tntcoda wrote:Being more specific, most modern operating systems ship with some kind of ASLR, which from what ive seen isnt at all easy to bypass. I would be interested if theres any papers on how it can actually be defeated? Plus theres things avaliable on top of this like stack protection, grsecurity and selinux locking things down further.
I would really view it right the opposite. If you can find an OS fresh out of the box, you are most likely going to be able to exploit it. The reason being is it most likely has tons of patches that has yet to be applied. This even applies to OS's that have been in production for awhile.
Corporations get caught with their pants down when lazy Admin don't keep up with patches on their servers and workstations. New exploits are constantly being found. That is why hackers are constantly scanning systems. They are looking for version numbers and patch numbers so they can see if it might have a vulnerability that hasn't been patched yet.
tntcoda wrote:So am I correct in this line of thought? I suppose crashing a program can be considered just as serious, but being able to executing arbitrary code from an OS level vulneratbility or a running process seems to be fading away? Any other attack vectors relevant to these kind of vulnerabilities?
Jack, Windows 2003 Server is still one of the easiest OS's to get a reverse shell on, even though its been out for how many years? Here is a real world example:
I did a scan on my employers servers not long after being hired in IT. I noticed they were running service pack 1 when service pack 2 had been out for quite awhile. So here I go, I hit Google and find all the exploits I can find for SP1. I get the list and take it to the network administrator and say, "I can do this, this and this and take control of that server right now. Don't you think you need to get this patched?"
That is how easy it is to exploit a OS fresh out of the box or not.