| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4E286738.2040908@halfdog.net> Date: Thu, 21 Jul 2011 17:51:52 +0000 From: halfdog <me@...fdog.net> To: Stefan Esser <stefan.esser@...tioneins.de> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Multipath-ROP: Tools available? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Stefan Esser wrote: > Hello, >> Does someone know about this method? If there are no tools >> available for that, I would like to create one, that uses >> markov-chains for library analysis and that should support >> multiple CPU-archs. > As far as I know there are no tools available for this. > > However I submitted a talk to HITB2011KUL about exactly this > technique applied to iPhone exploitation. So there should be a tool > for this in October. Fine. I'm looking forward to that. Funny to have the same idea. > Not only covering exploiting ASLR but also ROP payloads that work > against different devices (different library load offset by device > class/firmware version). Ok, I'm thinking to integrate this also. Having just one library at different positions in memory or different libraries should be essentially the same for such an tool. - -- http://www.halfdog.net/ PGP: 156A AE98 B91F 0114 FE88 2BD8 C459 9386 feed a bee -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFOKGcUxFmThv7tq+4RAuofAJ9/i3fbVkug5eXt429DLmQpJYAC1wCdEeHq 5L65SxnFNzI0XnMx4KT6J+c= =Q+YT -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists