Explore advanced techniques for bypassing Control Flow Guard in Windows 10 through this conference talk from Louisville Infosec 2015. Delve into memory corruption, attack prevention strategies, and the intricacies of Control Flow Integrity. Learn about the need for relaxed control flow, performance impacts, and sample programs demonstrating guard checks. Discover security research methodologies, bypass techniques, and the role of Windows operations in coarse-grain protection. Examine virtual protect mechanisms, Flash vulnerabilities, and generic bypass methods. Investigate stack desynchronization, the "Jackpot Pattern," and censored slides revealing critical insights. Gain valuable recommendations for enhancing system security and participate in a Q&A session to deepen your understanding of these complex cybersecurity concepts.
Overview
Syllabus
Intro
Who are we
Motivation
Limitations
Summary
Memory Corruption
Stop Attacks
Conclusion
Control Flow Integrity
Need for Relaxed Control Flow
Should you use it
What it does
Impact on performance
Sample program
Guard check
Program crash
What does CFG allow
How to do security research
Whats the key
How do we bypass
Does it take time
Windows Ops
Coarse Grain
Virtual Protect
Flash
Black Hat
Generic Bypass
Stack Do Sink
How Did We Get The Tip
The Problem
Desynchronization
Stack Dsync
Research
Stack Sinking
Jackpot Pattern
More censored slides
Whats interesting
In summary
Recommendations
Questions
Related Courses
-
Bypass Control Flow Guard Comprehensively
-
How to Survive the Hardware Assisted Control-Flow Integrity Enforcement
-
Exploiting Adobe Flash Player in the Era of Control Flow Guard
-
Hardware-Assisted Fine-Grained Control-Flow Integrity - Adding Lasers to Intel's CET/IBT
-
Never Let Your Guard Down - Finding Unguarded Gates to Bypass Control Flow Guard with Big Data
-
Back to the Epilogue - How to Evade Windows' Control Flow Guard with Less than 16 Bytes
