In this talk, we will detail our new and generic methods to bypass StructureID Randomization mitigation, which allows an attacker to construct the addrOf/fakeObj primitives and gain the arbitrary Read/Write ability smoothly. Unlike the bug-specific and JIT compiler related way to bypass this mitigation[4], our generic and old-school methods have not been thoroughly presented in any previous talks. We believe our talk will inspire the design of more effective mitigations.

By Yong Wang

Full Abstract & Presentation Materials: https://www.blackhat.com/eu-19/briefi...