Latest YouTube Video

Friday, November 18, 2016

[FD] Tetris heap spraying: spraying the heap on a budget

L.S. Over the past decade, heap sprays have become almost synonymous with exploits in web-browsers. After having developed my first practical implementation of a heap spray about ten years ago, I found that the amount of memory needed in some cases was too much for a realistic attack scenario. I needed a new kind of heap spray that did not allocate as much RAM as traditional heap sprays do. So, I developed a heap spray that uses significantly less RAM than a traditional heap spray does. In practice it uses about 33% less in most cases, but theoretically it could be much, mush less in ideal situations. This technique requires only the ability to free some of the blocks of memory used to spray the heap during spraying and should otherwise be applicable to every existing implementation. I wrote an article on my blog that describes the technical details of this technique, you can find it here: http://ift.tt/2fnwpx8 I recently used this technique in a Proof-of-Concept for a vulnerability in Microsoft Edge. You can find details about that vulnerability and the PoC here: http://ift.tt/2gmQXKm Cheers, SkyLined

Source: Gmail -> IFTTT-> Blogger

No comments: