We found an attack vector against memory deduplication in Virtual Machine Monitors (VMM) where attackers can effectively leak randomized base addresses of libraries and executables in processes of neighboring Virtual Machines (VM). The attack takes advantage of the well known memory deduplication side-channel.
Cross-VM Address-Space Layout INtrospection (CAIN)
30 Jul 2015
Bypassing non-executable memory, ASLR and stack canaries on x86-64 Linux
03 May 2014
This post will walk you through the exploitation of a vulnerable program on a modern x86-64 Linux system. The program was deliberately written vulnerable and we will bypass modern exploit mitigation techniques like non-executable memory, ASLR and stack canaries. The motivation of doing this is to get a basic understanding of how memory corruption vulnerabilities can be exploited on x86-64 Linux systems under the presence of a memory leak and a stack based buffer overflow.