Black Hat USA 2025 | Breaking Control Flow Integrity by Abusing Modern C++ скачать в хорошем качестве

Black Hat USA 2025 | Breaking Control Flow Integrity by Abusing Modern C++

Control Flow Integrity (CFI) has emerged as the definitive defense against code-reuse attacks, enforcing strict execution flow checks that effectively stop classic exploitation techniques like Return-Oriented Programming (ROP). Today, CFI defenses—such as Intel CET, Control Flow Guard and LLVM CFI—are already present in everyday systems, and their widespread adoption marks a new era where most binary exploitation attacks are significantly mitigated. In this talk, we will present Coroutine Frame-Oriented Programming (CFOP), a novel exploitation technique that bypasses the leading CFI defenses—including CET, CFG and LLVM CFI—on both Linux and Windows, across all major compilers. CFOP arises from a key insight: while CFI effectively stops well-known attack vectors like return address hijacking, programming languages continue to evolve and introduce new weak points, which CFI is not ready to handle. Notably, despite rigorous standardization, C++20 coroutines present weaknesses that undermine these CFI defenses. Coroutines are already present in major software projects (such as popular databases), and with CFOP we demonstrate how to practically exploit them in a post-CFI world—highlighting the need for continuously adapting CFI defenses to evolve alongside new programming paradigms. By: Marcos Bajo | PhD Student, CISPA Helmholtz Center for Information Security Christian Rossow Presentation Materials Available at: https://blackhat.com/us-25/briefings/...