User contributions
Jump to navigation
Jump to search
- 18:22, 10 December 2015 diff hist +140 Exploit Methods/Userspace execution
- 22:02, 18 November 2015 diff hist +47 Exploit Methods/Text overwrite →Examples current
- 21:49, 17 November 2015 diff hist +544 Kernel Self Protection Project principles
- 21:40, 17 November 2015 diff hist +129 Exploit Methods/Userspace data usage →Examples
- 01:50, 5 November 2015 diff hist +147 Bug Classes/Kernel pointer leak →Details current
- 23:25, 4 November 2015 diff hist +557 N Exploit Methods/Reused code chunks Created page with "= Details = This is more generally knows as Return Oriented Programming (ROP) or Jump Oriented Programming (JOP), but ultimately boils down to using the kernel's own executabl..."
- 23:20, 4 November 2015 diff hist +689 N Exploit Methods/Userspace data usage Created page with "= Details = Sometimes an attacker won't be able to control the instruction pointer directly, but they will be able to redirect the dereference a structure or other pointer. In..."
- 23:15, 4 November 2015 diff hist +626 N Exploit Methods/Userspace execution Created page with "= Details = Once an attacker has gain control over the instruction pointers, it must be aimed somewhere. The place where attackers have the most control over memory layout ten..."
- 23:10, 4 November 2015 diff hist +702 N Exploit Methods/Function pointer overwrite Created page with "= Details = When an attacker has a write primitive, they can start function pointers to redirect execution. Function pointers exist in a large number of places in the kernel r..."
- 23:00, 4 November 2015 diff hist +376 N Exploit Methods/Text overwrite Created page with "= Details = If an attacker has a write primitive and knows where the kernel is located in memory, they could overwrite functions to do whatever they wanted. Protecting against..."
- 22:55, 4 November 2015 diff hist +2 Exploit Methods/Kernel location →Details current
- 22:54, 4 November 2015 diff hist −2 m Exploit Methods/Kernel location →Mitigations
- 22:54, 4 November 2015 diff hist +876 N Exploit Methods/Kernel location Created page with "= Details = Finding the kernel location can be an important first step for exploitation. Without it, for example, it's harder to make kernel function calls for privilege escal..."
- 22:46, 4 November 2015 diff hist +96 Active Projects →ASLR for kernel code current
- 22:44, 4 November 2015 diff hist +641 N Bug Classes/Uninitialized variables Created page with "= Details = When variables (on either stack or heap) are used without being explicitly initialized, behavior is "undefined". In reality, "uninitialized" just means "still has ..." current
- 22:35, 4 November 2015 diff hist +5 m Kernel Self Protection Project →Mission Statement
- 22:34, 4 November 2015 diff hist +890 N Bug Classes/Kernel pointer leak Created page with "= Details = When a kernel memory address (any of text, stack, heap, etc) leaks into userspace, attackers can learn potentially sensitive information about data layout, kernel ..."
- 22:17, 4 November 2015 diff hist +613 N Bug Classes/Format string injection Created page with "= Details = When an attacker supplied string is accidentally passed to format string parsing, the attacker can manipulate the resulting output. The write primitive available ..."
- 22:11, 4 November 2015 diff hist +506 N Bug Classes/Heap overflow Created page with "= Details = Heap overflows tend to occur due to integer overflows or otherwise broken bounds checking. Exploits overwrite adjacent heap memory, or manipulate the heap metadata..." current
- 22:02, 4 November 2015 diff hist +799 N Bug Classes/Integer overflow Created page with "= Details = Integer overflows (or underflows) occur when a multiplication happens that exceeds the size that can be represented by the datatype, generally wrapping around. Th..."