Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

How to Survive the Hardware Assisted Control-Flow Integrity Enforcement

Black Hat via YouTube

Overview

Dive deep into Intel Control-flow Enforcement Technology (CET) and its implementation on Windows 10 x64 operating systems in this comprehensive Black Hat conference talk. Explore software-based control-flow integrity enforcement techniques like Microsoft Control Flow Guard (CFG) and Return Flow Guard (RFG). Examine the principles of Intel CET's shadow stack and Indirect Branch Tracking (IBT). Investigate CET implementation on Windows 10, including shadow stack setup and switching. Discover potential methods for achieving control-flow hijacking when CET is enabled, with demonstrations of discussed attacks. Analyze vulnerable code in various scenarios, such as unwind handler hijacking, frame consolidation unwind callback routine hijacking, and thread context hijacking in exception unwind processes. Gain valuable insights into hardware-assisted control-flow integrity enforcement and learn strategies to navigate its challenges.

Syllabus

Intro
Software-based Control-flow Integrity Enforcement - Microsoft Control Flow Guard (CFG)
Software-based Control-flow Integrity Enforcement - Microsoft Return Flow Guard (RFG)
Intel Control-flow Enforcement Technology - The Principle of Shadow Stack
Intel Control-flow Enforcement Technology - The Principle of IBT.
Intel CET Implementation on Windows 10 - Shadow Stack Setup in
Shadow Stack Switching in Switch ToFiberContext
Control-flow Hijacking and ACE on Windows 10 with CET enabled - Possible Ways to Circumvent CET
with CET enabled - CFG Bypass by Abusing Ldrpwork Mechanism
10 with CET enabled - Vulnerable Code Analysis of Unwind Handler Hijacking
Control-flow Hijacking and ACE on Windows 10 with CET enabled - Vulnerable Code Analysis of Frame Consolidation Unwind Callback Routine Hijacking
Control-flow Hijacking and ACE on Windows 10 with CET enabled - Vulnerable Code Analysis of Thread Context Hijacking in Exception Unwind Process
Control-flow Hijacking and ACE on Windows 10 with CET enabled - Thread Context Hijacking in Exception Unwind Process

Taught by

Black Hat

Reviews

Start your review of How to Survive the Hardware Assisted Control-Flow Integrity Enforcement

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.