Introduction
This week I find that Codeblue CTF takes VTV as a pwn challenge. So I decide to take a note on this paper presenting in USENIX 2014. And I will give a write-up on the pwn challenge some time later. In this paper, the author mainly proposes two CFI mechanism Virtual Table Verification (VTV) for gcc and Indirect Function Call Check (IFCC) for LLVM. Both CFI aim to verify the validity of indirect forward edge target. Continue reading “Enforcing Forward-Edge Control-Flow Integrity in GCC & LLVM”