Rowhammer.js: A Remote Software-Induced Fault Attack in JavaScript

Introduction

This paper was published in DIMVA 2016. In this paper, the author proposed a software-induced rowhammer attack. To demonstrate the effectiveness of their attack, the author presented a rowhammer attack using JavaScript on Firefox 39.0. In this post, I will first give background of Rowhammer attack and then how this paper deploy the attack from JavaScript.
Continue reading “Rowhammer.js: A Remote Software-Induced Fault Attack in JavaScript”

Advertisements

Enforcing Forward-Edge Control-Flow Integrity in GCC & LLVM

Introduction

This week I find that Codeblue CTF takes VTV as  a pwn challenge. So I decide to take a note on this paper presenting in USENIX 2014. And I will give a write-up on the pwn challenge some time later. In this paper, the author mainly proposes two CFI mechanism Virtual Table Verification (VTV) for gcc and Indirect Function Call Check (IFCC) for LLVM. Both CFI aim to verify the validity of indirect forward edge target. Continue reading “Enforcing Forward-Edge Control-Flow Integrity in GCC & LLVM”

Per-Input Control Flow Integrity

Introduction

Last week, I find that Google CTF Quals take PICFI as a pwn chanllenge. Since this paper is also mentioned in The Dynamics of Innocent Flesh on the Bone: Code Reuse Ten Years Later, I decide to take simple note no this paper and take the pwn challenge to solve.

In this paper, the author propose a more fine-grained CFI compared with conventional CFI proposed by Abadi. Continue reading “Per-Input Control Flow Integrity”

The Dynamics of Innocent Flesh on the Bone: Code Reuse Ten Years Later

Introduction

This paper is published in CCS 2017. In the paper, the paper proposes a dynamic analysis (Newton) to find function gadgets even in the presence of state-of-the-art code reuse defenses. In the end of this paper, the author gives an in-depth analysis on nginx and present attacks under the restriction of CPI and Context-sensitive CFI. Continue reading “The Dynamics of Innocent Flesh on the Bone: Code Reuse Ten Years Later”

SemFuzz: Semantics-based Automatic Generation of Proof-of-Concepts Exploits

Introduction

In this paper, the author finds that, besides the running status, the non-code descriptions in CVE and Linux git logs can also help the fuzzer to avoid unnecessary runs, saving a lot of time in the fuzzing process. In particular, we use the semantics-based approach (e.g., NLP) to automatically analyse the description and extract necessary information for feeding to the fuzzer. Continue reading “SemFuzz: Semantics-based Automatic Generation of Proof-of-Concepts Exploits”