A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Static PIE: How and Why - Adam Cammack & Brent Cook Derbycon 2016 (Hacking Illustrated Series InfoSec Tutorial Videos)

Static PIE: How and Why
Adam Cammack & Brent Cook
Derbycon 2016

Self-relocating executables without external dependencies (static PIE) have been an area of interest in embedded systems and defensive security research inside OpenBSD. We will explore how to create these binaries, how they are currently being used in defensive security, and novel offensive applications involving code execution in highly restricted environments. We will then demonstrate a new Metasploit payload that reflectively injects itself into running Linux processes.

Brent Cook is the Engineering Manager of Metasploit at Rapid7, an OpenBSD committer, and the portable maintainer for LibreSSL and OpenNTPD. He focuses on offensive and defensive software engineering. He has worked at BreakingPoint Systems, Ixia, Boundary, and Calxeda in hardware, firmware, and software design roles. Brent has spoken previously at Infosec Southwest 2016 and smaller meetups such as OpenBSD Hackathons and Austin Hackers Anonymous. Adam Cammack is a Software Engineer for Metasploit at Rapid7. He new to security, coming from application development with emphasis on distributed computing and systems programming. He enjoys breaking things (then fixing them) and abusing file formats. Adam has spoken at Austin Hackers Anonymous and Rapid7 trainings.

Brent Cook - @busterbcook

Back to Derbycon 2016 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast