>I'm focusing on, the /GS flag in Visual Studio 2005, ASLR (Address
>Space Layout Randomization) and DEP (Data Execution Prevention).
>Since I'm not a security expert I can't see any way that I might be
>able to circumvent any of those (even less so all of them together)
>but I know there are people working with these kinds of things
>(whatever their intentions are) so what I'm asking is, if there are
>any known and published stack smashing/buffer overflow attacks that
>can successfully circumvent the techniques mentioned above (either
>just one of them or a combination).
1. /GS stackguard protection places canary before frame pointer/stack
Canary value change results in security error.
The issue: /GS protects arrayas ONLY, you can also exploit BO's that are not
on the stack
2. ASLR - changes mapping of DLL, stack, heap (randomness)
Hardcoded address-based attacks prevention technique. How do we pass ASLR?
We take advantage of so-called heap spraying (suggested reading!)
3. ASLR and DEP bypassing - usage of heap spraying, exploit jumps to
existing DEP disable
code, payload is executed
If You have any doubts, please, feel free to contact me at:
Hope I helped,
HACKPL Security Labs