Index Terms
- Attacking a problem from the middle: technical perspective
Recommendations
Attacking dynamic code
The Continuing Arms RaceTypically, code-reuse attacks exhibit unique characteristics in the control flow (and the data flow) that allow for generic protections, regardless of the language an application was programmed in. For example, if one can afford to monitor all return ...
Off-path attacking the web
WOOT'12: Proceedings of the 6th USENIX conference on Offensive TechnologiesWe show how an off-path (spoofing-only) attacker can perform cross-site scripting (XSS), cross-site request forgery (CSRF) and site spoofing/defacement attacks, without requiring vulnerabilities in either web-browser or server, and circumventing known ...
Comments