Hacking Blind

Introduction

This paper was published in Oakland 2014. In this paper, the author presents a generic way to exploit proprietary server even if the source code and the binary code is not available but a crash is found through remote fuzzing test.
Continue reading “Hacking Blind”

Advertisements

Counterfeit Object-oriented Programming

Introduction

This paper was published in Oakland 2015. In this paper, the author introduced COOP (Conterfeit Object Oriented Programming) to bypass the virtual table integrity check and coarse-grained CFI. In COOP, it takes a whole virtual function in C++ code as a gadget to launch the attack. Since the state-of-art CFI does not have a deep knowledge of the semantics of the binary code in C++ and the state-of-art vtable enforcement does not take vtable reuse attack into consideration, COOP attack is hard to be distinguished from benign execution of the program.
Continue reading “Counterfeit Object-oriented Programming”

VTint: Protecting Virutal Function Tables’ Integrity

Introduction

This paper was published on NDSS2015. Virtual table hijacking is an attack to overwrite the virtual table pointer(vfptr) by utilizing the use-after-free or heap-overflow vulnerability, which finally hijacks the control flow of the program. In this paper, the author proposed an protection on the binary by instrumentation.
Continue reading “VTint: Protecting Virutal Function Tables’ Integrity”

Rowhammer.js: A Remote Software-Induced Fault Attack in JavaScript

Introduction

This paper was published in DIMVA 2016. In this paper, the author proposed a software-induced rowhammer attack. To demonstrate the effectiveness of their attack, the author presented a rowhammer attack using JavaScript on Firefox 39.0. In this post, I will first give background of Rowhammer attack and then how this paper deploy the attack from JavaScript.
Continue reading “Rowhammer.js: A Remote Software-Induced Fault Attack in JavaScript”

Enforcing Forward-Edge Control-Flow Integrity in GCC & LLVM

Introduction

This week I find that Codeblue CTF takes VTV as  a pwn challenge. So I decide to take a note on this paper presenting in USENIX 2014. And I will give a write-up on the pwn challenge some time later. In this paper, the author mainly proposes two CFI mechanism Virtual Table Verification (VTV) for gcc and Indirect Function Call Check (IFCC) for LLVM. Both CFI aim to verify the validity of indirect forward edge target. Continue reading “Enforcing Forward-Edge Control-Flow Integrity in GCC & LLVM”

Per-Input Control Flow Integrity

Introduction

Last week, I find that Google CTF Quals take PICFI as a pwn chanllenge. Since this paper is also mentioned in The Dynamics of Innocent Flesh on the Bone: Code Reuse Ten Years Later, I decide to take simple note no this paper and take the pwn challenge to solve.

In this paper, the author propose a more fine-grained CFI compared with conventional CFI proposed by Abadi. Continue reading “Per-Input Control Flow Integrity”