Buffer overflow protection has always interested me and when I first discovered NX I was worried it could signal the end of the security community. After spending several weeks tearing it apart I discovered I had nothing to fear. At first the only attacks I could get to work were the standard lame return-to-libc attacks everyone has done. Actually before that I had to figure out exactly what was being protected and when. This became quite confusing with optin and out policies and things like PAE to consider. Even with chaining several return-to-libc calls together I was still getting no help with the heap. After learning that on windows the exceptions generated by NX were handled by the exception handler chain I knew an evasion solution could not be far off.

Much like generic API Hookers, the first downfall came in the form bad coverage of code. Once this was discovered NX protection suddenly morphed into swiss cheese and I was able to get many different types of heap attacks working. After spending most of the time on Windows I found that the linux implementation had several of the same systemic problems but were often harder to exploit because of other security technologies bundled in. The linux portion of my speech focuses on NX and not things like libc randomization.

We think antivirus companies have a hard job keeping computers safe from hackers. Internet hackers are sneaky and it is generally good to keep them away. Most of us have antivirus software installed on our systems to help keep hackers out.

However, current research has shown antivirus (1, 2, 3, 4) is also vulnerable to internet hackers. Doh! At first this may be frustrating to discover hackers can exploit the very thing supposedly protecting you. Not cool. Talk about an “INTERNET HACKING ALERT”, right?! Settle down there partner ;-)

We have invented a new form of protection to keep you safe: “Anti-Anti-Virus”. This revolutionary software will protect your antivirus software from internet hackers. Now you can safely surf the internet and get e-mail because your system’s antivirus is protected from hackers by “Anti-Anti-Virus”. This is pretty sweet technology and should be out of beta shortly.

And for those thinking ahead: We are already in the process of architecting a new breed of software to protect “Anti-Anti-Virus” from internet hackers. After all it’s just a matter of time… It will tentatively be called: “Anti-Anti-Anti-Virus”.