> Dr. Sergey Bratus did an excellent job of looking at how there is NO WAY TO DEFINE THE STANDARD EXECUTION PATH OF A PROGRAM.
Really? What about the information that Control Flow Guard generates? Then there's a map of "for each indirect branch, these are the allowable targets of that indirect branch." It seems that any control flow integrity system builds and describes some approximation of the "standard execution paths of a program" by design. Of course even if you get "execution path" right it doesn't even capture stuff like side channels, which I guess is what Bratus is talking about when he says "Advanced exploitation is rapidly becoming synonymous with the system operating exactly as designed — and yet getting manipulated by attackers" although I don't know if "attacks from the 70s" are really "advanced" ... On 12/09/2015 02:30 PM, Dave Aitel wrote: > http://cybersecpolitics.blogspot.com/2015/12/the-force-awakens-dec-8-wassenaar.html > > You should read that probably. Basically everyone on this list is > effected by those issues. > > -dave > > > > > _______________________________________________ > Dailydave mailing list > [email protected] > https://lists.immunityinc.com/mailman/listinfo/dailydave > _______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave
