Dailydave mailing list archives
Realistically looking at "all the things"
From: Dave Aitel <dave () immunityinc com>
Date: Wed, 20 Nov 2013 16:35:19 -0500
http://0xdabbad00.com/wp-content/uploads/2013/11/emet_4_1_uncovered.pdf https://www.exodusintel.com/files/Aaron_Portnoy-Bypassing_All_Of_The_Things.pdf So I wanted to compare and contrast the EMET paper with the Portnoy "Bypassing all the Things" paper. Because nothing makes me madder than the Portnoy paper. Go read it and then come back. Ok, done? Did that not make you want to gnash your teeth a bit? My dentist last week was like "Looks like you grind your teeth" and I was like "BECAUSE OF THE BYPASSING ALL THE THINGS PAPER!" Here's why: If you have a perfect bug, then yes, ANYTHING is bypassable. For some reason Shockwave included the perfect bug. Which is AWESOME and I wish I'd found that bug, but once you have full memory real and write control (and are in a scripting language to boot), then yes, you will be bypassing DEP/ASLR, etc. Not even GRSec, the gold standard of pains in the ass, would claim to protect against full memory read and write access. Here's the thing: Browser client-sides have made people think things are easier than they are. And even browser bugs aren't usually as easy as THIS bug. Sheesh. -dave
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- Realistically looking at "all the things" Dave Aitel (Nov 20)