Thinking Outside the JIT Compiler - Understanding and Bypassing StructureID Randomization with Generic and Old-School Methods
Offered By: Black Hat via YouTube
Course Description
Overview
Explore generic methods to bypass StructureID Randomization mitigation in this 22-minute Black Hat conference talk. Delve into new techniques that enable attackers to construct addrOf/fakeObj primitives and gain arbitrary Read/Write abilities. Learn about old-school approaches that differ from bug-specific and JIT compiler-related bypass methods. Gain insights into the design of more effective mitigations as speaker Yong Wang presents these concepts, which have not been thoroughly covered in previous talks. The presentation covers topics such as general bypass techniques, prototype manipulation, layout attacks, and potential problems, concluding with a summary and references for further study.
Syllabus
Introduction
General bypass
Question
Prototype
TruthString
Simple Prototype
Converting
Layout
Attack
Objector
Potential Problem
Summary
References
Taught by
Black Hat
Related Courses
Computer SecurityStanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network