Techly NewsGet the app

Get the latest tech news

How is my Browser blocking RWX execution?


reviewing an EDR-like mechanism implemented by a popular browser

While injecting and executing successfully against something simple as notepad.exe is a nice start, the real test consists in confirming that this still works properly against more complex applications (.NET, large multi-threaded apps like browsers, etc…). I initially thought this was caused by a technicality in the target process (browsers can implement funky things, modify native DLLs, etc…) but realized this actually looked like an intentional security feature, very much similar to what an EDR would do. Any thread creation will be redirected through that jmp instruction, jumping somewhere into a custom third-party DLL that the browser loads, and for which I found very little information online (which prompted me to look deeper).

Get the Android app

Or read this on Hacker News

Read more on:

Photo of browser

browser

Photo of RWX

RWX

Photo of RWX execution

RWX execution

Related news:

News photo

Show HN: HipScript – Run CUDA in the browser with WebAssembly and WebGPU

News photo

Show HN: A singing synthesizer for the browser with automatic 3-part harmony

News photo

Firenvim – Turn the browser into a Neovim client

« US sues six of the biggest landlords over “algorithmic pricing schemes” | Six landlords added to RealPage lawsuit; Cortland settles and will cooperate.
Man Used ChatGPT To Plan Las Vegas Cybertruck Blast »