A prominent security researcher has released an exploit that uses a new technique to defeat ALSR + DEP on Microsoft’s Windows operating system.

The exploit, released by Google security researcher “SkyLined,” uses the ret-into-libc technique to bypass DEP (Data Execution Prevention) and launch code execution attacks on x86 platforms.

SkyLined (real name Berend-Jan Wever) is best known for introducing heap-spraying in Web browsers, a technique used in exploits to facilitate arbitrary code execution. He previously worked at Microsoft before leaving in 2008 to work on security Google’s Chrome browser.

“I am releasing this because I feel it helps explain why ASLR+DEP are not a mitigation to put a lot of faith in, especially on x86 platforms,” SkyLined wrote on his blog. ”32-bits does not provide sufficient address space to randomize memory to the point where guessing addresses becomes impractical, considering heap spraying can allow an attacker to allocate memory across a considerable chunk of the address space and in a highly predictable location,” he added.

Оставить мнение

Check Also

Выносим всё! Какие данные о нас хранит Google и как их вернуть себе через Takeout

Как известно, Google хранит огромное количество данных о своих пользователях, чем его непр…