Submit Search
Upload
09 - ROP countermeasures, can we fix this?
•
0 likes
•
687 views
A
Alexandre Moneger
Follow
* Possible mitigations * Compiler and OS protection mitigations
Read less
Read more
Engineering
Report
Share
Report
Share
1 of 7
Recommended
04 - I love my OS, he protects me (sometimes, in specific circumstances)
04 - I love my OS, he protects me (sometimes, in specific circumstances)
Alexandre Moneger
07 - Bypassing ASLR, or why X^W matters
07 - Bypassing ASLR, or why X^W matters
Alexandre Moneger
05 - Bypassing DEP, or why ASLR matters
05 - Bypassing DEP, or why ASLR matters
Alexandre Moneger
Design and implementation_of_shellcodes
Design and implementation_of_shellcodes
Amr Ali
Linux Shellcode disassembling
Linux Shellcode disassembling
Harsh Daftary
03 - Refresher on buffer overflow in the old days
03 - Refresher on buffer overflow in the old days
Alexandre Moneger
02 - Introduction to the cdecl ABI and the x86 stack
02 - Introduction to the cdecl ABI and the x86 stack
Alexandre Moneger
08 - Return Oriented Programming, the chosen one
08 - Return Oriented Programming, the chosen one
Alexandre Moneger
Recommended
04 - I love my OS, he protects me (sometimes, in specific circumstances)
04 - I love my OS, he protects me (sometimes, in specific circumstances)
Alexandre Moneger
07 - Bypassing ASLR, or why X^W matters
07 - Bypassing ASLR, or why X^W matters
Alexandre Moneger
05 - Bypassing DEP, or why ASLR matters
05 - Bypassing DEP, or why ASLR matters
Alexandre Moneger
Design and implementation_of_shellcodes
Design and implementation_of_shellcodes
Amr Ali
Linux Shellcode disassembling
Linux Shellcode disassembling
Harsh Daftary
03 - Refresher on buffer overflow in the old days
03 - Refresher on buffer overflow in the old days
Alexandre Moneger
02 - Introduction to the cdecl ABI and the x86 stack
02 - Introduction to the cdecl ABI and the x86 stack
Alexandre Moneger
08 - Return Oriented Programming, the chosen one
08 - Return Oriented Programming, the chosen one
Alexandre Moneger
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...
CODE BLUE
System Hacking Tutorial #3 - Buffer Overflow - Egg Hunting
System Hacking Tutorial #3 - Buffer Overflow - Egg Hunting
sanghwan ahn
Cisco IOS shellcode: All-in-one
Cisco IOS shellcode: All-in-one
DefconRussia
A Stealthy Stealers - Spyware Toolkit and What They Do
A Stealthy Stealers - Spyware Toolkit and What They Do
sanghwan ahn
The Art of Exploiting Unconventional Use-after-free Bugs in Android Kernel by...
The Art of Exploiting Unconventional Use-after-free Bugs in Android Kernel by...
CODE BLUE
iCloud keychain
iCloud keychain
Alexey Troshichev
System Hacking Tutorial #1 - Introduction to Vulnerability and Type of Vulner...
System Hacking Tutorial #1 - Introduction to Vulnerability and Type of Vulner...
sanghwan ahn
System Hacking Tutorial #2 - Buffer Overflow - Overwrite EIP
System Hacking Tutorial #2 - Buffer Overflow - Overwrite EIP
sanghwan ahn
Reverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande Modem
Cyber Security Alliance
Return oriented programming (ROP)
Return oriented programming (ROP)
Pipat Methavanitpong
Killing any security product … using a Mimikatz undocumented feature
Killing any security product … using a Mimikatz undocumented feature
Cyber Security Alliance
深入淺出C語言
深入淺出C語言
Simen Li
Possibility of arbitrary code execution by Step-Oriented Programming
Possibility of arbitrary code execution by Step-Oriented Programming
kozossakai
Chromium Sandbox on Linux (NDC Security 2019)
Chromium Sandbox on Linux (NDC Security 2019)
Patricia Aas
Zn task - defcon russia 20
Zn task - defcon russia 20
DefconRussia
Network security Lab manual
Network security Lab manual
Vivek Kumar Sinha
Network security mannual (2)
Network security mannual (2)
Vivek Kumar Sinha
Exploiting buffer overflows
Exploiting buffer overflows
Paul Dutot IEng MIET MBCS CITP OSCP CSTM
Humantalk Angers 14 Mars
Humantalk Angers 14 Mars
Rémi Dubois
IT6712 lab manual
IT6712 lab manual
Madhu Amarnath
第1組 用款計畫
第1組 用款計畫
小四 曾
como insertar un power poin a tu blog
como insertar un power poin a tu blog
sdfbjkgfrfbjk
More Related Content
What's hot
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...
