DeepSec 2023 Talk: The Evolution of Linux Binary Exploitation: From Outdated Techniques to Sophisticated Modern Attacks – Ofri Ouzan & Yotam Perkal

Sanna/ September 28, 2023/ Conference

In the ever-evolving realm of cybersecurity, the cat-and-mouse game between attackers and defenders continues to intensify. To safeguard critical systems against malicious exploitation, the hardening of binary files has emerged as a fundamental security measure. However, no security measure remains impervious to threats, and binary hardening techniques face ongoing challenges.

This talk aims to shed light on the significance of binary hardening as a countermeasure against growing vulnerabilities. Through a comprehensive examination, we explore both traditional and contemporary binary exploitation techniques, providing real-world insights into modern exploiting methodologies that bypass protective mechanisms implemented through binary hardening.

Our research addresses the lack of accurate and complete sources of information on binary hardening, emphasizing the importance of understanding ELF file structure and attacker avoidance strategies. By encouraging vigilance among developers and defenders, we aim to raise awareness about common binary files that lack proper hardening.

Throughout the presentation, we emphasize the significance of staying updated with the latest advancements in binary hardening techniques and exploit development. With an insightful outline covering ELF overview, outdated exploitation techniques, binary hardening, implementation, exploit bypassing, and real-world case studies, this talk offers an innovative perspective on the dynamic cybersecurity landscape. Attendees will gain valuable knowledge and tools to fortify their systems against digital threats and enhance their security practices.

Additionally, we will introduce our new tool called HardenMeter. HardenMeter is an open-source Python tool carefully designed to comprehensively assess the security hardening of binaries and systems. Its robust capabilities include thorough checks of various binary exploitation protection mechanisms, including Stack Canary, RELRO, randomizations (ASLR, PIC, PIE), None Exec Stack, Fortify, ASAN, NX bit.

HardenMeter was developed after conducting extensive Binary Exploitation research, addressing the need for an accurate and precise tool that assesses binary hardening and recommends binary files that require heightened attention and monitoring.

We asked Ofri and Yotam a few more questions about their talk.

Please tell us the top 5 facts about your talk.

  1. Our presentation is rooted in extensive research we conducted on binary exploitation and hardening mechanisms. This endeavor was driven by the absence of a comprehensive and accurate source encompassing the constantly evolving landscape, prompting us to create one.
  2. Despite the introduction of numerous hardening mechanisms and barriers over the years, binary files in 2023 remain susceptible to vulnerabilities, which surprised us during our research.
  3. Our focus will encompass not only outdated binary attacks but also the evolution of sophisticated new attack methods along with their associated challenges.
  4. We will provide statistical insights into unprotected binary files within popular environments and track the evolution of vulnerabilities before and after the introduction of each hardening barrier.
  5. Our talk will unveil a new open-source Python tool, HardeningMeter.

How did you come up with it? Was there something like an initial spark that set your mind on creating this talk?

The presence of binary vulnerabilities and the development of hardening mechanisms have long been recognized by the cybersecurity community. However, the persistence of these vulnerabilities raises a fundamental question: why do they endure? This led us to embark on a journey to find answers. Despite the challenges posed by the lack of comprehensive and entirely accurate sources, we undertook an in-depth exploration. Our mission is twofold: to contribute valuable research to the cybersecurity community and to offer an accurate open-source Python tool, HardeningMeter, that aids in understanding environment security gaps.

Why do you think this is an important topic?

This topic holds enduring importance as it delves into one of the oldest and still relevant cybersecurity issues.

Is there something you want everybody to know – some good advice for our readers maybe?

Our advice is to maintain heightened awareness of your digital environment. Rather than waiting for vulnerabilities to manifest and then assessing vulnerability, adopt a proactive stance. Regularly scrutinize your environment for unprotected components or potentially exploitable binary files, and take preventative measures in a timely manner.

A prediction for the future – what do you think will be the next innovations or future downfalls when it comes to your field of expertise / your talk in particular?

The cybersecurity landscape resembles a game of cat and mouse. While we anticipate that attackers will face increased difficulty in overcoming new protections, their endeavors are far from over. Our optimism lies in the growth of awareness within the community, striving to make the attacker’s goals more challenging to achieve.

Ofri Ouzan is an experienced Security Researcher who has been working in the field of cybersecurity for over four years. She specializes in conducting security research for Windows, Linux, cloud platforms, and containerized applications, with a focus on vulnerabilities. In addition to her research expertise, Ofri also develops automation tools in Python and Bash.
Among her notable accomplishments is the development of the open source tool MI -X, which she presented on the Black Hat Arsenal stage during the Black Hat USA 2022 and Black Europe USA 2022 events.

 

Yotam leads the vulnerability research team at Rezilion, focusing on research around vulnerability validation, mitigation, and remediation. Prior to Rezilion, Yotam filled several roles at PayPal Security organization, dealing with vulnerability management, threat intelligence, and Insider threat. Additionally, Yotam takes part in several OpenSSF working groups around open-source security as well as several CISA work streams around SBOM and VEX and is also a member of the PyCon Israel organization committee. He is passionate about Cyber Security and Machine Learning and is especially intrigued by the intersection between the domains, whether it be using ML in order to help solve cybersecurity challenges or exploring the challenges in securing ML applications.

Share this Post