This paper was published in Oakland 2015. In this paper, the author introduced COOP (Conterfeit Object Oriented Programming) to bypass the virtual table integrity check and coarse-grained CFI. In COOP, it takes a whole virtual function in C++ code as a gadget to launch the attack. Since the state-of-art CFI does not have a deep knowledge of the semantics of the binary code in C++ and the state-of-art vtable enforcement does not take vtable reuse attack into consideration, COOP attack is hard to be distinguished from benign execution of the program.
Continue reading “Counterfeit Object-oriented Programming”
VTable reuse attack is a novel exploitation technique in recent academic work. I think it is time to give a short series of posts on VTable reuse attacks including academic papers, more details on VTable and VTable reuse attacks based on existing CVE. Continue reading “VTable Reuse Attack”
This challenge implements a simplified version of VTint in the binary file. Therefore, this is a good example to introduce vtable reuse attack.
Continue reading “BCTF 2015 PWN Zhongguancun Write-up”
This paper was published on NDSS2015. Virtual table hijacking is an attack to overwrite the virtual table pointer(vfptr) by utilizing the use-after-free or heap-overflow vulnerability, which finally hijacks the control flow of the program. In this paper, the author proposed an protection on the binary by instrumentation.
Continue reading “VTint: Protecting Virutal Function Tables’ Integrity”
This post will give a basic explanation of PHP (de)serialization and how such mechanism will be exploited in PHP Object Injection (POI).
Continue reading “PHP Object Serialization”
This post will contain the 2 RE challenges in CrossCTF 2018 final: perfect and Rochefort_6.
Continue reading “CrossCTF 2018 Final RE Write-up Collection”