Overview
Explore an advanced automated memory layout manipulation technique in this Black Hat conference talk. Learn how attackers can identify system calls tied to objects of interest and automatically assemble them to adjust memory layout for exploitation. Discover the intricacies of SLAB cache, free vulnerabilities, and challenges in memory manipulation. Follow the roadmap to understand the solution, including victim objects, spray objects, call graphs, and kernel noise. Examine SLAB layout cases, tricks, and problems encountered. Evaluate the technique through demonstrations on the Linux kernel and discuss general mitigation approaches. Gain insights into user perspectives and potential applications of this powerful memory manipulation method.
Syllabus
Introduction
SLAB Cache
Free Vulnerability
Challenges
Roadmap
Solution
Solution Filter
Victim Object
Spray Object
Call Graph
Kernel Noise
SLAB Layout
Case 1 Unoccupied
Case 1 Side Effect
Case 2 Tricks
Case 2 Problem
The Solution
The Third Step
The First Problem
The Third Problem
Evaluation
Demo
Linux Kernel
General Mitigation Approach
Summary
Conclusion
Not the same size
Merge
User Perspective
PA
Taught by
Black Hat