Monday, September 6, 2010

JIT Spraying and Mitigations

http://www.piotrbania.com/all/articles/pbania-jit-mitigations2010.pdf
(Mirror Link - http://kryptoslogic.com/download/JIT_Mitigations.pdf)

Abstract

With the discovery of new exploit techniques, novel protection mechanisms are needed as well. Mitigations like DEP (Data Execution Prevention) or ASLR (Address Space Layout Randomization) created a significantly more difficult environment for exploitation. Attackers, however, have recently researched new exploitation methods which are ca- pable of bypassing the operating system’s memory mitigations. One of the newest and most popu- lar exploitation techniques to bypass both of the aforementioned security protections is JIT memory spraying, introduced by Dion Blazakis.

In this article we will present a short overview of the JIT spraying technique and also novel mitigation methods against this innovative class of at- tacks. An anti-JIT spraying library was created as part of our shellcode execution prevention system.


---------------------------------------------------------------------

Hat-tip to HD Moore for the link.

No comments:

Post a Comment