Pass the PMP® Exam on Your First Try — Expert-Led Training
Free courses from frontend to fullstack and AI
Overview
Google, IBM & Meta Certificates – 40% Off
One plan covers every Professional Certificate on Coursera.
Unlock All Certificates
Explore a groundbreaking presentation on identifying syscall-guard variables for data-only attacks. Delve into the challenges of control-flow protection techniques and the emergence of data-only attacks that corrupt critical non-control data. Learn about the innovative "branch force" method that intentionally flips conditional branches to detect security-related syscalls. Discover how the VIPER tool implements these ideas, successfully identifying 34 previously unknown syscall-guard variables across 13 programs. Gain insights into four new data-only attacks on sqlite and v8, demonstrating the ability to execute arbitrary commands or delete files. Understand the practicality and efficiency of this approach in spotting syscall-guard variables, with analysis completed within five minutes for most programs.
Syllabus
One Flip is All It Takes: Identifying Syscall-Guard Variables for Data-Only Attacks
Taught by
Black Hat