Full Disclosure mailing list archives
Re: Bypassing Windows 7 kernel ASLR
From: Stéfan LE BERRE <sleberre () nes fr>
Date: Wed, 12 Oct 2011 10:03:24 +0200
Other methods are useful for user land but not in kernel land. In this paper I have bypassed ASLR and DEP too, not just one protection. Read it again ;-) Stefan LE BERRE De : secn3t () gmail com [mailto:secn3t () gmail com] De la part de GloW - XD Envoyé : mardi 11 octobre 2011 23:14 À : Stéfan LE BERRE Cc : full-disclosure () lists grok org uk Objet : Re: [Full-disclosure] Bypassing Windows 7 kernel ASLR Thats cool... id like to see more about using rop chains or other methods to bypass dep+aslr in one go... rather than just take out one protection.. pretty nice read..cheers xd 2011/10/12 Stéfan LE BERRE <sleberre () nes fr> Hi ! I have recently discovered a method to bypass Windows 7 kernel ASLR. You can find the paper here: http://www.nes.fr/docs/NES-BypassWin7KernelAslr.pdf In this paper I explain every step to code an exploit with an useful kernel ASLR bypassing. I perform successful exploitations on Windows 7 SP0 / SP1. Good reading, Best regards, LE BERRE Stefan. IT Security Researcher NES http://www.nes.fr http://ww.nes.fr/securitylab/ 46 rue de provence 75009 PARIS _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Bypassing Windows 7 kernel ASLR Stéfan LE BERRE (Oct 11)
- Re: Bypassing Windows 7 kernel ASLR GloW - XD (Oct 11)
- Re: Bypassing Windows 7 kernel ASLR Stéfan LE BERRE (Oct 12)
- Re: Bypassing Windows 7 kernel ASLR GloW - XD (Oct 11)