“Weird machines” in ELF: A spotlight on the underappreciated metadata

7th USENIX Workshop on Offensive Technologies, WOOT 2013

Volumn , Issue , 2013, Pages

  Shapiro, Rebecca ^a   Bratus, Sergey ^a   Smith, Sean W ^a  

^a DARTMOUTH COLLEGE   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

DIGITAL STORAGE; METADATA; STATIC ANALYSIS;

DATA SECTIONS; DESIGN AND IMPLEMENTATIONS; NATIVE CODE; PROOF OF CONCEPT; RUNTIMES; SHELLCODE; TURING-COMPLETE;

CODES (SYMBOLS);

EID: 85084161911     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (45)

1. Brainfuck. http://esolangs.org/wiki/brainfuck.
2. ERESI Project. http://www.eresi-project.org.
3. ALBERTINI, A. Corkami reverse engineering & visual documentations. http://code.google.com/p/corkami/.
4. ANONYMOUS AUTHOR. Once upon a free(). Phrack 57:9. http://phrack.org/issues.html?issue=57&id=9.
5. ARGYROUDIS, P., AND KARAMITAS, C. Heap Exploitation. Abstraction by Example. OWASP AppSecResearch, 2012. http://census- labs.com/media/ heap- owasp- appsec- 2012.pdf.
6. BRATUS, S. Hackers and Computer Science: What Hacker Research Taught Me. 27th Chaos Communications Congress, December 2010. http://events.ccc.de/congress/2010/Fahrplan/events/3983.en.html.
7. BRATUS, S., BANGERT, J., GABROVSKY, A., SHUBINA, A., BILAR, D., AND LOCASTO, M. E. Composition Patterns of Hacking. The First International Workshop on Cyberpatterns Unifying Design Patterns with Security, Attack and Forensic Patterns, July 2012.
8. BRATUS, S., LOCASTO, M. E., PATTERSON, M. L., SASSAMAN, L., AND SHUBINA, A. Exploit Programming: from Buffer Overflows to “Weird Machines” and Theory of Computation. ;login: (December 2011).
9. CESARE, S. Runtime Kernel kmem Patching. http://althing.cs.dartmouth.edu/local/vsc07.html.
10. CESARE, S. Shared Library Call Redirection via ELF PLT Infection, Dec 2000.
11. CHEN, S., XU, J., SEZER, E. C., GAURIAR, P., AND IYER, R. K. Non-control-data attacks are realistic threats. In In USENIX Security Symposium (2005), pp. 177–192.
12. CHURCHILL, A. Magic Turing Machine v5: Rotlung Reanimator / Chancellor of the Spires. http://www.toothycat.net/∼hologram/Turing/HowItWorks.html.
13. CODE FOX. SignElf. http://sourceforge.net/projects/signelf/.
14. DULLIEN, T. Exploitation and state machines: Programming the”weird machine”, revisited. In Infiltrate Conference (Apr 2011).
15. DULLIEN, T., KORNAU, T., AND WEINMANN, R.-P. A Framework for Automated Architecture-Independent Gadget Search. In USENIX WOOT (August 2010).
16. EAGLE, C. Ripples in the Gene Pool - Creating Genetic: Mutations to Survive the Vulerability Window. Defcon 14, August 2006.
17. ELITHEELI. “stupid machines”. https://github.com/elitheeli/stupid-machines.
18. FORREST, S., SOMAYAJI, A., AND ACKLEY, D. Building diverse computer systems. In Proceedings of the 6th Workshop on Hot Topics in Operating Systems (HotOS-VI) (Washington, DC, USA, 1997), HOTOS’97, IEEE Computer Society, pp. 67–.
19. GEER, D. CyberInsecurity: The Cost of Monopoly. Computer and Communications Industry Association (CCIA) report, 2003.
20. GLÜCKSMANN, I. Injecting custom payload into signed Windows executables Analysis of the CVE-2012-0151 vulnerability. ReCON, June 2012. http://recon.cx/2012/schedule/events/246.en.html.
