  22. 22 Hook Mem API in User Space
  23. 23 Function Whitelisting Static analysis is not sufficient
  24. 24 Whitelisting Functions...
  25. 25 CodeFreeze at Runtime
  26. 26 DemoServer.exe: Memory Overhead Unprotected
  27. 27 CodeFreeze Advantages
  28. 28 Current Limitations
  29. 29 Future Work: CFG from the Compiler

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.