by Henry Li, Trend Micro
As we know, Control Flow Guard (CFG) is one of the default exploit mitigation technique on Windows 10 platform which significantly increases the difficulty of exploit from attackers. In windows 10, even if you have the ability of arbitrary address read/write, you must still need to find methods to bypass CFG mitigation. However, until now there is no general CFG bypassing methods, so the vulnerability of bypassing CFG is more and more important for exploit. This talk will introduce how to hunt the vulnerability of Microsoft Edge Browser to bypass the Control Flow Guard step by step.