Examples of vulnerability exploit techniques

 

Below are some of the exploit techniques that Adaptive Defense 360 can detect and block.

Some of these techniques are detected before the target application becomes compromised. Others are detected at the exploit stage, when the attacker is attempting to take advantage of a software flaw, triggering the corresponding remedial actions.

 

Heap spraying

Heap spraying is a technique used in exploits to facilitate arbitrary code execution. It involves writing a series of bytes at a predetermined location in the memory of a target process. This technique is widely used to exploit vulnerabilities in Web browsers and Web browser plug-ins,

 

ROP techniques

Return-oriented programming (ROP) is a computer security exploit technique that involves chaining together short instruction sequences already present in the compromised program. It aims to defeat some of the new protection technologies implemented in modern operating systems, such as DEP and ASLR. The attacker reuses code chunks within the existing program code to run their own arbitrary code and launch the attack.

Cyber-crooks use this technique to bypass Windows' Data Execution Prevention (DEP), a set of hardware and software technologies that perform additional checks on memory to help prevent malicious code from running on a system.

 

ASLR (Address Space Layout Randomization) and DEP (Data Execution Prevention) bypassing techniques

ASLR and DEP are technologies aimed at preventing shellcode execution and buffer overflow-driven exploits.

Microsoft introduced ASLR and DEP in Windows XP SP2, presenting them as significant and effective anti-exploit mechanisms.

However, many APTs (Advanced Persistent Threats) and zero-day attacks use techniques capable of bypassing ASLR and DEP.

These attacks are based on the attacker's ability to accurately identify the specific processes and system functions residing in a computer's memory. For an attacker to be able to exploit or take advantage of a function, they must first be able to tell the malicious code where to find the function or process to exploit.

 

 


 

Related topics

Configuring the advanced protection

Anti-exploit technology

Actions on exploits