Slide 26
Slide 26 text
3rd Generation Exploitation
Halvar Flake
1st Generation Exploits
- Simple stack smashes
- Control of EIP (RET instruction)
- E.g. strcpy(), gets(), sprintf()
- Easy peasy
2nd Generation Exploits
- off-by-one
- Control of EIP (RET instruction)
- E.g. strncat(), strncpy()
- No EIP control, EBP manipulation
- Hard-to-find in nature
3rd Generation Exploits
- Format strings, Heap Structure
- E.g. printf(), malloc(), free()
- Sometimes trivial to spot
- No registers control
https://www.blackhat.com/presentations/win-usa-02/halvarflake-winsec02.ppt