Login Papers Register

Need an account to vote? Register to attend at gsec.hitb.org/sg2018/
Deadline is 30th June 2018!

<< previous next >>

FILE Structures: Another Binary Exploitation Technique

An-Jie Yang (Angeboy)

2 vote(s)

To fight against prevalent cyber threat, more mechanisms to protect operating systems have been proposed. Specifically, approaches like DEP, ASLR, and RELRO are frequently applied on Linux to hinder memory corruption vulnerabilities. In other words, it is more difficult for adversaries to exploit bugs to undermine the system security.

In this session, we will propose a new attack technique that exploits the FILE structure in GNU C Library (Glibc), and introduce how to circumvent the protection adopted by modern operating systems. We will demonstrate techniques to break data protections and launch remote code execution. Moreover, we explore the methodology to utilize different FILE structures for attack - the so called File Stream Oriented Programming.

Despite the new mitigations in the latest version of Glibc, we will show we can still abuse the FILE structure using our approach.

===

Angeboy is a member of chroot and HTICON CTF team. He is researching in linux binary exploitation, especially in heap related exploitation. He participated in a lot of ctf, such as HITB、DEFCON、Boston key party, won 2nd in DEFCON CTF 2017 and won 1st in Boston key party 2016, 2017 with HTICON CTF Team. He is also a speaker at conferences such as HITCON, VXCON.