-
Notifications
You must be signed in to change notification settings - Fork 1
/
AdvancedExploitMitigation.bib
223 lines (192 loc) · 7.89 KB
/
AdvancedExploitMitigation.bib
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
%%
%% Example BiBTeX file. The file includes most publications from the
%% Karlsruhe System Architecture Group. If you are using Emacs, it is
%% strongly suggested to use bibtex-mode for editing the entries.
%%
%%
%% Use predefined strings to help make BibTeX entries consistent.
%%
@online{CVE,
author = {cvedetails.com},
note= {\url{https://www.cvedetails.com/product/32238/Microsoft-Windows-10.html} [Accessed July 2020]},
title = {Windows 10 Security Vulnerabilities},
}
@inproceedings{geometry,
title={The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86)},
author={Shacham, Hovav},
booktitle={Proceedings of the 14th ACM conference on Computer and communications security},
note = {\url{https://dl.acm.org/doi/10.1145/1315245.1315313}},
year={2007},
}
@inproceedings{gadgets,
title={Microgadgets: size does matter in turing-complete return-oriented programming},
author={Homescu, Andrei and Stewart, Michael and Larsen, Per and Brunthaler, Stefan and Franz, Michael},
booktitle={Proceedings of the 6th USENIX conference on Offensive Technologies},
note = {\url{https://www.usenix.org/system/files/conference/woot12/woot12-final9.pdf}},
year={2012},
organization={USENIX Association},
}
@article{cfgexplore,
title={Exploring control flow guard in windows 10},
author={Tang, Jack and Team, Trend Micro Threat Solution},
journal={Trend Micro Blog},
note = {\url{http://sjc1-te-ftp.trendmicro.com/assets/wp/exploring-control-flow-guard-in-windows10.pdf}},
}
@article{cfgbypass,
title={Bypass control flow guard comprehensively},
author={Yunhai Zhang},
journal={Black Hat USA},
note = {\url{https://www.blackhat.com/docs/us-15/materials/us-15-Zhang-Bypass-Control-Flow-Guard-Comprehensively-wp.pdf}},
year={2015},
}
@online{cfgbypass2,
author ={improsec},
note = {\url{https://improsec.com/tech-blog/bypassing-control-flow-guard-on-windows-10-part-ii} [Accessed July 2020]},
title = {Bypassing CFG on Windows 10},
}
@online{techrepublic,
author = {Mary Branscombe},
title = {Windows 10 Security: How the shadow stack will help to keep the hackers at bay},
date = {03.04.2020},
note = {\url{https://www.techrepublic.com/article/windows-10-security-how-the-shadow-stack-will-help-to-keep-the-hackers-at-bay/} [Accessed August 2020]},
}
@online{light,
author = {Tong Zhang},
title = {Shining Light on Shadow Stacks},
date = {04.11.2019},
note = {\url{https://zhangtong16.github.io/2019/04/11/Shining-Light-on-Shadow-Stacks/} [Accessed August 2020]},
}
@online{OSshare,
author = {Statcounter},
title = {Desktop Operating System Market Share Worldwide},
date = {04.09.2020},
note = {\url{https://gs.statcounter.com/os-market-share/desktop/worldwide} [Accessed September 2020]},
}
@online{solar,
author = {Solar Designer},
title = {Getting around non-executable Stack},
date = {10.08.1997},
note = {\url{https://seclists.org/bugtraq/1997/Aug/63} [Accessed September 2020]},
}
@online{calling,
author = {Microsoft},
title = {x64 calling convention},
date = {07.06.2020},
note = {\url{https://docs.microsoft.com/en-us/cpp/build/x64-calling-convention?view=vs-2017} [Accessed September 2020]},
}
@online{krahmer,
author = {Sebastian Krahmer},
title = {x86-64 buffer overflow exploits and the borrowed code chunks exploitation technique},
date = {28.08.2005},
note = {\url{https://users.suse.com/~krahmer/no-nx.pdf} [Accessed September 2020]},
}
@report{bypass,
author = {Vinay Katoch},
title = {Bypassing ASLR/DEP},
note = {\url{https://www.exploit-db.com/docs/english/17914-bypassing-aslrdep.pdf}},
institution = {Secfence},
}
@online{RFG,
author = {Tencent Xuanwu Lab},
title = {Return Flow Guard},
date = {02.11.2016},
note = {\url{https://xlab.tencent.com/en/2016/11/02/return-flow-guard/} [Accessed September 2020]},
}
@inproceedings{performance,
title={The performance cost of shadow stacks and stack canaries},
