Showing Articles About
exploit protections
- 15 May 2020
Internet Exploiter: Understanding vulnerabilities in Internet Explorer
This article provides a deep technical analysis of CVE-2020-0674, a use-after-free vulnerability in Internet Explorer's legacy JScript engine. The analysis explores the internal mechanics of the JScript interpreter, garbage collection process, and demonstrates complex exploitation techniques to bypass security mitigations. The research reveals how an attacker could potentially execute arbitrary code by manipulating memory management in the legacy JavaScript engine.
- 13 Apr 2018
Some Brief Notes on WebKit Heap Hardening
WebKit has implemented substantial heap hardening techniques to improve memory safety in browsers. The changes include Gigacages, which isolate different object types into separate heaps, and IsoHeap, which allocates objects in dedicated memory pages. Additional protections involve pointer poisoning to make type confusion attacks more difficult.
- 5 Apr 2016
Windows Kernel Exploitation 101: Exploiting CVE-2014-4113
This article provides a detailed walkthrough of exploiting CVE-2014-4113, a Windows kernel vulnerability. The guide demonstrates the process of creating an exploit for Windows 7 SP1 32-bit by analyzing an original Anti-Virus vendor report. The goal is to make kernel exploitation more accessible to cybersecurity researchers.
-
Yong Chuan Koh - 3 Jul 2015
Understanding the Protected-View Sandbox
The whitepaper analyzes the Microsoft Office 2013 Protected-View sandbox architecture. It explores the sandbox's initialization, system resource restrictions, and Inter-Process Communication (IPC) mechanism. The technical analysis was originally presented at the REcon 2015 Security Conference.
- 15 Aug 2014
Windows 8 Kernel Memory Protections Bypass
A technique for bypassing Windows 8 kernel memory protections like SMEP and DEP is demonstrated by manipulating paging structures. The method allows modification of memory page flags to enable user-mode code execution in kernel-mode. By targeting isolated paging structures, an attacker can corrupt page table entries to circumvent kernel memory safeguards on 64-bit Windows systems.
- 20 Jun 2014
Isolated Heap & Friends - Object Allocation Hardening in Web Browsers
Web browsers have implemented object allocation hardening techniques to mitigate use-after-free vulnerabilities. These techniques include Internet Explorer's Isolated Heap, Firefox's Presentation Arena, and Chrome's PartitionAlloc. Each approach aims to constrain memory allocation strategies and make exploitation more difficult by separating object types and controlling memory reuse.
- Nils Jon Butler
- 19 Apr 2013
MWR Labs Pwn2Own 2013 Write-up - Webkit Exploit
A detailed technical write-up of a WebKit exploit demonstrated at Pwn2Own 2013 describes a type confusion vulnerability in SVG document handling. The exploit leveraged the ability to cast non-SVG elements to SVG elements, enabling precise memory manipulation and control. By chaining multiple exploit stages, the vulnerability allowed leaking pointers, calculating memory addresses, and ultimately achieving code execution in the browser.
- Nils Jon Butler
- 6 Mar 2013
Pwn2Own at CanSecWest 2013
MWR Labs demonstrated a full sandbox bypass exploit against Google Chrome at Pwn2Own 2013. The exploit leveraged vulnerabilities to gain code execution in the renderer process and bypass ASLR and DEP protection mechanisms. Memory address leakage techniques were used to execute arbitrary commands outside the browser sandbox.
- 2 Sep 2010
Assessing the Tux Strength: Part 2 - Into the Kernel
This article examines Linux kernel security features across different distributions. It analyzes memory protection mechanisms and randomization techniques using tools like paxtest. The research reveals varying levels of kernel-level security settings, with most distributions showing vulnerabilities to certain exploitation techniques. Gentoo with a PaX kernel demonstrated the most robust security settings.
- 14 Jan 2010
Adobe Reader Exploit on Vista and 7
A vulnerability in Adobe Reader affecting Vista and Windows 7 systems was discovered, impacting the "media.newPlayer" issue. The exploit functions reliably across multiple Adobe Reader versions, even with ASLR and DEP protections enabled. Disabling JavaScript and applying patches are recommended mitigation strategies.