Black Hat USA 2008 Webcast No. 3

[ad_1]

How To Impress Girls With Browser Memory Protection Bypasses

Thursday, September 18 1:00 pm PST/4:00 pm ET • FREE

Speakers:

  • Jeff Moss, Founder and Director of Black Hat
  • Alex Sotirov, Security Researcher, VMware

Overview:

Over the past several years, Microsoft has implemented a number of memory protection mechanisms
with the goal of preventing the reliable exploitation of common software vulnerabilities on the Windows
platform. Protection mechanisms such as GS, SafeSEH, DEP and ASLR complicate the exploitation of many
memory corruption vulnerabilities and at first sight present an insurmountable obstacle for exploit
developers.

This talk aims to present exploitation methodologies against this increasingly complex target.
We will demonstrate how the inherent design limitations of the protection mechanisms in Windows
Vista make them ineffective for preventing the exploitation of memory corruption vulnerabilities
in browsers and other client applications.

Each of the aforementioned protections will be briefly introduced and its design limitations will be
discussed. We will present a variety of techniques that can be used to bypass the protections and
achieve reliable remote code execution in many different circumstances. Finally, we will discuss
what Microsoft can do to increase the effectiveness of the memory protections at the expense of
annoying Vista users even more.

[ad_2]

Source link

Geef een reactie

Je e-mailadres wordt niet gepubliceerd. Vereiste velden zijn gemarkeerd met *