|
|
|
Black Hat Europe 2015 - Hey Man, Have You Forgotten To Intialize Your Memory |
Si vous voulez bloquer ce service sur vos fils RSS
Si vous voulez nous contacter ou nous proposer un fil RSS
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Black Hat Europe 2015 - Hey Man, Have You Forgotten To Intialize Your Memory Par SecurityTube.NetLe [2016-03-10] à 07:13:29
Présentation : When the rules for this year's Pwn2Own contest came out, there was only less than one month left for us to prepare for our Internet Explorer Exploit. It was not an easy task to pop up a calc on this year's IE target, where you need to conquer the 64-bit IE child process, the control flow guard CFG on windows 8.1 as well as the enhanced-protected mode EPM of IE11. This was the first time that 64-bit IE was used in the contest, which means more stronger ASLR that makes simple heap-spraying techinque does not work as it does on 32-bit process. Also on Windows 8.1, CFG is heavily used in user mode processes which makes it harder to transfer the execution-flow to our shellcode. And at last, we need to bypass the EPM sandbox without user interfaction and without re-starting re-login the computer. We are glad that we finally made it, with two 0day vulnerabilities, which have already been patched by Microsfot in June 2015. In this presentation, we will describe for the first time the details of the two vulnerabilities we used to take down 64-bit IE in this year's Pwn2Own. By going through the poc exploit, we will show how we achieved ASLR CFG bypass and remote code execution in 64-bit IE with a single uninitialized memory bug. And, we will also discuss the TOCTOU vulnerability we used to bypass IE's EPM sandbox to achieve elevation of privilege. Throughout the talk, we will describe several methods you may use to bypass exploit mitigtions such as ASLR, CFG on 64-bit IE, to achieve remote code execution with your memory corruption bug. For More Information Please Visit - https www.blackhat.com index.html
Les mots clés de la revue de presse pour cet article : memory
Les videos sur SecuObs pour les mots clés : forgotten memory
Les éléments de la revue Twitter pour les mots clé : memory
Les derniers articles du site "SecurityTube.Net" :
- TROOPERSCON - Crypto code the 9 circles of testing
- TROOPERSCON - Towards a LangSec Aware SDLC
- TROOPERSCON - Deep dive into SAP archive file formats
- TROOPERSCON - Thanks SAP for the vulnerabilities. Exploiting the unexploitable
- TROOPERSCON - An easy way into your multi-million dollar SAP systems An unknown default SAP account
- TROOPERSCON - One Tool To Rule Them All
- TROOPERSCON - Mind The Gap - Exploit Free Whitelisting Evasion Tactics
- TROOPERSCON - The Chimaera Processor
- TROOPERSCON - Lets Play Hide and Seek in the Cloud
- TROOPERSCON - Planes, Trains and Automobiles The Internet of Deadly Things
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Si vous voulez bloquer ce service sur vos fils RSS :
- avec iptables "iptables -A INPUT -s 88.190.17.190 --dport 80 -j DROP"
- avec ipfw et wipfw "ipfw add deny from 88.190.17.190 to any 80"
- Nous contacter par mail
| Mini-Tagwall des articles publiés sur SecuObs : | | | | sécurité, exploit, windows, attaque, outil, microsoft, réseau, audit, metasploit, vulnérabilité, système, virus, internet, usbsploit, données, source, linux, protocol, présentation, scanne, réseaux, scanner, bluetooth, conférence, reverse, shell, meterpreter, vista, rootkit, détection, mobile, security, malicieux, engineering, téléphone, paquet, trames, https, noyau, utilisant, intel, wishmaster, google, sysun, libre |
| Mini-Tagwall de l'annuaire video : | | | | curit, security, biomet, metasploit, biometric, cking, password, windows, botnet, defcon, tutorial, crypt, xploit, exploit, lockpicking, linux, attack, wireshark, vmware, rootkit, conference, network, shmoocon, backtrack, virus, conficker, elcom, etter, elcomsoft, server, meterpreter, openvpn, ettercap, openbs, iphone, shell, openbsd, iptables, securitytube, deepsec, source, office, systm, openssh, radio |
| Mini-Tagwall des articles de la revue de presse : | | | | security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone, server, inject, patch, apple, twitter, mobile, virus, ebook, facebook, vulnérabilité, crypt, source, linux, password, intel, research, virtual, phish, access, tutorial, trojan, social, privacy, firefox, adobe, overflow, office, cisco, conficker, botnet, pirate, sécurité |
| Mini-Tagwall des Tweets de la revue Twitter : | | | | security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall, network, twitter, vmware, windows, microsoft, compliance, vulnerability, python, engineering, source, kernel, crypt, social, overflow, nessus, crack, hacker, virus, iphone, patch, virtual, javascript, malware, conficker, pentest, research, email, password, adobe, apache, proxy, backtrack |
|
|
|
|
|
