当前位置:天才代写 > 作业代写,留学生作业代写-北美、澳洲、英国等靠谱代写 > 沙盒逃逸代写 Sandbox Escape代写

沙盒逃逸代写 Sandbox Escape代写

2021-09-27 16:51 星期一 所属: 作业代写,留学生作业代写-北美、澳洲、英国等靠谱代写 浏览:518

沙盒逃逸代写

Sandbox Escape Proposal

沙盒逃逸代写 We choose chrome sandbox as our target sandbox. Chrome sandbox is a development and test environment for developers working on ···

Target sandbox

We choose chrome sandbox as our target sandbox. Chrome sandbox is a development and test environment for developers working on Google Chrome browser-based applications. It provides a testing and staging platform without allowing the code being tested to make changes to existing code and databases.

 

Proposed methods  沙盒逃逸代写

Since we are still researching the methods, we proposed the possible methods as follows and will determine one after we try in the future.

 

1.CVE-2020-0981 [1]

This vulnerability exists when Windows fails to properly handle token relationships. An attacker who successfully exploited the vulnerability could allow an application with a certain integrity level to execute code at a different integrity level, leading to a sandbox escape.

 

沙盒逃逸代写
沙盒逃逸代写

 

2.Chained vulnerabilities CVE-2020-15999 and CVE-2020-17087 [2]

CVE-2020-15999 is a heap buffer overflow vulnerability in Freetype and CVE-2020-17087 is a Windows kernel bug that can be exploited for privilege escalation.

CVE-2020-15999 allows an attacker to run malicious code in the browser. With CVE-2020-17087, it is possible for an attacker to break out of Chrome’s sandbox protections and run the code on Windows.   沙盒逃逸代写

 

3.CVE-2019-5782[3]

The CVE-2019-5782 was found to be a memory access error in the renderer process. This error is caused by misestimating the possible range of “arguments.length”. The JS optimizer mistakenly assumes that the maximum length of the parameter be 65534 however in fact it could be much larger than that. Based on this incorrect estimation, the optimizer will always set “arguments.length>>16” to 0 but this is not actually correct. [3]

 

References Link  沙盒逃逸代写

[1]

https://googleprojectzero.blogspot.com/2020/06/ff-sandbox-escape-cve-2020-12388.html

https://googleprojectzero.blogspot.com/2020/04/you-wont-believe-what-this-one-line.html

[2]

https://www.tenable.com/blog/cve-2020-15999-cve-2020-17087-google-chrome-microsoft-windows-kernel-zero-day-vulnerabilities-exploited-in-wild-along-with-cve-2020-16009

[3]

https://googleprojectzero.blogspot.com/2019/04/virtually-unlimited-memory-escaping.html

 

沙盒逃逸代写
沙盒逃逸代写

 

更多代写:Computer Science作业代写 雅思保分 英国cs程序代做 论文查重免费 paper代写英国 物理代考

合作平台:随笔代写 论文代写 写手招聘 英国留学生代写

 

 

天才代写-代写联系方式