YoVDO

Thinking Outside the JIT Compiler - Understanding and Bypassing StructureID Randomization with Generic and Old-School Methods

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Cybersecurity Courses Exploit Development Courses Vulnerability Research Courses

Course Description

Overview

Explore generic methods to bypass StructureID Randomization mitigation in this 22-minute Black Hat conference talk. Delve into new techniques that enable attackers to construct addrOf/fakeObj primitives and gain arbitrary Read/Write abilities. Learn about old-school approaches that differ from bug-specific and JIT compiler-related bypass methods. Gain insights into the design of more effective mitigations as speaker Yong Wang presents these concepts, which have not been thoroughly covered in previous talks. The presentation covers topics such as general bypass techniques, prototype manipulation, layout attacks, and potential problems, concluding with a summary and references for further study.

Syllabus

Introduction
General bypass
Question
Prototype
TruthString
Simple Prototype
Converting
Layout
Attack
Objector
Potential Problem
Summary
References


Taught by

Black Hat

Related Courses

Attack on Titan M, Reloaded - Vulnerability Research on a Modern Security Chip
Black Hat via YouTube Attacks From a New Front Door in 4G & 5G Mobile Networks
Black Hat via YouTube AAD Joined Machines - The New Lateral Movement
Black Hat via YouTube Better Privacy Through Offense - How to Build a Privacy Red Team
Black Hat via YouTube Whip the Whisperer - Simulating Side Channel Leakage
Black Hat via YouTube