报告预览

钱智云与胡佳毅与周金梦与唐奇与沈文博_PageJack一种强大的页面级UAF利用技术.pdf

编号：175586

PDF 47页 1.36MB 下载积分：VIP专享

下载报告请您先登录！

钱智云与胡佳毅与周金梦与唐奇与沈文博_PageJack一种强大的页面级UAF利用技术.pdf

1、#BHUSA BlackHatEventsPageJackPageJack:A Powerful Exploit Technique With Page:A Powerful Exploit Technique With Page-Level UAFLevel UAFSpeaker:Zhiyun QianContributors:Jiayi Hu,Jinmeng Zhou,Qi Tang,Wenbo Shen8/8/2024#BHUSA BlackHatEventsWho we areZhiyun QianJinmeng ZhouQi TangWenbo ShenJiayi Hu#BHUSA

2、BlackHatEventsOS kernel exploitsControl flow hijackEx:corrupt function pointer return-oriented programming(ROP)Data-only attacksEx:corrupt data pointer arbitrary read/write to modify key objects(e.g.,cred)corrupted_obj-func_ptr()Arbitrary codelocation*corrupted_obj-data_ptr=val;Arbitrary datalocatio

3、n#BHUSA BlackHatEventsControl-flow integrityData-only attack needed#BHUSA BlackHatEventsControl-flow hijacking vs data-only attack0246810121416182019-2020202120222023control-flow attack exploitsdata-only attacks exploitsData-only attacks#BHUSA BlackHatEventsPrevious data-only attacksCorruptglobal va

4、riable,e.g.,modprobe_pathheap variable,e.g.,cred#BHUSA BlackHatEventsPrevious data-only attacksCorrupt KASLR bypass needed AAW capability needed Protected by CONFIG_STATIC_USERMODEHELPERglobal variable,e.g.,modprobe_pathheap variable,e.g.,cred#BHUSA BlackHatEventsPrevious data-only attackCorruptglob

5、al variable,e.g.,modprobe_pathheap variable,e.g.,cred,file.f_mode.f_mapping.uidgid.Relative write(e.g.,OOB)on heapAAW not neededstruct file struct cred#BHUSA BlackHatEventsPrevious data-only attack:cross-cache challenge Most vulnerabilities happen in generic caches.(UAF,Double Free,Out-of-bound writ

6、e)Most critical heap objects are in dedicated caches.How to reach critical heap objects with relative writes？cross-cache attack needed#BHUSA BlackHatEventsPrevious data-only attack:cross-cache challenge Cross-cache attack techniques vary by vulnerability type,e.g.,OOB:less reliableUAF:more reliable

友情提示

1、下载报告失败解决办法
2、PDF文件下载后，可能会被浏览器默认打开，此种情况可以点击浏览器菜单，保存网页到桌面，就可以正常下载了。
3、本站不支持迅雷下载，请使用电脑自带的IE浏览器，或者360浏览器、谷歌浏览器下载即可。
4、本站报告下载后的文档和图纸-无水印,预览文档经过压缩，下载后原文更清晰。

本文（钱智云与胡佳毅与周金梦与唐奇与沈文博_PageJack一种强大的页面级UAF利用技术.pdf）为本站（张5G）主动上传，三个皮匠报告文库仅提供信息存储空间，仅对用户上传内容的表现方式做保护处理，对上载内容本身不做任何修改或编辑。若此文所含内容侵犯了您的版权或隐私，请立即通知三个皮匠报告文库（点击联系客服），我们立即给予删除！

温馨提示：如果因为网速或其他原因下载失败请重新下载，重复下载不扣分。