FILE Structures: Another Binary Exploitation Technique

PRESENTATION SLIDES (PDF)

WHITEPAPER (PDF)

To fight against prevalent cyber threat, more mechanisms to protect operating systems have been proposed. Specifically, approaches like DEP, ASLR, and RELRO are frequently applied on Linux to hinder memory corruption vulnerabilities. In other words, it is more difficult for adversaries to exploit bugs to undermine the system security.

In this session, we will propose a new attack technique that exploits the FILE structure in GNU C Library (Glibc), and introduce how to circumvent the protection adopted by modern operating systems. We will demonstrate techniques to break data protections and launch remote code execution. Moreover, we explore the methodology to utilize different FILE structures for attack – the so called File Stream Oriented Programming.

Despite the new mitigations in the latest version of Glibc, we will show we can still abuse the FILE structure using our approach.

CONFERENCE
Location: BALLROOM 1 Date: August 30, 2018 Time: 3:00 pm - 4:00 pm An-Jie Yang (Angelboy)