KASLR: An Exercise in Cargo Cult Security [2013]: https://forums.grsecurity.net/viewtopic.php?f=7&t=3367&sid=ee9f8c1bacede4863bcab77b96eff623 …
-
-
Replying to @BRIAN_____
tl;dr; info leaks defeat ASLR by revealing the address of a valid stack or heap object, so now you know where to attack
1 reply 0 retweets 0 likes -
Replying to @pcwalton @BRIAN_____
that's the defn, but you're using the leak to find your ROP widgets and build a full computation env right?
1 reply 0 retweets 0 likes -
so in the absence of a "good" exploit env, it's unclear how to reliably promote a random address into something good.
1 reply 0 retweets 0 likes
Replying to @Gankra_ @BRIAN_____
Not quite sure what you mean, but if you’re asking if you need another exploit to weaponize the info leak, yes, you do.
2:12 PM - 26 Oct 2016
0 replies
0 retweets
0 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.