Open Advanced Windows Exploitation
  • Introduction
    • Welcome
      • Subscribe
      • Contents
      • Intended Audience
      • Required Software and Tools
      • Thank You and Support
  • Custom Shellcode
    • 64-bit Architecture
      • 64-bit Enhancements
      • Calling Conventions
    • Shellcode Workflow
      • Visual Studio Code
      • Netwide Assembler
      • Windbg Preview
      • Workflow
    • Writing Shellcode
      • NULL-Free Position-Independent Shellcode
      • Finding kernel32.dll
      • Resolving Symbols
      • Finding VMAs
      • MessageBox Shellcode
      • Avoiding NULL
      • GetLastError
    • Reverse Shell
      • Exercise
      • Solution
  • Exploit Mitigations
    • Understanding the Battlefield
      • Memory Corruption
      • Vulnerability Primitives
      • Overview of Mitigations
    • Our Old Foes
      • DEP
      • ASLR
  • Memory Management
    • Memory Basics
      • Pages
      • Shared Memory
    • Memory Management
      • The Stack
      • The Heap
        • Heap Grooming and Overflow
        • Virtual Functions in C++
        • The Heap Continued
        • Kernel Mode Heap
      • Managed Memory
  • The Kernel
    • Kernel Basics
      • Kernel Structures
      • Kernel Debugging Options
      • Navigating the Kernel
      • Analysing the Kernel
    • Access Tokens
      • Access Token Basics
      • Token Theft
  • Drivers
    • Driver Basics
      • Implementing a Driver
      • Reversing Our Driver
      • A Basic User Mode Application
  • First Kernel Exploit
    • A Kernel Exploit
      • CVE 2020-17382
      • IDA Free
      • Writing A Basic Fuzzer
      • Controlling RIP
      • Meet SMEP
      • ROP to the Rescue
      • kASLR
      • Priv Esc Shellcode
    • Exploit Code
  • References
    • References
Powered by GitBook
On this page
  1. Exploit Mitigations

Our Old Foes

DEP and ASLR, our old foes, pose significant challenges for exploit developers. These formidable defences thwart traditional memory-based exploits, making it harder to execute malicious code.

Reviewing DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization) is important to understanding their impact on system security. If you have studied the Offensive Security EXP-301: Windows User Mode Exploit Development course or similar DEP and ASLR should be familiar to you.

DEP is a defense mechanism that prevents the execution of code in non-executable memory regions, hindering certain memory-based attacks.

ASLR, on the other hand, randomizes the memory layout of processes, making it challenging for exploit developers to predict memory addresses accurately.

To bypass these defenses, we need to explore return-oriented programming (ROP), which involve chaining together small snippets of executable code (called gadgets) present in non-randomised regions, or offsets in randomised regions, to execute our malicious payloads.

The next two sections will serve as a reminder of DEP and ASLR.

PreviousOverview of MitigationsNextDEP

Last updated 1 year ago