Thinking Outside The JIT Compiler


In this talk, we will detail our new and generic methods to bypass StructureID Randomization mitigation, which allows an attacker to construct the addrOf/fakeObj primitives and gain the arbitrary Read/Write ability smoothly. Unlike the bug-specific and JIT compiler related way to bypass this mitigation[4], our generic and old-school methods have not been thoroughly presented in any previous talks. We believe our talk will inspire the design of more effective mitigations.

By Yong Wang

Full Abstract & Presentation Materials:

Thinking Outside The JIT Compiler Thinking Outside The JIT Compiler Reviewed by Anonymous on March 19, 2020 Rating: 5