Understanding the Current Era of Binary Exploitation

Here are five talks I enjoyed in understanding the state-of-the-art in memory corruption strategies and exploit mitigations. This should be valuable to anyone who is moving from traditional “CTF-style” exploitation and wants to know what they’re up against in today’s era.

The Layman’s Guide to Zero-Day Engineering by @gaasedelen and @itszn13 is a talk on some of the meta observations, misconceptions, and advice that’s relevant to any modern & complex reversing project. Inspiring for those diving into the deep end.

The (Memory Corruption) Safety Dance by @mdowd summarizes the state-of-the-art in mitigations and how they’ve impacted discovery and development. Explains how a 3-tiered defensive approach has driven up costs, turning a 1-week effort into months.

Mitigation Bypass: The Past, Present, and Future by @f0rgetting makes us remember how easy exploitation once was then incrementally cranks up the complexity of strategies to what’s required today. Details various bypass techniques used over time.

Modern Windows Userspace Exploitation by @amarsaar concretizes elements from @f0rgetting’s talk by solving a single CTF challenge from a Win7 env to Win10 RS5. Illustrates how powerful OS mitigations have become without a change to the codebase.

Lastly, Trends, Challenges, and Strategic Shifts in the Software Vulnerability Mitigation Landscape by @epakskape gives insight into the defensive perspective and layered strategy used to raise the bar for exploitation. Interesting data points on vulnerability trends.

In short, these talks share several themes: rising costs and timelines for discovery and development, the symmetry in layered defenses being paired with layered exploit chains, and the asymmetry in combined mitigation strength that further embrittle exploitation techniques.