21. GRUGQ, AND SCUT. Armouring the ELF: Binary encryption on the UNIX platform. Phrack 58:5. http://phrack.org/issues.html?issue=58&id=5.
22. HUKU, AND ARGP. The Art of Exploitation: Exploiting VLC, a jemalloc Case Stud y. Phrack Magazine 68, 13 (Apr 2012).
23. HUND, R., HOLZ, T., AND FREILING, F. C. Return-oriented rootkits: bypassing kernel code integrity protection mechanisms. In Proceedings of the 18th USENIX Security Symposium (2009), USENIX Association, pp. 383–398.
24. JP. Advanced Doug Lea’s malloc Exploits. Phrack 61:6. http://phrack.org/issues.html?issue=61&id=6.
25. KLOG. Backdooring Binary Objects. Phrack 56:9. http://phrack.org/issues.html?issue=56&id=9.
26. KORNAU, T. A gentle introduction to return-oriented programming. http://blog.zynamics.com/2010/03/12/, March 2010. Zynamics blog.
27. LEVINE, J. Linkers and Loaders. The Morgan Kaufmann Series in Software Engineering and Programming, 1999.
28. MATZ, M., HUBICKA, J., JAEGER, A., AND MITCHELL, M. System V Application Binary Interface AMD64 Architecture Processor Supplement Draft Version 0.96, June 2005. http://www.uclibc.org/docs/psABI-x86_64.pdf.
29. MAXX. Vudo malloc Tricks. Phrack 57:8. http://phrack.org/issues.html?issue=57&id=8.
30. MAYHEM. The Cerberus ELF Interface. Phrack 61:8. http://phrack.org/issues.html?issue=61&id=8.
31. MAYHEM. Understanding Linux ELF RTLD internals. http://s.eresi-project.org/inc/articles/ elf-rtld.txt, Dec 2002.
32. NERGAL. The Advanced return-into-lib(c) Exploits: PaX Case Study. Phrack Magazine 58, 4 (Dec 2001).
33. OAKLEY, J., AND BRATUS, S. Exploiting the Hard-Working DWARF: Trojan and Exploit Techniques with No Native Executable Code. In USENIX WOOT (2011), pp. 91–102.
34. ONE, A. Smashing the Stack for Fun and Profit. Phrack 49:14. http://phrack.org/issues.html?issue=49&id=14.
35. PATTERSON, M. L., AND BRATUS, S. The Science of Insecurity. 28th Chaos Communications Congress, December 2011. http://langsec.org/.
36. REDPANTZ. The Art of Exploitation: MS IIS 7.5 Remote Heap Overflow. Phrack Magazine 68, 12 (Apr 2012).
37. RICHARTE, G. Re: Future of Buffer Overflows. Bugtraq, October 2000. http://seclists.org/bugtraq/2000/Nov/32.
38. ROEMER, R., BUCHANAN, E., SHACHAM, H., AND SAVAGE, S. Return-oriented programming: Systems, languages, and applications. ACM Trans. Inf. Syst. Secur. 15, 1 (Mar. 2012), 2:1–2:34.
39. SD, AND DEVIK. Linux On-the-fly Kernel Patching without LKM, Dec 2001.
40. SHACHAM, H. The Geometry of Innocent Flesh on the Bone: return-into-libc without Function Calls. In ACM Conference on Computer and Communications Security (2007), pp. 552–561.
41. SHELL CREW, T. E. Embedded ELF Debugging: the middle head of Cerberus. Phrack 63:9. http://phrack.org/issues.html?issue=63&id=9.
42. SKAPE. ELF binary signing and verification. ttp://www.hick.org/code/skape/papers/elfsign.txt, January 2003.
43. SKAPE. Locreate: an Anagram for Relocate. Uninformed 6 (Jan 2007).
44. THE GRUGQ. Cheating the ELF: Subversive Dynamic Linking to Libraries. althing.cs.dartmouth.edu/local/ subversiveld.pdf.
45. VELDHUIZEN, T. L. C++ Templates are Turing Complete. http://ubietylab.net/ubigraph/content/Papers/pdf/CppTuring.pdf. Indiana University Computer Science.