pm215 3 days ago

If you can already subvert the flow of execution enough to jump somewhere you shouldn't be, you probably have better targets elsewhere in the binary than a conditional branch.

Reply View 3 replies
  • Normal_gaussian 3 days ago

    Certainly true if you control the entire value; but if you can only flip a bit or two then this does provide a trampoline to increase the exploits range.

    Probably more of a "stick it in the toolbox for automatic use" rather than building an exploit around it type of situation however.

    Reply View 0 replies
  • Aurornis 3 days ago

    A common exploit technique is to use what’s called “Return Oriented Programming” to jump to different locations throughout the file to trigger little “ROP gadget” instruction combos to accomplish what you need to do.

    Reply View 0 replies