Stephan Chenette & Moti Joseph: Defeating Web Browser Heap Spray Attacks
MP4•Home de episódios
Manage episode 152211974 series 1053194
Conteúdo fornecido por Black Hat Briefings, USA 2007 [Video] Presentations from the security conference.. Todo o conteúdo do podcast, incluindo episódios, gráficos e descrições de podcast, é carregado e fornecido diretamente por Black Hat Briefings, USA 2007 [Video] Presentations from the security conference. ou por seu parceiro de plataforma de podcast. Se você acredita que alguém está usando seu trabalho protegido por direitos autorais sem sua permissão, siga o processo descrito aqui https://pt.player.fm/legal.
In 2007 black hat Europe a talk was given titled: "Heap Feng Shui in JavaScript" That presentation introduced a new technique for precise manipulation of the browser heap layout using specific sequences of JavaScript allocations. This allowed an attacker to set up the heap in any desired state and exploit difficult heap corruption vulnerabilities with more reliability and precision. Our talk is a defensive response to this new technique. We will begin with an overview of "in the wild" heap spray exploits and how we can catch them, as well other zero day exploits using our exploit-detection module. We will give an overview of the analysis engine we have built that utilizes this module and we will demonstrate scanning and detection of a "live" website hosting a heap corruption vulnerability. The talk will focus on Internet Explorer exploitation, but the general technique presented is applicable to other browsers as well.
…
continue reading
89 episódios