Explore the concept of just-in-time code reuse and its implications for fine-grained address space layout randomization (ASLR) in this Black Hat USA 2013 conference talk. Delve into the design and implementation of a framework that challenges the effectiveness of fine-grained ASLR and simplifies exploit development on platforms combining standard ASLR and DEP. Learn how this novel attack strategy exploits memory disclosure to map application memory layouts, discover API functions and gadgets, and JIT-compile target programs within a script environment. Witness a real-world exploit demonstration against Internet Explorer on Windows 8, and examine extensive evaluations showcasing the practicality of just-in-time code reuse attacks. Gain insights into the potential limitations of fine-grained ASLR as a security measure and consider the implications for future cybersecurity strategies.
Just-In-Time Code Reuse - The More Things Change, the More They Stay the Same
Overview
Syllabus
Introduction
Addressspace layout randomization
Finegrained addressspace layout randomization
Basic block randomization
JIT Rot Workflow
Challenges
Mapping Memory
Code Sequences
Combining Gadgets
Improvements
Page Mapping
Application Experiments
Application Experiments Results
Live Demo
Debug Output
Exploit
Redirect execution
More complex code
Current code
Stack pivot
DownloadExec payload
WinExec payload
WinExec redirection
PowerShell
CaffeineBed
Conclusion
Quick fixes
Summary
Taught by
Black Hat
