Operator On The Wire
← Back to Knowledge Base
OOTW / Chapter II - Local / 01. Applications

Protections

ProtectionWhat It DoesWhy It Matters
NXMarks stack/heap memory as non-executable.Blocks classic stack shellcode.
ASLRRandomizes stack, heap, binary, and library locations.Forces address leaks or brute force.
PIEMakes the main binary load at a random base.Program gadgets and PLT/GOT addresses move.
Stack canaryPlaces a secret value before the saved return address.Detects many stack overflows before ret.
RELROHardens relocation/GOT behavior.Full RELRO blocks GOT overwrites.
FortifyAdds extra checks to some libc calls.May turn unsafe use into aborts.

Strategy Choices

SituationCommon Strategy
NX disabledPlace shellcode on the stack and return to it.
NX enabled, useful hidden function existsReturn-to-win.
NX enabled, libc availableret2libc.
Need to set registers firstROP chain.
PIE enabledLeak a program address, calculate binary base, then continue.
Canary enabledLeak or bypass the canary before overwriting the return address.
Full RELROGOT overwrite is blocked, but GOT reads/leaks may still be useful.