Description
In cybersecurity it is fundamental to know your enemy. As any
compromisation of a cyber system finds its root in an exploit of a
vulnerable of software, their mitigation requires a thorough understanding.
When studying offensive security a lot of time is naturally spent on
debugging programs to understand the different classes of exploits, such
as code injection-, code reuse- or data only-attacks.
This process can be tedious:
A lot of times probing for exploits does not yield the desired effect.
The program crashes, has to be restarted and all steps need to be
repeated to restore the possibly vulnerable state.
To speed this task up, we present a tool that simplifies this by
providing easy interaction with memory, insertion of function calls at
arbitrary points in time and the ability to fork the inspected program to avoid
restarting upon crash.
We achieve this by memory mapping an additional page of memory to which
we write instructions responsible for the added functionality, which are
then executed by setting instruction pointer to said instructions using
\code{ptrace}.
Additionally, we demonstrate how this framework can be used for
evaluating inputs for fuzzing and compare the performance of our
alternative approach with two commonly used ones to find that forking programs
at specific points in control flow is only applicable in niche contexts.
|
