Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

The Beast is in Your Memory

Black Hat via YouTube

Overview

Explore advanced techniques for bypassing modern control-flow integrity (CFI) mechanisms in this Black Hat conference talk. Delve into a comprehensive analysis of recently proposed CFI solutions, including kBouncer, ROPGuard, ROPecker, and CFI for COTS binaries. Learn how to transform existing exploits against Windows into stealthy attacks that evade detection by Windows EMET and other CFI techniques. Discover how a 1MB Windows library (kernel32.dll) can be leveraged to derive a Turing-complete gadget set using only call-preceded gadgets. Gain insights into runtime attacks, Return-Oriented Programming (ROP), and the evolution of CFI implementations. Examine the limitations of coarse-grained CFI proposals and understand the methodology for creating more sophisticated exploits. Conclude with a discussion on real-world exploitation techniques and future directions in CFI research.

Syllabus

Intro
Outline
Motivation
Runtime Attacks
Return-Oriented Programming (ROP) - Basic Idea
ROP Adversary Model/Assumptions
ROP Attack Technique: Overview
ROP Attack History - Selected
CFI Implementation based on Labels
Original CFI Proposal: Cons & Pros
Solution Proposals: "Coarse-Grained CFI" Making of practical for real-world deployment
General Idea
Heuristics: Reducing False Negatives
"Coarse-Grained" CFI Proposals
Policy 1: Call-Preceded Return Address
Policy 2: Chain of Short Sequences
Contribution
Taking the Most Restrictive Setting in Coarse Grained CFI
Our Methodology and Workflow
Turing-Complete Gadget Set in kernel32.dll
Turing-Complete Gadget Set (contd.)
Long NOP Gadget
EMET'S ROP Mitigations
Related Attacks
Real-World Exploitation
Conclusion and Future Work

Taught by

Black Hat

Reviews

Start your review of The Beast is in Your Memory

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.