Via Alexander Sotirov of Determina -
Heap Feng Shui is the ancient art of arranging heap blocks in order toredirectthe program control flow to the shellcode.
I just published the slidesfrom myBlackHat Europe presentation about a JavaScript implementation of this technique.
http://www.determina.com/security.research/presentations/
This work is an evolution of the heap spraying technique, but it allowspreciseapplication data overwrites and reliable browser exploitation. It will be ofgreat interest to everybody working on client side exploitation.The materials include slides, a paper and source code of a JavaScript heapmanipulation library.
No comments:
Post a Comment