tags:mitigationCETCTFstack_overflow original link: IERAE CTF 2024 - Intel CET Bypass Challenge newsletter link: exploits.club Weekly Newsletter 40 - iOS Kernel Exploitation, CET Bypasses, Elgato Hardware Repair, And More


Exploits Club Summary:

What do you have a straight forward overflow but you need to bypass CET? Well that was the question posed by the Intel CET Bypass Challenge written by @hugeh0ge for IERAE CTF. @_tsuro decided to try his hand at answering that question, and lucky for us, decided to document his solution. The post talks through the approach to bypassing CET and some of the other solutions used in the challenge, both intended and unintended. It then talk through his, easier solution which involved a call to signal to re-run the main function inside a signal handler. The post then talks through the shortcomings of CET, and potential ways this bypass could have been mitigated.