Going Back in Time to Abuse Android’s JIT

On the shoulders of giants, this presentation will take a deep dive into the Dalvik Virtual Machine’s JIT implementation and how it can be used and abused to execute shellcode. We will additionally take a cursory look at the JIT compiler introduced in Android Nougat, and whether or not the same techniques can be applied. Also discussed are the tools that were created in order to assist in tracing through and deconstructing the JIT compilation internals.

VerSprite's Approach to Security

At VerSprite, we approach security from a holistic risk management perspective, understanding security from business and attacker perspectives. Our approach goes beyond assessing security controls. We examine credible threats to understand the likelihood of a real-world abuse case and measure the magnitude of business impact if a breach should occur. By developing a holistic business risk view, security decisions become business decisions. Explore Security Offerings →