Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Just-In-Time Code Reuse - The More Things Change, the More They Stay the Same

Black Hat via YouTube

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the concept of just-in-time code reuse and its implications for fine-grained address space layout randomization (ASLR) in this Black Hat USA 2013 conference talk. Delve into the design and implementation of a framework that challenges the effectiveness of fine-grained ASLR and simplifies exploit development on platforms combining standard ASLR and DEP. Learn how this novel attack strategy exploits memory disclosure to map application memory layouts, discover API functions and gadgets, and JIT-compile target programs within a script environment. Witness a real-world exploit demonstration against Internet Explorer on Windows 8, and examine extensive evaluations showcasing the practicality of just-in-time code reuse attacks. Gain insights into the potential limitations of fine-grained ASLR as a security measure and consider the implications for future cybersecurity strategies.

Syllabus

Introduction
Addressspace layout randomization
Finegrained addressspace layout randomization
Basic block randomization
JIT Rot Workflow
Challenges
Mapping Memory
Code Sequences
Combining Gadgets
Improvements
Page Mapping
Application Experiments
Application Experiments Results
Live Demo
Debug Output
Exploit
Redirect execution
More complex code
Current code
Stack pivot
DownloadExec payload
WinExec payload
WinExec redirection
PowerShell
CaffeineBed
Conclusion
Quick fixes
Summary

Taught by

Black Hat

Reviews

Start your review of Just-In-Time Code Reuse - The More Things Change, the More They Stay the Same

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.