Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Exploiting Adobe Flash Player in the Era of Control Flow Guard

Black Hat via YouTube

Overview

Explore advanced exploitation techniques for Adobe Flash Player in the context of Control Flow Guard (CFG) protection. Delve into the challenges posed by CFG implementation on Windows 8.1 and Windows 10, and discover innovative approaches to bypass this security measure. Learn about leveraging the Flash Player's JIT compiler to circumvent CFG, and understand the subsequent hardening measures implemented by Microsoft and Adobe. Examine three practical data-only attacks that avoid CFG restrictions, including a method to execute arbitrary commands without shellcode or ROP. Gain insights into the difficulties of detecting and protecting against these sophisticated data-only attacks. While focusing on Flash Player vulnerabilities, acquire knowledge of techniques applicable to exploiting other software on CFG-enabled systems.

Syllabus

Intro
Agenda
Overview of CFG
CVE-2015-0311 Overview
Control flow hijacking attempt detected!
Approaches
Flash JIT compiler
Leveraging the JIT compiler to bypass CFG
Current status
JIT hardening
Data-only attacks: related work
The Security Settings object
Gaining (unauthorized) access to the camera & mic
From Remote sandbox to Local Trusted sandbox
Executing commands without shellcode nor ROP
Crafted state
Thank you!

Taught by

Black Hat

Reviews

Start your review of Exploiting Adobe Flash Player in the Era of Control Flow Guard

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.