KASLR: An Exercise in Cargo Cult Security [2013]: https://forums.grsecurity.net/viewtopic.php?f=7&t=3367&sid=ee9f8c1bacede4863bcab77b96eff623 …
-
-
tl;dr; info leaks defeat ASLR by revealing the address of a valid stack or heap object, so now you know where to attack
-
that's the defn, but you're using the leak to find your ROP widgets and build a full computation env right?
-
so in the absence of a "good" exploit env, it's unclear how to reliably promote a random address into something good.
-
Not quite sure what you mean, but if you’re asking if you need another exploit to weaponize the info leak, yes, you do.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.