The Info Leak Era Software Exploitation

Channel:
United States All Hacking Cons
Subscribers:
5,970
Published on ● Video Link: https://www.youtube.com/watch?v=n_5dq27dZGE


Duration: 50:46
5 views
0

Previously, and mainly due to application compatibility. ASLR has not been as effective as it has been expected. Nowadays, once some of the problems to fully deploy ASLR has been solved, it has become the key mitigation preventing reliable exploitation of software vulnerabilities. Defeating ASLR is a hot topic in the exploitation world.

During this talk, it will be presented why other mitigations without ASLR are not strong ones and why if you defeat ASLR you mainly defeat the rest of them. Methods to defeat ASLR had been fixed lately and the current way for this is using information leak vulnerabilities.

During this talk it will be presented several techniques that could be applied to convert vulnerabilities into information leaks:

Creating an info leak from a partial stack overflow
Creating an info leak from a heap overflow with heap massaging
Creating an info leak from an object though non virtual calls
Member variables with function pointers
Write4 pointers
Freeing the wrong object
Application specific info leaks: CVE-2012-0769, the case of the perfect info leak
Converting an info leak into an UXSS
Presented By:
Fermin J. Serna
Black Hat - USA - 2012 Hacking conference
#hacking, #hackers, #infosec, #opsec, #IT, #security



Other Videos By All Hacking Cons


2021-12-31We have you by the Gadgets
2021-12-31Torturing OpenSSL
2021-12-31Probing The Mobile Operating Networks
2021-12-31Find Me in your Database
2021-12-31Digging Deep into the Flash Sandboxes
2021-12-31The Big Picture
2021-12-31SQL Injections
2021-12-31File Disinfection Framework Striking back at the Polymorphic Viruses
2021-12-31Easy Local Windows Kernel Exploitation
2021-12-31Blended Threats and JavaScript: a plan for permanent network compromise
2021-12-31The Info Leak Era Software Exploitation
2021-12-31How many bricks does it take to Crack a Microcell?
2021-12-31Windows 7 Phone Hacking & Exploitation
2021-12-31The Christopher Columbus Rule and DHS
2021-12-31Web Tracking for You
2021-12-31Smashing the Furure for Fun & Profit Presented By:Jeff Moss Bruce Schneier Adam Shostack
2021-12-31Recent Java Exploitation Trends and Malware
2021-12-31Are you my type? : Breaking NET Sandboxes through serialization
2021-12-31Changing the Security Paradigm... Taking back your network and bringing pain to the adversary
2021-12-30There's a party at ring0 Tavis Ormandy, Julien Tinnes
2021-12-30Ushering in the post GRC world applied threat modeling Alex Hutton, Allison Miller


Tags:
data
hacker
security
computer
cyber
internet
technology
hacking
attack
digital
virus
information
hack
online
crime
password
code
web
concept
protection
network
scam
fraud
malware
secure
identity
criminal
phishing
access
safety
theft
system
firewall
communication
business
privacy
binary
account
spy
programmer
program
spyware
hacked
hacking conference
conference
learn
how to
2022
cybersecurity
owned
break in
google
securing
exploit
exploitation
recon
social engineering
Fermin J. Serna