CODE BLUE
System Hacking Tutorial #3 - Buffer Overflow - Egg Hunting
System Hacking Tutorial #3 - Buffer Overflow - Egg Hunting
sanghwan ahn
Cisco IOS shellcode: All-in-one
Cisco IOS shellcode: All-in-one
DefconRussia
A Stealthy Stealers - Spyware Toolkit and What They Do
A Stealthy Stealers - Spyware Toolkit and What They Do
sanghwan ahn
The Art of Exploiting Unconventional Use-after-free Bugs in Android Kernel by...
The Art of Exploiting Unconventional Use-after-free Bugs in Android Kernel by...
CODE BLUE
iCloud keychain
iCloud keychain
Alexey Troshichev
System Hacking Tutorial #1 - Introduction to Vulnerability and Type of Vulner...
System Hacking Tutorial #1 - Introduction to Vulnerability and Type of Vulner...
sanghwan ahn
System Hacking Tutorial #2 - Buffer Overflow - Overwrite EIP
System Hacking Tutorial #2 - Buffer Overflow - Overwrite EIP
sanghwan ahn
Reverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande Modem
Cyber Security Alliance
Return oriented programming (ROP)
Return oriented programming (ROP)
Pipat Methavanitpong
Killing any security product … using a Mimikatz undocumented feature
Killing any security product … using a Mimikatz undocumented feature
Cyber Security Alliance
深入淺出C語言
深入淺出C語言
Simen Li
Possibility of arbitrary code execution by Step-Oriented Programming
Possibility of arbitrary code execution by Step-Oriented Programming
kozossakai
Chromium Sandbox on Linux (NDC Security 2019)
Chromium Sandbox on Linux (NDC Security 2019)
Patricia Aas
Zn task - defcon russia 20
Zn task - defcon russia 20
DefconRussia
Network security Lab manual
Network security Lab manual
Vivek Kumar Sinha
Network security mannual (2)
Network security mannual (2)
Vivek Kumar Sinha
Exploiting buffer overflows
Exploiting buffer overflows
Paul Dutot IEng MIET MBCS CITP OSCP CSTM
Humantalk Angers 14 Mars
Humantalk Angers 14 Mars
Rémi Dubois
IT6712 lab manual
IT6712 lab manual
Madhu Amarnath
What's hot
(20)
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...
System Hacking Tutorial #3 - Buffer Overflow - Egg Hunting
System Hacking Tutorial #3 - Buffer Overflow - Egg Hunting
Cisco IOS shellcode: All-in-one
Cisco IOS shellcode: All-in-one
A Stealthy Stealers - Spyware Toolkit and What They Do
A Stealthy Stealers - Spyware Toolkit and What They Do
The Art of Exploiting Unconventional Use-after-free Bugs in Android Kernel by...
The Art of Exploiting Unconventional Use-after-free Bugs in Android Kernel by...
iCloud keychain
iCloud keychain
System Hacking Tutorial #1 - Introduction to Vulnerability and Type of Vulner...
System Hacking Tutorial #1 - Introduction to Vulnerability and Type of Vulner...
