GSR-IconBannerAd_v1d

Security Advisories

Trustwave Press Releases

« SpiderLabs Radio: May 15, 2014 | Main | DEFCON 22 CTF Qualifiers Writeup »

20 May 2014

Comments

Markwo: The binary isn't position-independent. This technique doesn't work with PIE since we wouldn't know the address of PLT beforehand. With a position-dependent executable and ASLR, the position of the stack, heap, and libc are still randomized. Note also that the binary was compiled using -fno-stack-protector, so stack canaries are also not present.

It doesn't look like your app was compiled & linked as position-independent code, so ASLR is not enforced?

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment