Downloads & Free Reading Options - Results

To fight against prevalent cyber threat, more mechanisms to protect operating systems have been proposed. Specifically, approaches like DEP, ASLR, and RELRO are frequently applied on Linux to hinder memory corruption vulnerabilities. In other words, it is more difficult for adversaries to exploit bugs to undermine the system security. In this session, we will propose a new attack technique that exploits the FILE structure in GNU C Library (Glibc), and introduce how to circumvent the protection adopted by modern operating systems. We will demonstrate techniques to break data protections and launch remote code execution. Moreover, we explore the methodology to utilize different FILE structures for attack – the so called File Stream Oriented Programming. Despite the new mitigations in the latest version of Glibc, we will show we can still abuse the FILE structure using our approach. === Angelboy is a member of chroot and HITCON CTF team. He is researching in linux binary exploitation, especially in heap related exploitation. He participated in a lot of ctf, such as HITB、DEFCON、Boston key party, won 2nd in DEFCON CTF 2017 and won 1st in Boston key party 2016, 2017 with HTICON CTF Team. He is also a speaker at conferences such as HITCON, VXCON. Source: https://www.youtube.com/watch?v=Fr3VU5hdL4s Uploader: Hack In The Box Security Conference