String Oriented Programming

Circumventing ASLR, DEP, and Other Guards

Mathias Payer

Playlists: '28c3' videos starting here / audio / related events

The protection landscape is changing and exploits are getting more and more sophisticated. Exploit generation toolkits can be used to construct exploits for specific applications using well-defined algorithms. We present such an algorithm for leveraging format strings and introduce string oriented programming.

Related

Download

Embed

Share:

Tags