System Hacking Tutorial #2 - Buffer Overflow - Overwrite EIP
System Hacking Tutorial #2 - Buffer Overflow - Overwrite EIP
Reverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande Modem
Return oriented programming (ROP)
Return oriented programming (ROP)
Killing any security product … using a Mimikatz undocumented feature
Killing any security product … using a Mimikatz undocumented feature
深入淺出C語言
深入淺出C語言
Possibility of arbitrary code execution by Step-Oriented Programming
Possibility of arbitrary code execution by Step-Oriented Programming
Chromium Sandbox on Linux (NDC Security 2019)
Chromium Sandbox on Linux (NDC Security 2019)
Zn task - defcon russia 20
Zn task - defcon russia 20
Network security Lab manual
Network security Lab manual
Network security mannual (2)
Network security mannual (2)
Exploiting buffer overflows
Exploiting buffer overflows
Humantalk Angers 14 Mars
Humantalk Angers 14 Mars
IT6712 lab manual
IT6712 lab manual
Viewers also liked
第1組 用款計畫
第1組 用款計畫
小四 曾
como insertar un power poin a tu blog
como insertar un power poin a tu blog
sdfbjkgfrfbjk
下一站 實習
下一站 實習
Xi-Zhe Lin
Prince_Kumar_JAVA_Developer
Prince_Kumar_JAVA_Developer
Prince nagsen
Detección de necesidades de capacitación
Detección de necesidades de capacitación
Narcizo Uc
contenia+cover+letter+present+one
contenia+cover+letter+present+one
Contenia Mathis
CyberLab CCEH Session - 11 Session Hijacking
CyberLab CCEH Session - 11 Session Hijacking
CyberLab
CyberLab CCEH Session -12 Hacking Webservers
CyberLab CCEH Session -12 Hacking Webservers
CyberLab
CyberLab CCEH Session - 1 Introduction to Ethical Hacking
CyberLab CCEH Session - 1 Introduction to Ethical Hacking
CyberLab
君山银针
君山银针
mikejiang
評析政府開放資料
評析政府開放資料
Audrey Tang
0910 線上問卷
0910 線上問卷
佩琪 羅
The 7 Shifts
The 7 Shifts
Brian Fitzgerald
國土治理的體制與挑戰
國土治理的體制與挑戰
cettw
Cehv8 - Module 09: Social Engineering.
Cehv8 - Module 09: Social Engineering.
Vuz Dở Hơi
2016.9.10 hackfoldr課
2016.9.10 hackfoldr課
佩琪 羅
The State of Food and Agriculture 2016
The State of Food and Agriculture 2016
FAO
Viewers also liked
(17)
第1組 用款計畫
第1組 用款計畫
como insertar un power poin a tu blog
como insertar un power poin a tu blog
下一站 實習
下一站 實習
Prince_Kumar_JAVA_Developer
Prince_Kumar_JAVA_Developer
Detección de necesidades de capacitación
Detección de necesidades de capacitación
contenia+cover+letter+present+one
contenia+cover+letter+present+one
CyberLab CCEH Session - 11 Session Hijacking
CyberLab CCEH Session - 11 Session Hijacking
CyberLab CCEH Session -12 Hacking Webservers
CyberLab CCEH Session -12 Hacking Webservers
CyberLab CCEH Session - 1 Introduction to Ethical Hacking
CyberLab CCEH Session - 1 Introduction to Ethical Hacking
君山银针
君山银针
評析政府開放資料
評析政府開放資料
0910 線上問卷
0910 線上問卷
The 7 Shifts
The 7 Shifts
國土治理的體制與挑戰
國土治理的體制與挑戰
Cehv8 - Module 09: Social Engineering.
Cehv8 - Module 09: Social Engineering.
2016.9.10 hackfoldr課
2016.9.10 hackfoldr課
The State of Food and Agriculture 2016
The State of Food and Agriculture 2016
Similar to 09 - ROP countermeasures, can we fix this?
