Our Old Foes

DEP and ASLR, our old foes, pose significant challenges for exploit developers. These formidable defences thwart traditional memory-based exploits, making it harder to execute malicious code.

Reviewing DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization) is important to understanding their impact on system security. If you have studied the Offensive Security EXP-301: Windows User Mode Exploit Development course or similar DEP and ASLR should be familiar to you.

DEP is a defense mechanism that prevents the execution of code in non-executable memory regions, hindering certain memory-based attacks.

ASLR, on the other hand, randomizes the memory layout of processes, making it challenging for exploit developers to predict memory addresses accurately.

To bypass these defenses, we need to explore return-oriented programming (ROP), which involve chaining together small snippets of executable code (called gadgets) present in non-randomised regions, or offsets in randomised regions, to execute our malicious payloads.

The next two sections will serve as a reminder of DEP and ASLR.