How do Address Space Layout Randomisation (ASLR) and Data Execution Prevention (DEP) work, in terms of preventing vulnerabilities from being exploited? Can they be bypassed?

How do Address Space Layout Randomisation (ASLR) and Data Execution Prevention (DEP) work?
Address Space Layout Randomisation (ASLR) is a technology used to help prevent shellcode from being successful. It does this by randomly offsetting the location of modules and certain in-memory structures. Data Execution Prevention (DEP) prevents certain memory sectors, e.g. the stack, from being executed. When combined it becomes exceedingly difficult to exploit vulnerabilities in applications using shellcode or return-oriented programming (ROP) techniques.

/c/cybersecurity - Cybersecurity News & Discussion
!cybersecurity

    A community for technical news and discussion of cybersecurity and closely related topics.

    • 0 users online
    • 1 user / day
    • 1 user / week
    • 1 user / month
    • 11 users / 6 months
    • 74 subscribers
    • 19 Posts
    • 13 Comments
    • Modlog