mailing list archives
Realistically looking at "all the things"
From: Dave Aitel <dave () immunityinc com>
Date: Wed, 20 Nov 2013 16:35:19 -0500
So I wanted to compare and contrast the EMET paper with the Portnoy
"Bypassing all the Things" paper. Because nothing makes me madder than
the Portnoy paper. Go read it and then come back.
Ok, done? Did that not make you want to gnash your teeth a bit? My
dentist last week was like "Looks like you grind your teeth" and I was
like "BECAUSE OF THE BYPASSING ALL THE THINGS PAPER!"
Here's why: If you have a perfect bug, then yes, ANYTHING is bypassable.
For some reason Shockwave included the perfect bug. Which is AWESOME and
I wish I'd found that bug, but once you have full memory real and write
control (and are in a scripting language to boot), then yes, you will be
bypassing DEP/ASLR, etc. Not even GRSec, the gold standard of pains in
the ass, would claim to protect against full memory read and write access.
Here's the thing: Browser client-sides have made people think things are
easier than they are. And even browser bugs aren't usually as easy as
THIS bug. Sheesh.
Description: OpenPGP digital signature
Dailydave mailing list
Dailydave () lists immunityinc com
- Realistically looking at "all the things" Dave Aitel (Nov 20)