The evolution of exploiting memory vulnerabilities in Linux
The evolution of exploiting memory vulnerabilities in Linux from OWASP 2023 Global AppSec DC
This talk will provide an in-depth exploration of the process of exploiting binary files and focuses on the outdated techniques used to exploit binary hardening in the past, the rise of binary hardening and the cutting edge exploiting techniques that developed to bypass them. It provides insight into the prevalence of binary hardening in real-world applications. The presentation begins with a brief overview of the ELF structure, laying the foundation for understanding the rest of the talk. It then delves into the various types of binary hardening techniques and provides a detailed explanation of each one. We then present the developed bypass binary hardening techniques along with real-world CVEs and PoCs used to attack binaries.
Finally, we will explore how binary hardening is implemented in common platforms and provide statistical data to offer insight into its prevalence in the wild. Attendees will come away with a comprehensive understanding of each type of binary hardening, the importance of implementing them, and the value of combining them to prevent the attacks discussed.
Ofri Ouzan
Security Researcher
Ofri Ouzan is an experienced Security Researcher who has been working in the field of cybersecurity for over four years. She specializes in conducting security research for Windows, Linux, cloud platforms, and containerized applications, with a focus on vulnerabilities. In addition to her research expertise, Ofri also develops automation tools in Python and Bash.
Among her notable accomplishments is the development of the open source tool MI -X, which she presented on the Black Hat Arsenal stage during the Black Hat USA 2022 and Black Europe USA 2022
Managed by the OWASP® Foundation
https://owasp.org/
by OWASP Foundation
linux foundation
