Capturing 0Day Exploits With Perfectly Placed Hardware Traps

Explore a groundbreaking approach to cybersecurity in this Black Hat conference talk. Delve into a new cross-platform, hardware-assisted Control-Flow Integrity (CFI) method for mitigating control-flow hijack attacks on Intel architecture. Learn how this innovative technique leverages processor-provided features like the Performance Monitoring Unit (PMU) to detect and prevent abnormal branches in real-time, effectively blocking exploits before they gain execution. Discover the research methodology, results, and limitations of this approach, including novel solutions to major obstacles such as tracking Windows thread context swapping and configuring PMU interrupt delivery without triggering Microsoft's PatchGuard. Witness real-time demonstrations of preventing weaponized exploits targeting Windows and Linux x86-64 operating systems that typically bypass anti-exploit technologies like Microsoft's EMET tool. Gain insights into the performance impact and real-world applications of this technology, and explore topics such as exploit research, hardware assistance, branch prediction, and control flow integrity. Examine case studies, including double free Jscript and Flash hijack vulnerabilities, and consider future developments in exploit defenses, false positives, call site validation, and applications to microcontroller architectures like ARM.