Thinking Outside The JIT Compiler

CnqCkqTZUGs/default.jpg

In this talk, we will detail our new and generic methods to bypass StructureID Randomization mitigation, which allows an attacker to construct the addrOf/fakeObj primitives and gain the arbitrary Read/Write ability smoothly. Unlike the bug-specific and JIT compiler related way to bypass this mitigation[4], our generic and old-school methods have not been thoroughly presented in any previous talks. We believe our talk will inspire the design of more effective mitigations.

By Yong Wang

Full Abstract & Presentation Materials: https://www.blackhat.com/eu-19/briefi...

CnqCkqTZUGs/default.jpg
Thinking Outside The JIT Compiler Thinking Outside The JIT Compiler Reviewed by Anonymous on March 19, 2020 Rating: 5