![]() ![]() So how do you find these bugs? The answer is fuzzing. Perhaps one to leak a DLL address to bypass ASLR and another one which overwrites an exception handler address and triggers a crash. It’s hard to end up with reliable code execution.īut before you can start building an exploit you need to trigger a bug or multiple bugs. Amongst others: Data Execution Protection (DEP: prevents your code from being executed), Address Space Layout Randomization (ASLR: where in memory is my code anyway?), Sandboxing (you need to escape this one, it limits what your code can do). There are so many mitigations to work through once you have an exploitable crash. Wow did I underestimate this one! I told myself it would take quite some time to build a reliable exploit once I found a bug in Adobe Reader. I would say, to my knowledge, that Adobe Reader, Office and the well-known internet browsers are the top 5 well known and hardest application targets to find exploitable vulnerabilities in. Also, my assumption was that it would be easier to find bugs in a PDF reader than in a browser like Chrome. The reason I chose Adobe Reader is primarily that it’s a well-known application, offering reasonable bounties for example through submission to the ZDI. I got completely hooked during Exploit Development Bootcamp, after which I treated myself to the Advanced class as well. ![]() Reverse engineering has always been a passion of mine and binary exploitation seems to get pretty close. ![]() Reading through disassemblies, walking along with code being executed in a debugger, memory corruption, etc. The reason I switched is my passion for low-level engineering. About time to write about something new and hopefully interesting! Having switched my focus from websites to binaries a new world opened up to me. ![]() It has been half a year since my last blog post covering an IDOR in a website API. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |