No actual ASLR bypass presented (assumes it was bypassed already or non-existent), ret-to-csu *irrelevant* in the real world... https://www.blackhat.com/docs/asia-18/asia-18-Marco-return-to-csu-a-new-method-to-bypass-the-64-bit-Linux-ASLR-wp.pdf …
since the first thing their exploit prints is "brute forcing stack canary", I guess they're assuming a scenario with a forking server, which permits bruting things on the stack one byte at a time?
-
-
But is that new?
-
No, that's a 10 years+ old technique http://inertiawar.com/openbsd/
- 2 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.