Defcon 22 - Stitching numbers - generating rop payloads from in memory numbers
Defcon 22 - Stitching numbers - generating rop payloads from in memory numbers
Alexandre Moneger
Power of linked list
Power of linked list
Peter Hlavaty
Getting started with IPv6
Getting started with IPv6
Private
Tesla Hacking to FreedomEV
Tesla Hacking to FreedomEV
Jasper Nuyens
Filip palian mateuszkocielski. simplest ownage human observed… routers
Filip palian mateuszkocielski. simplest ownage human observed… routers
Yury Chemerkin
Simplest-Ownage-Human-Observed… - Routers
Simplest-Ownage-Human-Observed… - Routers
Logicaltrust pl
us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-La...
us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-La...
sonjeku1
ACI MultiPod 구성
ACI MultiPod 구성
Woo Hyung Choi
Slackware Demystified [SELF 2011]
Slackware Demystified [SELF 2011]
Vincent Batts
IPv6 in CloudStack Basic Networking
IPv6 in CloudStack Basic Networking
Wido den Hollander
ROP ‘n’ ROLL, a peak into modern exploits
ROP ‘n’ ROLL, a peak into modern exploits
Alexandre Moneger
secure lazy binding, and the 64bit time_t development process by Philip Guenther
secure lazy binding, and the 64bit time_t development process by Philip Guenther
eurobsdcon
The true story_of_hello_world
The true story_of_hello_world
fantasy zheng
ACI MultiPod Config Guide
ACI MultiPod Config Guide
Woo Hyung Choi
06 - ELF format, knowing your friend
06 - ELF format, knowing your friend
Alexandre Moneger
Dynamische Routingprotokolle Aufzucht und Pflege - OSPF
Dynamische Routingprotokolle Aufzucht und Pflege - OSPF
Maximilan Wilhelm
Linux networking
Linux networking
Arie Bregman
Cfgmgmtcamp 2023 — eBPF Superpowers
Cfgmgmtcamp 2023 — eBPF Superpowers
Raphaël PINSON
IPv6 Security - Myths and Reality
IPv6 Security - Myths and Reality
Swiss IPv6 Council
IPv6 for Pentesters
IPv6 for Pentesters
camsec
Similar to 09 - ROP countermeasures, can we fix this?
(20)
Defcon 22 - Stitching numbers - generating rop payloads from in memory numbers
Defcon 22 - Stitching numbers - generating rop payloads from in memory numbers
Power of linked list
Power of linked list
Getting started with IPv6
Getting started with IPv6
Tesla Hacking to FreedomEV
Tesla Hacking to FreedomEV
Filip palian mateuszkocielski. simplest ownage human observed… routers
Filip palian mateuszkocielski. simplest ownage human observed… routers
Simplest-Ownage-Human-Observed… - Routers
Simplest-Ownage-Human-Observed… - Routers
us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-La...
us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-La...
ACI MultiPod 구성
ACI MultiPod 구성
Slackware Demystified [SELF 2011]
Slackware Demystified [SELF 2011]
IPv6 in CloudStack Basic Networking
IPv6 in CloudStack Basic Networking
ROP ‘n’ ROLL, a peak into modern exploits
ROP ‘n’ ROLL, a peak into modern exploits
secure lazy binding, and the 64bit time_t development process by Philip Guenther
secure lazy binding, and the 64bit time_t development process by Philip Guenther
The true story_of_hello_world
The true story_of_hello_world
ACI MultiPod Config Guide
ACI MultiPod Config Guide
06 - ELF format, knowing your friend
06 - ELF format, knowing your friend
Dynamische Routingprotokolle Aufzucht und Pflege - OSPF
Dynamische Routingprotokolle Aufzucht und Pflege - OSPF
Linux networking
Linux networking
Cfgmgmtcamp 2023 — eBPF Superpowers
Cfgmgmtcamp 2023 — eBPF Superpowers
IPv6 Security - Myths and Reality
IPv6 Security - Myths and Reality
IPv6 for Pentesters
IPv6 for Pentesters
Recently uploaded
multiple access in wireless communication
multiple access in wireless communication
panditadesh123
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
sdickerson1
Mine Environment II Lab_MI10448MI__________.pptx
Mine Environment II Lab_MI10448MI__________.pptx
Romil Mishra
Industrial Applications of Centrifugal Compressors
Industrial Applications of Centrifugal Compressors
AlirezaBagherian3
『澳洲文凭』买麦考瑞大学毕业证书成绩单办理澳洲Macquarie文凭学位证书
『澳洲文凭』买麦考瑞大学毕业证书成绩单办理澳洲Macquarie文凭学位证书
rnrncn29
Earthing details of Electrical Substation
Earthing details of Electrical Substation
stephanwindworld
TEST CASE GENERATION GENERATION BLOCK BOX APPROACH
TEST CASE GENERATION GENERATION BLOCK BOX APPROACH
Sneha Padhiar
THE SENDAI FRAMEWORK FOR DISASTER RISK REDUCTION
THE SENDAI FRAMEWORK FOR DISASTER RISK REDUCTION
jhunlian
FUNCTIONAL AND NON FUNCTIONAL REQUIREMENT
FUNCTIONAL AND NON FUNCTIONAL REQUIREMENT
Sneha Padhiar
Comparative study of High-rise Building Using ETABS,SAP200 and SAFE., SAFE an...
Comparative study of High-rise Building Using ETABS,SAP200 and SAFE., SAFE an...
Erbil Polytechnic University
Stork Webinar | APM Transformational planning, Tool Selection & Performance T...
Stork Webinar | APM Transformational planning, Tool Selection & Performance T...
Stork
Levelling - Rise and fall - Height of instrument method
Levelling - Rise and fall - Height of instrument method
Manicka Mamallan Andavar
Research Methodology for Engineering pdf
Research Methodology for Engineering pdf
CaalaaAbdulkerim
Engineering Drawing section of solid
Engineering Drawing section of solid
namansinghjarodiya
Robotics Group 10 (Control Schemes) cse.pdf
Robotics Group 10 (Control Schemes) cse.pdf
sahilsajad201
2022 AWS DNA Hackathon 장애 대응 솔루션 jarvis.
2022 AWS DNA Hackathon 장애 대응 솔루션 jarvis.
elesangwon
Prach: A Feature-Rich Platform Empowering the Autism Community
Prach: A Feature-Rich Platform Empowering the Autism Community
prachaibot
High Voltage Engineering- OVER VOLTAGES IN ELECTRICAL POWER SYSTEMS
High Voltage Engineering- OVER VOLTAGES IN ELECTRICAL POWER SYSTEMS
sandhya757531
SOFTWARE ESTIMATION COCOMO AND FP CALCULATION
SOFTWARE ESTIMATION COCOMO AND FP CALCULATION
Sneha Padhiar
Input Output Management in Operating System
Input Output Management in Operating System
Rashmi Bhat
Recently uploaded
(20)
multiple access in wireless communication
multiple access in wireless communication
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
Mine Environment II Lab_MI10448MI__________.pptx
Mine Environment II Lab_MI10448MI__________.pptx
Industrial Applications of Centrifugal Compressors
Industrial Applications of Centrifugal Compressors
『澳洲文凭』买麦考瑞大学毕业证书成绩单办理澳洲Macquarie文凭学位证书
『澳洲文凭』买麦考瑞大学毕业证书成绩单办理澳洲Macquarie文凭学位证书
Earthing details of Electrical Substation
Earthing details of Electrical Substation
TEST CASE GENERATION GENERATION BLOCK BOX APPROACH
TEST CASE GENERATION GENERATION BLOCK BOX APPROACH
THE SENDAI FRAMEWORK FOR DISASTER RISK REDUCTION
THE SENDAI FRAMEWORK FOR DISASTER RISK REDUCTION
FUNCTIONAL AND NON FUNCTIONAL REQUIREMENT
FUNCTIONAL AND NON FUNCTIONAL REQUIREMENT
Comparative study of High-rise Building Using ETABS,SAP200 and SAFE., SAFE an...
Comparative study of High-rise Building Using ETABS,SAP200 and SAFE., SAFE an...
