Skip to content

uf0o/Counterfeit_Object_Oriented_Programming_COOP

Folders and files

NameName
Last commit message
Last commit date

Latest commit

baa2adf · Oct 15, 2024

History

9 Commits
Sep 1, 2023
Sep 1, 2023
Sep 1, 2023
Jun 24, 2024
Jun 22, 2024

Repository files navigation

Counterfeit Object Oriented Programming (COOP)

Abstract

The main idea behind COOP is counterfeiting – that is crafting new objects in-memory from attacker-controlled payloads and to chain them together through virtual functions that are already present in the target application or in loaded libraries. Each virtual function contained in a counterfeit object is called a vfgadget and is responsible for performing a small task. Similarly to ROP, vfgadgets can perform tasks like populating a value into a register. However when grouped together, multiple vfgadgets can execute more advanced operations, like API invokation.

More information about COOP technique can be found here

Contents

This repository contains the following material:

  • COOP_PoC: A proof-of-concept application that demonstrates Counterfeit_Object_Oriented_Programming
  • CVE-2019-0539_COOP: Exploit for CVE-2019-0539 based on COOP gadgets.
  • looper_idapython.py IDAPython script that finds Looper vfgadgets
  • COOP.pdf: Presentation slide deck
  • demos: a few demo videos of the PoC application and the MS Edge CVE

Demos

poc0.mov

PoC- Invoke vfgadget that triggers WinExec

CVE-2019-0539.mov

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published