|
|
|
|
|
|
by ActorNightly
995 days ago
|
|
|
No. In order to exploit modern memory corruptions, you have to most often send a shitload of data with significant lengths to fill up memory strategically and/or rop gadget jump addresses. None of this looks like real payloads. https://github.com/stong/how-to-exploit-a-double-free The analogy to firewalls is that you would specify the exact condition of the input for it to forward to the actual program. For example, if your endpoint receives json, you would validate the json and check each field value for valid range, ie min max number of characters and what those character values could be for each field. Just like a firewall limits who can talk to who in way. |
|
|