YoVDO

Capturing 0Day Exploits With Perfectly Placed Hardware Traps

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Cybersecurity Courses Branch Prediction Courses Research Methodology Courses Control-Flow Integrity Courses

Course Description

Overview

Explore a groundbreaking approach to cybersecurity in this Black Hat conference talk. Delve into a new cross-platform, hardware-assisted Control-Flow Integrity (CFI) method for mitigating control-flow hijack attacks on Intel architecture. Learn how this innovative technique leverages processor-provided features like the Performance Monitoring Unit (PMU) to detect and prevent abnormal branches in real-time, effectively blocking exploits before they gain execution. Discover the research methodology, results, and limitations of this approach, including novel solutions to major obstacles such as tracking Windows thread context swapping and configuring PMU interrupt delivery without triggering Microsoft's PatchGuard. Witness real-time demonstrations of preventing weaponized exploits targeting Windows and Linux x86-64 operating systems that typically bypass anti-exploit technologies like Microsoft's EMET tool. Gain insights into the performance impact and real-world applications of this technology, and explore topics such as exploit research, hardware assistance, branch prediction, and control flow integrity. Examine case studies, including double free Jscript and Flash hijack vulnerabilities, and consider future developments in exploit defenses, false positives, call site validation, and applications to microcontroller architectures like ARM.

Syllabus

Intro
Exploit Research
Exploit Phases
Hardware Assistance
Performance Monitoring Unit
Branch Prediction Unit
Branch Prediction Logic
Control Flow Integrity
Control Flow Guard
RealWorld Verification
CFI
Research Approach
Comparison
PMU
Intel Manual
The Problem
Cyber Grand Challenge
RealWorld Data
Plotting Data
Whitelisting
Waitlist Generation
Callback Registration
Callback Registration Examples
Clearing Interrupts
XC PIC vs X2 PIC
Call Registry
Thread Tracking
Window Monitoring
Synchronous Procedure Calls
The Final Solution
The Diagram
Linux
Results
Performance
Metasploit
VirusTotal
Analysis
Case Studies
Double Free Jscript
Flash
Hijack
Future work
Exploit defenses
False positives
Call site validation
Microcontroller architectures
ARM


Taught by

Black Hat

Related Courses

Computer Security
Stanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network