Bypass Control Flow Guard Comprehensively

Black Hat USA 2015

Presented by: Yunhai Zhang
Date: Thursday August 06, 2015
Time: 12:10 - 13:00
Location: South Seas CDF

Control Flow Guard (CFG) is an exploit mitigation technique that Microsoft enabled in Windows 8.1 Update 3 and Windows 10 technical preview. CFG checks the target of indirect call and raises an exception if the target is invalid, thus preventing a vital step of many exploit techniques.

This talk analyses the weak-point of CFG and presents a new technique that can be used to bypass CFG comprehensively and make the prevented exploit techniques exploitable again. Furthermore, this technique is based on a generic capability, thus more exploit techniques can be developed from that capability.

Yunhai Zhang

Yunhai Zhang is a security researcher of NSFOCUS security team. He has worked on computer security for 10 years. He won the Microsoft Mitigation Bypass Bounty in 2014.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats