YoVDO

The Power of Data-Oriented Attacks - Bypassing Memory Mitigation Using Data-Only Exploitation Techniques

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Cybersecurity Courses Ethical Hacking Courses Control-Flow Integrity Courses

Course Description

Overview

Explore the power of data-oriented attacks in this Black Hat conference talk. Delve into advanced exploitation techniques that bypass memory mitigation measures like Control Flow Integrity (CFI) and Microsoft's Control Flow Guard (CFG). Learn about data-only exploitation methods, including the use of unprotected ret instructions, and understand their potential to circumvent traditional security measures. Examine real-world examples, code demonstrations, and practical applications of these techniques. Gain insights into writable features, ACG (Arbitrary Code Guard), and other relevant flags. Discover how these attacks work, their implications for cybersecurity, and potential countermeasures to enhance system protection against sophisticated memory vulnerabilities.

Syllabus

Introduction
About us
Agenda
Control Flow Guard
No1 Techniques
No1 Code
Demo
Fix
Summary
What is DataOnly Attack
DataOnly Attack Example
Writable Feature
Other Flag
ReadWrite
ACG
Demonstration


Taught by

Black Hat

Related Courses

Enforcing Unique Code Target Property for Control-Flow Integrity
Association for Computing Machinery (ACM) via YouTube
Current Status of RISC-V Security Mechanisms - Nick Kossifidis, FORTH
TheIACR via YouTube
Two-Faces of WASM Security
Security BSides San Francisco via YouTube
Taking Kernel Hardening to the Next Level
Black Hat via YouTube
Mitigating Spectre Attacks Using CFI Informed Speculation
IEEE via YouTube