XOM-Switch - Hiding Your Code from Advanced Code Reuse Attacks in One Shot

Explore XOM-switch, a security tool enabling Execute-Only Memory (XOM) on deployed Linux applications using Protection Key Unit (PKU) technology, in this Black Hat conference talk. Learn how to implement end-to-end protection for Linux applications without source code or heavyweight binary rewriting. Discover the tool's approach to hiding code from advanced code reuse attacks, its implementation in the PC market, and potential implications for cybersecurity. Delve into topics such as script-based threats, obfuscation techniques, encryption methods, and ways to detect obfuscators. Examine the Architecture and Memory Scanning Interface (AMSI), its supported vendors, enumerations, functions, and architecture. Gain insights into building a provider, scan dispatching, and methods for bypassing AMSI. Explore implementation flaws, COM server hijacking, missing DLL issues, and fundamental challenges in cybersecurity. Conclude with a discussion on one-liner solutions and their impact on application security.

Intro
blackhat Overview
blackhat Script Based Threats
blackhat Obfuscation
black hat The Cat and Mouse Game
black hat Encryption
black hat Detect the Obfuscators
black hat AMSI - Supported Vendors
black hat AMSI - Enumerations
black hat AMSI - Functions
black hat AMSI - Architecture
black hat Building a Provider
blackhat Scan Dispatching
black hat Bypassing AMSI
blackhat Implementation Flaws
black hat COM Server Hijacking
blackhat Missing DLL
black hat AmsiEnable Bypass
blackhat Implementation Issues
black hat Fundamental Issues
blackhat One Liner