This paper is published in CCS 2017. In the paper, the paper proposes a dynamic analysis (Newton) to find function gadgets even in the presence of state-of-the-art code reuse defenses. In the end of this paper, the author gives an in-depth analysis on nginx and present attacks under the restriction of CPI and Context-sensitive CFI.Read More »
Points 300 Solve: 56
This challenge implements a self-designed memory management mechanism. Through some reverse engineering work and discovery of the memory corruption, we can finally get the shell.Read More »
In this paper, the author finds that, besides the running status, the non-code descriptions in CVE and Linux git logs can also help the fuzzer to avoid unnecessary runs, saving a lot of time in the fuzzing process. In particular, we use the semantics-based approach (e.g., NLP) to automatically analyse the description and extract necessary information for feeding to the fuzzer.Read More »
Recently I was taking a research on Linux kernel vulnerability and kernel fuzzing. CVE-2017-14497 is a Linux Kernel Oops that affects Linux Kernel before Linux-4.13-rc2. This post will give a detailed analysis on the crash.Read More »
氷 菓 