Per-Input Control Flow Integrity

Introduction

Last week, I find that Google CTF Quals take PICFI as a pwn chanllenge. Since this paper is also mentioned in The Dynamics of Innocent Flesh on the Bone: Code Reuse Ten Years Later, I decide to take simple note no this paper and take the pwn challenge to solve.

In this paper, the author propose a more fine-grained CFI compared with conventional CFI proposed by Abadi. Continue reading “Per-Input Control Flow Integrity”

Advertisements

The Dynamics of Innocent Flesh on the Bone: Code Reuse Ten Years Later

Introduction

This paper is published in CCS 2017. In the paper, the paper proposes a dynamic analysis (Newton) to find function gadgets even in the presence of state-of-the-art code reuse defenses. In the end of this paper, the author gives an in-depth analysis on nginx and present attacks under the restriction of CPI and Context-sensitive CFI. Continue reading “The Dynamics of Innocent Flesh on the Bone: Code Reuse Ten Years Later”

SemFuzz: Semantics-based Automatic Generation of Proof-of-Concepts Exploits

Introduction

In this paper, the author finds that, besides the running status, the non-code descriptions in CVE and Linux git logs can also help the fuzzer to avoid unnecessary runs, saving a lot of time in the fuzzing process. In particular, we use the semantics-based approach (e.g., NLP) to automatically analyse the description and extract necessary information for feeding to the fuzzer. Continue reading “SemFuzz: Semantics-based Automatic Generation of Proof-of-Concepts Exploits”