Arbitrary Code Mitigations and Remote Procedure Code Reuse Attacks
In an effort to increase exploit development costs, Microsoft released several mitigations that attempt to prevent attackers from achieving arbitrary code execution in the context of the protected process. What these mitigations currently prevent, however, is the execution of injected code, still allowing attackers to construct arbitrarily complex payloads by means of code reuse techniques. While current technique tends to make pure code reuse payloads difficult to write and also target specific, in this talk we will see how attackers may adopt a Remote Procedure Call based exploitation model to easily construct complex, modular, maintainable, and target independent payloads with minimal code reuse, hence keeping their exploit development costs relatively low even when lacking code injection capabilities.
Security researcher of the Information and Communication Technology Security Program (STIC) at Dr. Manuel Sadosky Foundation, Argentina. The goal of STIC is to strengthen and promote all matters pertaining to ICT security. Since joining the team, he has been focusing mostly on researching memory corruption based attacks and their mitigations, but he has also developed free and publicly available educational content, presented a workshop on software exploitation techniques, and participated in the organization of the Sadosky Foundation's Capture the Flag competition for students and other people willing to develop technical skills to begin their careers in security.