Stork Webinar | APM Transformational planning, Tool Selection & Performance T...
Stork Webinar | APM Transformational planning, Tool Selection & Performance T...
Levelling - Rise and fall - Height of instrument method
Levelling - Rise and fall - Height of instrument method
Research Methodology for Engineering pdf
Research Methodology for Engineering pdf
Engineering Drawing section of solid
Engineering Drawing section of solid
Robotics Group 10 (Control Schemes) cse.pdf
Robotics Group 10 (Control Schemes) cse.pdf
2022 AWS DNA Hackathon 장애 대응 솔루션 jarvis.
2022 AWS DNA Hackathon 장애 대응 솔루션 jarvis.
Prach: A Feature-Rich Platform Empowering the Autism Community
Prach: A Feature-Rich Platform Empowering the Autism Community
High Voltage Engineering- OVER VOLTAGES IN ELECTRICAL POWER SYSTEMS
High Voltage Engineering- OVER VOLTAGES IN ELECTRICAL POWER SYSTEMS
SOFTWARE ESTIMATION COCOMO AND FP CALCULATION
SOFTWARE ESTIMATION COCOMO AND FP CALCULATION
Input Output Management in Operating System
Input Output Management in Operating System
09 - ROP countermeasures, can we fix this?
1.
ROP countermeasures Can
we fix this? Alex Moneger Security Engineer
2.
Position independent code
PIE: also referenced as full ASLR Randomization of base address of all segments No more gadgets to find: cisco@kali:~/src/seccon/ch9$ cc aslr.c -o aslr-pie -fpie -pie -ldl cisco@kali:~/src/seccon/ch9$ ./aslr-pie Stack base address: 0xbff3fcb4 Heap base address: 0xb975e008 Memcpy libc address: 0xb77339a0 Code section address: 0xb77bf786 Data section address: 0xb77c0af8 RO data section address: 0xb77bf880 cisco@kali:~/src/seccon/ch9$ ./aslr-pie Stack base address: 0xbfb20234 Heap base address: 0xb9082008 Memcpy libc address: 0xb76ff9a0 Code section address: 0xb778b786 Data section address: 0xb778caf8 RO data section address: 0xb778b880 © 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
3.
PIE continued
Can’t predict gadget addresses anymore Can still rely on ASLR bruteforcing Expensive at runtime (~ 25% overhead) Not widely used cisco@kali:~/src/seccon/ch9$ uname -a Linux kali 3.12-kali1-686-pae #1 SMP Debian 3.12.6-2kali1 (2014-01-06) i686 GNU/Linux cisco@kali:~/src/seccon/ch9$ sudo ~/bin/checksec.sh --proc-all | grep "PIE en" | sort -u atd 2423 Full RELRO Canary found NX enabled PIE enabled at-spi-bus-laun 24825 Full RELRO Canary found NX enabled PIE enabled bluetoothd 5965 Partial RELRO Canary found NX enabled PIE enabled dhclient 2839 Full RELRO Canary found NX enabled PIE enabled mysqld 5211 Full RELRO Canary found NX enabled PIE enabled openvpn 12791 Full RELRO Canary found NX enabled PIE enabled ssh-agent 3099 Full RELRO Canary found NX enabled PIE enabled sshd 3436 Full RELRO Canary found NX enabled PIE enabled Xorg 2468 Partial RELRO Canary found NX enabled PIE enabled © 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
4.
GNU RELRO
Full RELRO (-Wl,-z,relro,-z,now) prevents PLT/GOT overwrites All functions are resolved at startup of the program Lazy binding is not possible anymore Does not prevent GOT dereferencing of course Not very useful © 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
5.
Stack pivot detection
Check whether esp points into the stack Difficult to achieve (when to check?) Can still pivot inside the stack No known implementation (outside of research) © 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
6.
Ret detection
Detect code doing many rets Difficult to check Can still use jmp instead (much harder) No known implementation (outside of research) © 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
7.
Concerned about exploitation,
PIE is your only option © 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7