ARM Exploitation: Return Oriented Programming (0x64 ∧ 0x6d) ∨ 0x69
Building ROP chains to defeat data execution prevention - DEP. This series is about exploiting simple stack overflow vulnerabilities using return oriented programming (ROP) to defeat data execution prevention - DEP. There are three posts in this series. The posts got pretty dense, there is a lot of stuff to understand. If you miss anything, find bugs (language / grammar / ...), have ideas for improvements or any questions, do not hesitate to contact (via Twitter or contact page) me. I am happy to answer your questions and incorporate improvements in this post. Latest Update of this series: 03.12.2018 Changelog 03.12.2018: Added a working, prebuild environment to ease the process of getting started. 13.10.2018: Updated "Setup & Tool with hints how to initialize the Archlinux ARM keyring and commands to install the necessary packages. Also added command line switch to disable GCC stack canaries. 07.09.2018: Added note to successfully set up the bridge interface with qemu (in the first part). 1 - ARM Exploitation - Setup and Tools In the first part I describe the setup I used, which includes a set of script to build a QEMU based ArchLinux ARM environment and a vulnerable HTTP daemon.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
Romana automates cloud native network creation and secures applications with a distributed firewall.
Network Dump data Displayer and Editor framework for tcpdump trace files manipulation.
A method for profiling SSL/TLS Clients with easy-to-produce client fingerprints.
A complete suite of tools for assessing WiFi network security with capabilities for monitoring, attacking, testing, and cracking.
A tool for classifying packets into flows based on 4-tuple without additional processing.
A foundational guide for using deception against computer network adversaries using honeypots to detect adversaries before they accomplish their goals.
A program to log login attempts on Telnet (port 23) and track the Mirai botnet
Safing Portmaster is an open-source application firewall that monitors network connections, blocks trackers system-wide, and allows custom filtering rules at both global and per-application levels.
A repository of pre-defined detections for security threats and abnormal behaviors in Falco.
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.