Story of two pointers attack on LFH

This time post will be based on talk by Steven Seeley (Ghost in the allocator) and talk by Chris Valasek & Tarjei Mandt (Windows 8 Heap Internals).

I would like to focus on win8 _HEAP_USERDATA_HEADER structure, and its main perfomance feature – missing validation check per allocation from its block.

Heap Spray – HTML5 really rocks

Some moths ago, on EUSecWest 2012 (by Frederico Muttis & Anibal Sacco), was presented new technique for heap spraying inside HTML5. Main idea is using its new features :

  • WebWorker
  • Canvas
  • UInt8ClampedArray

– to spray the heap quick and efficient, and in addition manipulating data at byte level!

Bootkits brief techniques

Boot Process


Get every new post delivered to your Inbox

Join other followers: