Hacking Blind

@article{Bittau2014HackingB,
  title={Hacking Blind},
  author={Andrea Bittau and Adam Belay and Ali Jos{\'e} Mashtizadeh and David Mazi{\`e}res and Dan Boneh},
  journal={2014 IEEE Symposium on Security and Privacy},
  year={2014},
  pages={227-242}
}
We show that it is possible to write remote stack buffer overflow exploits without possessing a copy of the target binary or source code, against services that restart after a crash. This makes it possible to hack proprietary closed-binary services, or open-source servers manually compiled and installed from source where the binary remains unknown to the attacker. Traditional techniques are usually paired against a particular binary and distribution where the hacker knows the location of useful… CONTINUE READING

Citations

Publications citing this paper.
SHOWING 1-10 OF 120 CITATIONS

Securing software systems by preventing information leaks

VIEW 12 EXCERPTS
CITES BACKGROUND & METHODS
HIGHLY INFLUENCED

Advanced code reuse attacks against modern defences

VIEW 14 EXCERPTS
CITES BACKGROUND
HIGHLY INFLUENCED

MIRAGE: Randomizing large chunk allocation via dynamic binary instrumentation

  • 2017 IEEE Conference on Dependable and Secure Computing
  • 2017
VIEW 4 EXCERPTS
CITES METHODS
HIGHLY INFLUENCED

Reasoning about Probabilistic Defense Mechanisms against Remote Attacks

  • 2017 IEEE European Symposium on Security and Privacy (EuroS&P)
  • 2017
VIEW 18 EXCERPTS
CITES BACKGROUND
HIGHLY INFLUENCED

Poking Holes in Information Hiding

VIEW 7 EXCERPTS
CITES BACKGROUND
HIGHLY INFLUENCED

Defeating code reuse attacks with minimal tagged architecture

VIEW 14 EXCERPTS
CITES RESULTS, METHODS & BACKGROUND
HIGHLY INFLUENCED

FILTER CITATIONS BY YEAR

2014
2019

CITATION STATISTICS

  • 35 Highly Influenced Citations

  • Averaged 15 Citations per year from 2017 through 2019

  • 11% Increase in citations per year in 2019 over 2018

References

Publications referenced by this paper.
SHOWING 1-10 OF 21 REFERENCES

On the effectiveness of address-space randomization

  • ACM Conference on Computer and Communications Security
  • 2004
VIEW 13 EXCERPTS

Mwr labs pwn2own 2013 write-up - webkit exploit

M. Labes
  • [Online]. Available:
  • 2013
VIEW 1 EXCERPT

ILR: Where'd My Gadgets Go?

  • 2012 IEEE Symposium on Security and Privacy
  • 2012
VIEW 1 EXCERPT