Realistically looking at "all the things"

[Dave Aitel <dave () immunityinc com>]

http://0xdabbad00.com/wp-content/uploads/2013/11/emet_4_1_uncovered.pdf

https://www.exodusintel.com/files/Aaron_Portnoy-Bypassing_All_Of_The_Things.pdf

So I wanted to compare and contrast the EMET paper with the Portnoy
"Bypassing all the Things" paper. Because nothing makes me madder than
the Portnoy paper. Go read it and then come back.

Ok, done? Did that not make you want to gnash your teeth a bit? My
dentist last week was like "Looks like you grind your teeth" and I was
like "BECAUSE OF THE BYPASSING ALL THE THINGS PAPER!"

Here's why: If you have a perfect bug, then yes, ANYTHING is bypassable.
For some reason Shockwave included the perfect bug. Which is AWESOME and
I wish I'd found that bug, but once you have full memory real and write
control (and are in a scripting language to boot), then yes, you will be
bypassing DEP/ASLR, etc. Not even GRSec, the gold standard of pains in
the ass, would claim to protect against full memory read and write access.

Here's the thing: Browser client-sides have made people think things are
easier than they are. And even browser bugs aren't usually as easy as
THIS bug. Sheesh.

-dave

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave