CTF Handbook

Address Space Layout Randomization (ASLR)

CTF Handbook

Home
Forensics
Forensics
- Overview
- File Formats
  File Formats
  - What are File Formats
- Metadata
  Metadata
  - What is Metadata
- Wireshark
  Wireshark
  - What is Wireshark
- Steganography
  Steganography
  - What is Steganography
- Disk Imaging
  Disk Imaging
  - What is Disk Imaging
- Memory Forensics
  Memory Forensics
  - What is Memory Forensics
- Hex Editors
  Hex Editors
  - What is a Hex Editor
Cryptography
Cryptography
- Overview
- XOR
  XOR
  - What is XOR
- Substitution Cipher
  Substitution Cipher
  - What is a Substitution Cipher
  - Caesar Cipher/ROT 13
- Vigenere Cipher
  Vigenere Cipher
  - What is a Vigenere Cipher
- Hashing Functions
  Hashing Functions
  - What are Hashing Functions
- Modes of Operation
  Modes of Operation
  - What are Block Ciphers
  - What are Stream Ciphers
- RSA
  RSA
  - What is RSA
Web Exploitation
Web Exploitation
- Overview
- SQL Injection
  SQL Injection
  - What is SQL Injection
- Command Injection
  Command Injection
  - What is Command Injection
- Directory Traversal
  Directory Traversal
  - What is Directory Traversal
- Cross Site Request Forgery
  Cross Site Request Forgery
  - What is Cross Site Request Forgery
- Cross Site Scripting (XSS)
  Cross Site Scripting (XSS)
  - What is Cross Site Scripting
- Server Side Request Forgery
  Server Side Request Forgery
  - What is Server Side Request Forgery
- PHP
  PHP
  - What is PHP?
Reverse Engineering
Reverse Engineering
- Overview
- Assembly/Machine Code
  Assembly/Machine Code
  - What is Assembly/Machine Code
- The C Programming Language
  The C Programming Language
  - What is C
- Disassemblers
  Disassemblers
  - What are Disassemblers
- Debuggers
  Debuggers
  - What is GDB
- Decompilers
  Decompilers
  - What are Decompilers
Binary Exploitation
Binary Exploitation
- Overview
- Registers
  Registers
  - What are Registers
- The Stack
  The Stack
  - What is the Stack
- Calling Conventions
  Calling Conventions
  - What are Calling Conventions
- Global Offset Table (GOT)
  Global Offset Table (GOT)
  - What is the GOT
- Buffers
  Buffers
  - What are Buffers
  - Buffer Overflow
- Return Oriented Programming (ROP)
  Return Oriented Programming (ROP)
  - What is ROP
- Binary Security
  Binary Security
- The Heap
  The Heap
  - What is the Heap
  - Heap Exploitation
- Format String Vulnerability
  Format String Vulnerability
  - What is a Format String Vulnerability
FAQ
FAQ

Address Space Layout Randomization (ASLR)

Address Space Layout Randomization (or ASLR) is the randomization of the place in memory where the program, shared libraries, the stack, and the heap are. This makes can make it harder for an attacker to exploit a service, as knowledge about where the stack, heap, or libc can't be re-used between program launches. This is a partially effective way of preventing an attacker from jumping to, for example, libc without a leak.

Typically, only the stack, heap, and shared libraries are ASLR enabled. It is still somewhat rare for the main program to have ASLR enabled, though it is being seen more frequently and is slowly becoming the default.