Version v0.1

lecture: Writing an exploit is easier than you think

Introduction to some attack and defense techniques


As an exercise we take a standard buffer overflow vulnerability discovered by Denis Andzakovic in the earlier version 6.14 of the TestDisk utility, and show, how can we turn it (in several steps) into an exploit that is capable of bypassing all the mitigations of Microsoft EMET.

You know the old saying: a picture is worth a thousand words, but to tell something about the details we will discuss the following defenses and attacks:

  • No protection vs Direct code execution on the stack
  • Data Execution Prevention (DEP) vs Return Oriented Programming (ROP)
  • MemProtect (EMET) vs Using VirtualAlloc to put the shellcode elsewhere
  • Caller (EMET) vs Call-preceeded gadgets
  • SimExec (EMET) vs "Jump in the middle" gadgets
  • EAF (EMET) vs Using a library to read the Export Address Table
  • All protection of EMET vs Modification of existing code


Day: 2015-07-11
Start time: 18:20
Duration: 00:40
Room: Egressy



Click here to let us know how you liked this event.

Concurrent events