Riding the Overflow - Then and Now

Revision as of 20:59, 3 August 2014 by Administrator (Talk | contribs)


by Miroslav Stampar

Exploiting software vulnerability after finding one one has dramatically become harder, but still not impossible. Times of "Smashing the Stack for Fun and Profit" look like a distant past. Rules have changed in the last decade with introduction of security mechanisms such as - Address Space Layout Randomization (ASLR), Data Execution Prevention (DEP), NX (No eXecute)/XD (eXecute Disable)/XN (eXecute Never) bit(s), Stack Canaries, Structured Exception Handler Overwrite Protection (SEHOP), etc. In this talk popular security mechanisms will be presented together with respective counter-methods (if any) used by hackers to bypass them. Also, a small demonstration should be done accompanying the presentation.