Automatic Exploitation of Fully Randomized Executables Gadient, Austin; Ortiz, Baltazar; Barrato, Ricardo; Davis, Eli; Perkins, Jeff; Rinard, Martin We present Marten, a new end to end system for automatically discovering, exploiting, and combining information leakage and buffer overflow vulnerabilities to derandomize and exploit remote, fully randomized processes. Results from two case studies high- light Marten’s ability to generate short, robust ROP chain exploits that bypass address space layout randomization and other modern defenses to download and execute injected code selected by an attacker. We present an automated system, Marten, that automatically generates control flow hijacking exploits against fully randomized executables by combining information leakage and buffer overflow exploits.
from Computer Science and Artificial Intelligence Lab (CSAIL) http://bit.ly/2MFt55i
Home » Computer Science and Artificial Intelligence Lab (CSAIL) » Automatic Exploitation of Fully Randomized Executables
mardi 11 juin 2019
Automatic Exploitation of Fully Randomized Executables
lainnya dari Computer Science and Artificial Intelligence CSAIL, Computer Science and Artificial Intelligence Lab (CSAIL)
Ditulis Oleh : Unknown // 11:31
Kategori:
Computer Science and Artificial Intelligence Lab (CSAIL)
Inscription à :
Publier les commentaires (Atom)
0 commentaires:
Enregistrer un commentaire