String Oriented Programming
- Type
- Video
- Tags
- exploiting
- Authors
- Mathias Payer
- Event
- Chaos Communication Congress 28th (28C3) 2011
- Indexed on
- Mar 27, 2013
- URL
- http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4817-en-string_oriented_programming_h264.mp4
- File name
- 28c3-4817-en-string_oriented_programming_h264.mp4
- File size
- 257.6 MB
- MD5
- da756df221a9098e8ea2d7c732d32e12
- SHA1
- a7c113eb63d0f739a3a4432169fe3ccc86cff0e3
The protection landscape is changing and exploits are getting more and more sophisticated. Exploit generation toolkits can be used to construct exploits for specific applications using well-defined algorithms. We present such an algorithm for leveraging format strings and introduce string oriented programming. String oriented programming takes format string exploits to the next level and turns an intrusion vector that needs hand-crafted exploits into arbitrary code execution. Similar to return oriented programming or jump oriented programming string oriented programming does not rely on existing code but concatenates gadgets in the application using static program analysis. This talk presents an algorithm and a technique that takes a vulnerable application that contains a format string exploit as a parameter and constructs a format string exploit that can be used to inject a dynamic jump oriented programming dispatcher into the running application. String oriented programming circumvents ASLR, DEP, and ProPolice.
About us
Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.
Statistics
Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.
Contribute
To support this site and keep it alive, you can click on the buttons below. Any help is really appreciated! This service is provided for free, but real money is needed to pay bills.
