Series B — Session 10: Exploitation Reality (Memory Corruption & Chaining)

Objective - Ground engineers in realistic exploitation paths: memory corruption, chaining vulnerabilities, and the limits of crypto under system compromise.

Prereqs - Familiarity with C/C++ concepts and common mitigations (ASLR, stack canaries).

Correct Path (teaching sequence)

1. Demonstrate a simple memory corruption (e.g., buffer overflow) in an isolated test program and observe control flow hijack.
2. Show how an attacker uses a corrupted process to exfiltrate keys or escalate privileges if protections are missing.
3. Map mitigations: CFI, ASLR, stack canaries, RELRO, least privilege, and sandboxing.

Break Case (single-variable change) - Disable one mitigation (e.g., compile without stack canaries); show that an exploit requires fewer steps to succeed.

Observation - Single mitigations raise attacker cost but do not fully prevent exploitation; defense-in-depth is required.

Why - Crypto assumes a non‑compromised execution environment; when the system is compromised, crypto can be bypassed through key extraction or API misuse.

Hard Rules - Apply memory safety mitigations and reduce attack surface to limit exploitation paths. - Assume that if userland is compromised, additional system-level controls (TEE/HW keys, attestation) are necessary to protect secrets. - Regularly run fuzzing and static analysis on critical components.

Homework - List the critical IVI components that must be hardened and propose which mitigations to apply to each.