Evolution of exploitation and exploit mitigation

Vulnerability exploitation and its mitigation technologies have always been important in vulnerability offense and defense research.Major operating systems and compilers provide support for exploit mitigation.This paper summarizes research on heap protection,address randomization,sandbox protection and other related technologies which have been developed.Among them,the three rounds of combat for GS and SafeSEH for stack protection focus on both offensive and defensive strategies.ROP,DeActive,Spray breakthroughs and counterattacking are analyzed to illustrate the evolution of data execution prevention.The truncation attack vector is used to monitor data integration destruction,undermine reliable exploitation,prevent control flow redirection,and isolate failure risk.Current exploit mitigation methods use data integrity testing protection,memory features removal based protection,execution control based protection,and fault isolation protection.The lack of bypass protection and other protection measure make existing mitigation methods less effective for protecting data flow hijacking and compound attack vectors.