Riding the Overflow - Then and Now

by Miroslav Stampar

Exploiting software vulnerability after finding one one has dramatically become harder, but still not impossible. Times of "Smashing the Stack for Fun and Profit" look like a distant past. Rules have changed in the last decade with introduction of security mechanisms such as - Address Space Layout Randomization (ASLR), Data Execution Prevention (DEP), NX (No eXecute)/XD (eXecute Disable)/XN (eXecute Never) bit(s), Stack Canaries, Structured Exception Handler Overwrite Protection (SEHOP), etc. In this talk popular security mechanisms will be presented together with respective counter-methods (if any) used by hackers to bypass them. Also, a small demonstration should be done accompanying the presentation.