Previous posts: Basic definitions and registers, lab setup, offset and addressing modes, Load And Store, Branch — So far we talked about load, store and branch instructions and it is time to discuss about a (long) set of instructions that can be used to process data. …

Previous posts: Basic definitions and registers, lab setup, offset and addressing modes, Load And Store — In the previous post we talked about the ldr and str instructions which can be used to transfer data bidirectionally between a memory address and a register (or pair of registers): In this post we are going to talk about branch instructions and how they can be used in order…

Previous posts: Basic definitions and registers, lab setup, offset and addressing modes — As we discussed in the previous post: The AArch64 architecture supports a single instruction set called A64 which consists of fixed-length 32 bit instructions that can be used to: Load and store data, change the address of the next instruction to be executed, perform arithmetic or logical operations, perform a…

Lab Set up Before we start exploring the AArch64’s instruction set, let us first set up our lab and run the traditional “Hello world”, just to make things a bit more interesting. Here is a handy script which I found here to help you setup your raspberry pi testing machine: If everything…

Main Definitions ARM is an acronym for Advanced RISC Machines and if it is not followed by a noun, it refers to a family of processors (CPUs) that are designed based on the architecture developed by Arm Ltd., a British company based in Cambridge, England. RISC is another acronym which stands for…

Similarly to other heap exploitation attacks that we saw so far, the idea behind the House of Lore (HoL) is to trick malloc to return a pointer to a memory location which is controlled by the attacker. HoL (ab)uses the way that ptmalloc handles the small bin entries although the…

Few days ago I came across an interesting case of vulnerability posted at the AndroidInfoSec’s facebook page. Since there are not many references on the specific subject I decided to take a short break from my heap exploitation series and cover this topic in a blog post. Before we move…

Please let me know, if I start to sound weird…. The Author House of Spirit The specific attack was initially introduced on October 11th 2005, on the bugtraq mailing list by Phantasmal Phantasmagoria, with the title The Malloc Maleficarum. …

Exploiting a heap overflow vulnerability is not always straightforward. Between else, the allocator imposes various checks during the chunk assignment/freeing process which require extra steps in order to achieve an exploitable result. In this post we assume that we have discovered such a vulnerability and we are going to explore…