Customer's project analysis: "A 3-node cluster is not possible because of network limitations (an ethernet cable only has two ends!)"

Long story short: To prove a point, I built a twisted-pair Ethernet "cable" with 3 ends. I've only gotten it to work with 10BASE-T and autonegotiation disabled though.

Disclosing CHOP, aka how attackers can bypass commodity return address protections such as stack cookies by hijacking the exception handling process. Paper to appear NDSS'23, fetch our preprint here: https://download.vusec.net/papers/chop_ndss23.pdf! Joint work of Victor Duta, Fabian Freyer, @pagabuc, @nsr, and @c_giuffrida.

Code and data available at: https://github.com/chop-project/chop.

Interested in smashing stacks or binary exploitation in general? In case you attend Backhat Europe next week, feel free to checkout Victors's and Fabian's talk "Unwinding the Stack for Fun and Profit" next Wednesday.

They will present our work on confusing the unwinder and bending exception handling for exploitation.

More info at: https://www.blackhat.com/eu-22/briefings/schedule/index.html#unwinding-the-stack-for-fun-and-profit-29449

Trying to use Twitter Spaces one last time while it's still running for the reverse engineering adventures. Tune in tomorrow at 8PM Berlin time. Tell us about the most expensive thing you bricked during security analysis and ask any question you want 💻 💥 📱

https://twitter.com/i/spaces/1mrGmkjlQkLxy