Thats cool... id like to see more about using rop chains or other methods to bypass dep+aslr in one go... rather than just take out one protection.. pretty nice read..cheers xd
2011/10/12 Stéfan LE BERRE <[email protected]> > Hi !**** > > ** ** > > I have recently discovered a method to bypass Windows 7 kernel ASLR.**** > > You can find the paper here: > http://www.nes.fr/docs/NES-BypassWin7KernelAslr.pdf**** > > ** ** > > In this paper I explain every step to code an exploit with an useful kernel > ASLR bypassing. I perform successful exploitations on Windows 7 SP0 / SP1. > **** > > ** ** > > Good reading,**** > > ** ** > > Best regards,**** > > ** ** > > LE BERRE Stefan.**** > > IT Security Researcher**** > > NES http://www.nes.fr – http://ww.nes.fr/securitylab/**** > > 46 rue de provence**** > > 75009 PARIS**** > > ** ** > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
