The aim of LKRG is not to completely stop exploitation process but to make it harder and/or less reliable. As far as I'm aware, all of the anti-exploitation / security technologies (including mitigations) follow the same path and are bypassable
I don't think I simplified it, Antivirus also has a long list of things they blacklist, but I guess you think your blacklist is better than theirs. I wonder if they agree ;-)
-
-
I think that simple credentials overwrite is much more stable and reliable than pure-ROP only exploit, which needs to race with scheduler, pCFI and take care of leaving the kernel in a clean state. Higher complexity == less reliable, prone to error
-
That's simply a false dichotomy, do you really argue that creds is the only useful thing to overwrite if you have an arbitrary rw? It is simply not a choice between one nice and clean attack vs unreliable complex attack.
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
I'm happy to agree to that.