Both with respect to how easy it is to find the vulnerabilities and also how easy it can be to exploit them. I have recently worked on a vulnerability discovery technique that reminded me of the early BFF days. Increased presence of exploit mitigations in both software and the platforms that they run on.Increased fuzzing by parties releasing software.This can likely be attributed to two things that happened over the years: As time went on, the bar for exploiting memory corruption vulnerabilities was raised. It was often relatively straightforward to go from Start to PoC with CERT BFF. Use ROP as necessary to modify the program flow so that it executes your shellcode.Find out which bytes can be used to store your shellcode, using BFF string minimization. Fuzz the target until you get control of the instruction pointer.But what I'd like to see change is for developers to start looking for these vuls in the way I describe so that they stop introducing them in the first place.īack when we first released CERT BFF, the usual process for putting together a proof-of-concept exploit for a memory corruption vulnerability was: After explaining how to find them, I'll introduce some defenses that can partly mitigate the problem in different ways. This post will explain how to find privilege escalation vuls on Windows that no one appears to be looking for, because it's been pretty easy to find a bunch of them.
0 Comments
Leave a Reply. |