Presentation Title JIT-SPRAY Attacks & Advanced Shellcode
Presentation Abstract
The new versions of browsers (Internet Explorer 8 and FireFox 3.5) use permanent DEP and new versions of OS use the ASLR mechanism. All this makes the old methods of attacks impossible.
But on BlackHat DC 2010 the interesting way to bypass DEP and ASLR in browsers (not only) and Just-In-Time compilers has been presented. The method is called JIT-SPRAY. But there was no public PoC.
This presentation discloses various problems of JIT shellcode development and shows solutions for them. We will also present a JIT-SPRAY technique for DEP and ASLR bypass for Internet Explorer 8, FireFox 3.6, Acrobat Reader and others with working examples and demonstrate how to use Metasploit shellcode in this kinds of attacks. The universal shellcode (WinXP/Win2008/Win7) and the methods that make JIT SPRAY attack faster will also be presented.
About Alexey
Alexey Sintsov graduated in 2008 from Saint-Petersburg State Polytechnical University (www.spbstu-eng.ru) and now works at Digital Security, the leading IT security company in Russia. His daily work involves security audits, penetration tests and security research for the Digital Security Research Group (www.dsecrg.com). He has written articles for XAKEP magazine (www.xakep.ru) and lead their “Exploits Review” column in the past. He has also been posting vulnerabilities to the Bugtraq mailing list since 2001 and has found several 0-days in the Russian Internet banking system.