Towards Automated Generation of Exploitation Primitives for Web Browsers

Introduction

This is a paper published in ACSAC 2018. In this paper, the author introduces a method to automatically generate exploitation primitives during the web browser exploitation. In this paper, the author uses CVE-2016-9079 as an example to demonstrate their work, which happens to be analysed in my post before.
In this post, I’d like to take this chance to give some academic definitions about those jargons in our previous posts. One interesting thing about this paper is that the paper is put into the session of web security not software security during the conference. ~~~OO~~~
Continue reading “Towards Automated Generation of Exploitation Primitives for Web Browsers”

Advertisements

From Collision To Exploitation:Unleashing Use-After-Free Vulnerabilities in Linux Kernel

Introduction

This paper was published in CCS 2015. With the introduction of the various mitigation deployed in the user space, especially sandbox, the vulnerability in the linux kernel has become a target of the attacker. However, the memory space in the kernel is hard to predict since the kernel space are used by various tasks. In this paper, the author introduces a much stabler way to put desired vulnerable target into kernel memory space by exploiting a use-after-free in linux kernel.
Continue reading “From Collision To Exploitation:Unleashing Use-After-Free Vulnerabilities in Linux Kernel”

Counterfeit Object-oriented Programming

Introduction

This paper was published in Oakland 2015. In this paper, the author introduced COOP (Conterfeit Object Oriented Programming) to bypass the virtual table integrity check and coarse-grained CFI. In COOP, it takes a whole virtual function in C++ code as a gadget to launch the attack. Since the state-of-art CFI does not have a deep knowledge of the semantics of the binary code in C++ and the state-of-art vtable enforcement does not take vtable reuse attack into consideration, COOP attack is hard to be distinguished from benign execution of the program.
Continue reading “Counterfeit Object-oriented Programming”

VTint: Protecting Virutal Function Tables’ Integrity

Introduction

This paper was published on NDSS2015. Virtual table hijacking is an attack to overwrite the virtual table pointer(vfptr) by utilizing the use-after-free or heap-overflow vulnerability, which finally hijacks the control flow of the program. In this paper, the author proposed an protection on the binary by instrumentation.
Continue reading “VTint: Protecting Virutal Function Tables’ Integrity”

Rowhammer.js: A Remote Software-Induced Fault Attack in JavaScript

Introduction

This paper was published in DIMVA 2016. In this paper, the author proposed a software-induced rowhammer attack. To demonstrate the effectiveness of their attack, the author presented a rowhammer attack using JavaScript on Firefox 39.0. In this post, I will first give background of Rowhammer attack and then how this paper deploy the attack from JavaScript.
Continue reading “Rowhammer.js: A Remote Software-Induced Fault Attack in JavaScript”