author={Dang, Thurston HY and Maniatis, Petros and Wagner, David},
booktitle={Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security},
note = {\url{https://people.eecs.berkeley.edu/~daw/papers/shadow-asiaccs15.pdf}},
year={2015},
}
@report{CFE,
author = {Intel},
title = {Control-flow Enforcement
Technology Specification
},
date = {May 2019},
note = {\url{https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-enforcement-technology-preview.pdf}},
}
@online{wiki,
author = {Wikipedia},
title = {Stack Buffer Overflow},
date = {14.09.2019},
note = {\url{https://en.wikipedia.org/wiki/Stack_buffer_overflow} [Accessed September 2020]},
}
@inproceedings{epilogue,
title={Back To The Epilogue: Evading Control Flow Guard via Unaligned Targets.},
author={Biondo, Andrea and Conti, Mauro and Lain, Daniele},
booktitle={NDSS},
year={2018},
}
@online{tuple,
author = {Trusted Windows},
title = {Control Flow Guard},
note = {\url{https://trustedwindows.wordpress.com/hauptseite/technik/control-flow-guard/} [Accessed September 2020]},
}
@online{ASLR,
author = {Wikipedia},
title = {Adress Space Layout Randomization},
note = {\url{https://en.wikipedia.org/wiki/Address_space_layout_randomization#Microsoft_Windows} [Accessed September 2020]},
}
@online{DEP,
author = {Microsoft},
title = { Data Execution Prevention},
note = {\url{https://docs.microsoft.com/en-us/windows/win32/memory/data-execution-prevention#:~:text=Data%20Execution%20Prevention%20(DEP)%20is,of%20memory%20as%20non%2Dexecutable.} [Accessed September 2020]},
}
@online{SS,
author = {Microsoft Techcommunity},
title = {Hardware enforced stack protection},
note = {\url{https://techcommunity.microsoft.com/t5/windows-kernel-als/understanding-hardware-enforced-stack-protection/ba-p/1247815} [Accessed September 2020]},
}
@online{CFG2,
author = {Microsoft},
title = {Control Flow Guard},
note = {\url{https://docs.microsoft.com/en-us/windows/win32/secbp/control-flow-guard} [Accessed September 2020]},
}
@online{ASLRBits,
author = {Fireeye},
title = {Six Facts about Address Space Layout Randomization on Windows},
date = {17.03.2020},
note = {\url{https://www.fireeye.com/blog/threat-research/2020/03/six-facts-about-address-space-layout-randomization-on-windows.html} [Accessed September 2020]},
}
@report{cfginternals,
author = {Unknown},
title = {Windows 10 Control Flow Guard Internals},
note = {\url{http://www.powerofcommunity.net/poc2014/mj0011.pdf}},
}
@online{ASLRBIts2,
author = {Microsoft Security Response Center},
title = {Software defense: mitigating common exploitation techniques},
date = {11.12.13},
note = {\url{https://msrc-blog.microsoft.com/2013/12/11/software-defense-mitigating-common-exploitation-techniques/} [Accessed September 2020]},
}
@online{Turing,
author = {Wikipedia},
title = {Turing-Completeness},
note = {\url{https://en.wikipedia.org/wiki/Turing_completeness} [Accessed September 2020]},
}
@inproceedings{shan,
title={Security Analysis of Processor Instruction Set Architecture for Enforcing Control-Flow Integrity},
author={Shanbhogue, Vedvyas and Gupta, Deepak and Sahita, Ravi},
booktitle={Proceedings of the 8th International Workshop on Hardware and Architectural Support for Security and Privacy},
year={2019},
note = {\url{https://cseweb.ucsd.edu/~dstefan/cse227-spring20/papers/shanbhogue:cet.pdf}},
}
@online{0x00,
author = {Unknown},
title = {Exploit Mitigation Techniques - Data Execution Prevention (DEP)},
date = {December 2017},
note = {\url{https://0x00sec.org/t/exploit-mitigation-techniques-data-execution-prevention-dep/4634} [Accessed September 2020]},
}
@online{SegFault,
author = {Wikipedia},
date = {date},
note = {\url{https://en.wikipedia.org/wiki/Segmentation_fault} [Accessed September 2020]},
}
@online{kernel,
author = {Microsoft Techcommunity},
title = {Understanding Hardware-enforced Stack Protection},
date = {24.03.2020},
note = {\url{https://techcommunity.microsoft.com/t5/windows-kernel-internals/understanding-hardware-enforced-stack-protection/ba-p/1247815} [Accessed September 2020]},
}