Back To The Future - Going Back In Time To Abuse Android's JIT
All Your Browsers Belong To Us - Infiltrate 2016
On the shoulders of giants, this presentation will take a deep dive into the Dalvik Virtual Machine's JIT implementation and how it can be used and abused to execute shellcode. We will additionally take a cursory look at the JIT compiler introduced in Android Nougat, and whether or not the same techniques can be applied. Also discussed are the tools that were created in order to assist in tracing through and deconstructing the JIT compilation internals.
The age of Android is upon us, and is taking no prisoners. More and more
Android users flock to the Google Play Store and rummage through apps,
searching for the new hotness to download and install on their devices.
What they don’t know will kill them … nah not really, but they’re probably
going to have a bad time.
This presentation will take a deep dive into the pervasiveness of
vulnerability patterns that riddle the most popular of Android Web
Browsers, and the techniques can be used to exploit them. Multiple
browsers will be used to demonstrate many of the abuse cases, a methodology
for vulnerability research and exploit development.