Story of two pointers attack on LFH

This time post will be based on talk by Steven Seeley (Ghost in the allocator) and talk by Chris Valasek & Tarjei Mandt (Windows 8 Heap Internals).

I would like to focus on win8 _HEAP_USERDATA_HEADER structure, and its main perfomance feature – missing validation check per allocation from its block.


Heap Spray – HTML5 really rocks

Some moths ago, on EUSecWest 2012 (by Frederico Muttis & Anibal Sacco), was presented new technique for heap spraying inside HTML5. Main idea is using its new features :

  • WebWorker
  • Canvas
  • UInt8ClampedArray

– to spray the heap quick and efficient, and in addition manipulating data at byte level!

Bootkits brief techniques

Boot Process


Follow

Get every new post delivered to your Inbox

Join other followers: