The Beast in Your Memory: Modern Exploitation Techniques and Defenses - Tutorial

Lucas Davi, Christopher Liebchen
Name of Event:
Embedded Systems Week (ESWEEK)
Amsterdam, Netherlands


Memory corruption attacks belong to the most-widely deployed attacks since almost three decades. These attacks have been already applied in the first famous Internet worm (the Morris worm in 1988). Today, they are used to compromise web browsers, launch iOS jailbreaks, and partially in zero day issues exploited in large-scale cyberattacks such as Stuxnet and Duqu. In particular, code-reuse techniques such as return-oriented programming undermine the security model of non-executable memory (the No-Execute Bit) and memory randomization. Defending against these attacks is a hot topic of research. In this tutorial, the attendees will be introduced to the state-of-the-art memory exploitation techniques and defenses. We give an overview of the main principles of memory exploitation covering stack smashing, return-into-libc, and return-oriented programming. We also elaborate on modern defenses such as control-flow integrity and memory randomization. In a hands-on lab, the attendees will construct proof-ofconcept exploits targeting mobile platforms (based on ARM).