Explore a groundbreaking method to bypass 64-bit Linux ASLR in this 57-minute Black Hat conference talk. Delve into "return-to-csu," a generic technique that exploits code silently attached to target applications, making it universally applicable. Understand the Linux ASLR landscape, examine the attached code's significance, and learn how to execute controlled calls and build the final attack. Investigate ways to make the return-to-csu attack profitable, discuss potential mitigations and solutions, and gain valuable insights into this innovative security bypass method presented by Hector Marco-Gisbert and Ismael Ripoll.
Overview
Syllabus
Intro
Motivation
Overview
Brief of the Linux ASLR
The real battlefield: The Attached code
2. The real battlefield: Why it is attached to the exec?
Return-to-csu: 64-bit ASLR bypass
3. Return-to-csu: A controlled call
3. Return-to-csu: looking for a destination
black hat 3. Return-to-csu: Building the final attack
Making return-to-csu attack profitable
Mitigations and solutions
Conclusions and Black Hat Sound Bytes
Taught by
Black Hat
