NOZZLE: A Defense Against Heap- spraying Code Injection Attacks Paruj Ratanaworabhan, Cornell University Benjamin Livshits, Microsoft Research Benjamin Zorn, Microsoft Research USENIX Security Symposium 2009 A Presentation at Advanced Defense Lab
Feb 23, 2016
NOZZLE: A Defense Against Heap-spraying Code Injection Attacks
NOZZLE: A Defense Against Heap-spraying Code Injection AttacksParuj Ratanaworabhan, Cornell UniversityBenjamin Livshits, Microsoft ResearchBenjamin Zorn, Microsoft ResearchUSENIX Security Symposium 2009
A Presentation at Advanced Defense Lab1OutlineIntroduce to Heap SprayNozzle ArchitectureDesignImplementEvaluationLimitation2Advanced Defense Lab2HeapMemory CorruptionAdvanced Defense Lab3MemoryCorruptionNOP SledShellcodeStack overflow, Heap overflow, Double free, Dangling pointer,With many mechanism for stack protection3HeapHeap SprayAdvanced Defense Lab4MemoryCorruptionHeap is less predictable, and some mechanism for randomizing the heap layoutNOP SledShellcodeNOP SledShellcodeNOP SledShellcodeNOP SledShellcode
shellcode = unescape("%u4343%u4343%...''); oneblock = unescape("%u0C0C%u0C0C"); var fullblock = oneblock; while (fullblock.length