KASLR: An Exercise in Cargo Cult Security [2013]: https://forums.grsecurity.net/viewtopic.php?f=7&t=3367&sid=ee9f8c1bacede4863bcab77b96eff623 …
tl;dr; info leaks defeat ASLR by revealing the address of a valid stack or heap object, so now you know where to attack
-
-
that's the defn, but you're using the leak to find your ROP widgets and build a full computation env right?
-
so in the absence of a "good" exploit env, it's unclear how to reliably promote a random address into something good.
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.