The award-winning WIRED UK Podcast with James Temperton and the rest of the team. Listen every week for the an informed and entertaining rundown of latest technology, science, business and culture news. New episodes every Friday.
…
continue reading
Nội dung được cung cấp bởi Black Hat and Jeff Moss. Tất cả nội dung podcast bao gồm các tập, đồ họa và mô tả podcast đều được Black Hat and Jeff Moss hoặc đối tác nền tảng podcast của họ tải lên và cung cấp trực tiếp. Nếu bạn cho rằng ai đó đang sử dụng tác phẩm có bản quyền của bạn mà không có sự cho phép của bạn, bạn có thể làm theo quy trình được nêu ở đây https://vi.player.fm/legal.
Tương tự như Black Hat Briefings, Europe 2007 [Audio] Presentations from the security conference.
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Hungry for Technology Talk? Get All You Can Eat at the Android Buffet
…
continue reading
A weekly podcast show about Indian startups, entrepreneurs, and more! Hosted by Neil Patel & Friends
…
continue reading
Agile for Humans™ is a weekly podcast dedicated to the individuals and interactions that make agile work. The goal is to help create safe and collaborative working environments where people are empowered to do their best work.
…
continue reading
Daily update on current cyber security threats
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
We help founders make something people want.
…
continue reading
Player FM - Ứng dụng Podcast
Chuyển sang chế độ ngoại tuyến với ứng dụng Player FM !
Chuyển sang chế độ ngoại tuyến với ứng dụng Player FM !
))
Alexander Sotirov: Heap Feng Shui in JavaScript
Manage episode 152727801 series 1069449
Nội dung được cung cấp bởi Black Hat and Jeff Moss. Tất cả nội dung podcast bao gồm các tập, đồ họa và mô tả podcast đều được Black Hat and Jeff Moss hoặc đối tác nền tảng podcast của họ tải lên và cung cấp trực tiếp. Nếu bạn cho rằng ai đó đang sử dụng tác phẩm có bản quyền của bạn mà không có sự cho phép của bạn, bạn có thể làm theo quy trình được nêu ở đây https://vi.player.fm/legal.
"Heap exploitation is getting harder. The heap protection features in the latest versions of Windows have been effective at stopping the basic exploitation techniques. In most cases bypassing the protection requires a great degree of control over the allocation patterns of the vulnerable application.
This presentation introduces a new technique for precise manipulation of the browser heap layout using specific sequences of JavaScript allocations. This allows an attacker tset up the heap in any desired state and exploit difficult heap corruption vulnerabilities with great reliability and precision.
This talk will begin with an overview of the current state of browser heap exploitation and the unreliability of many heap exploits. It will continue with a discussion of Internet Explorer heap internals and the techniques for JavaScript heap manipulation. I will present a JavaScript heap exploitation library that exposes an abstract heap manipulation API. Its use will be demonstrated by exploit code for twcomplex heap corruption vulnerabilities.
The talk will focus on Internet Explorer exploitation, but the general technique presented is applicable tother browsers as well. "
Alexander Sotirov has been involved in computer security since 1998, when he started contributing tPhreedom Magazine, a Bulgarian underground technical publication. For the past nine years he has been working on reverse engineering, exploit code development and research of automated source code auditing. His most well-known work is the development of highly reliable exploits for Apache modssl, ProFTPd and Windows ASN.1. He graduated with a Masters degree in computer science in 2005. His current job is as a vulnerability researcher at Determina Inc.
…
continue reading
This presentation introduces a new technique for precise manipulation of the browser heap layout using specific sequences of JavaScript allocations. This allows an attacker tset up the heap in any desired state and exploit difficult heap corruption vulnerabilities with great reliability and precision.
This talk will begin with an overview of the current state of browser heap exploitation and the unreliability of many heap exploits. It will continue with a discussion of Internet Explorer heap internals and the techniques for JavaScript heap manipulation. I will present a JavaScript heap exploitation library that exposes an abstract heap manipulation API. Its use will be demonstrated by exploit code for twcomplex heap corruption vulnerabilities.
The talk will focus on Internet Explorer exploitation, but the general technique presented is applicable tother browsers as well. "
Alexander Sotirov has been involved in computer security since 1998, when he started contributing tPhreedom Magazine, a Bulgarian underground technical publication. For the past nine years he has been working on reverse engineering, exploit code development and research of automated source code auditing. His most well-known work is the development of highly reliable exploits for Apache modssl, ProFTPd and Windows ASN.1. He graduated with a Masters degree in computer science in 2005. His current job is as a vulnerability researcher at Determina Inc.
19 tập
Alexander Sotirov: Heap Feng Shui in JavaScript
Black Hat Briefings, Europe 2007 [Audio] Presentations from the security conference.
Chia sẻ
Manage episode 152727801 series 1069449
Nội dung được cung cấp bởi Black Hat and Jeff Moss. Tất cả nội dung podcast bao gồm các tập, đồ họa và mô tả podcast đều được Black Hat and Jeff Moss hoặc đối tác nền tảng podcast của họ tải lên và cung cấp trực tiếp. Nếu bạn cho rằng ai đó đang sử dụng tác phẩm có bản quyền của bạn mà không có sự cho phép của bạn, bạn có thể làm theo quy trình được nêu ở đây https://vi.player.fm/legal.
"Heap exploitation is getting harder. The heap protection features in the latest versions of Windows have been effective at stopping the basic exploitation techniques. In most cases bypassing the protection requires a great degree of control over the allocation patterns of the vulnerable application.
This presentation introduces a new technique for precise manipulation of the browser heap layout using specific sequences of JavaScript allocations. This allows an attacker tset up the heap in any desired state and exploit difficult heap corruption vulnerabilities with great reliability and precision.
This talk will begin with an overview of the current state of browser heap exploitation and the unreliability of many heap exploits. It will continue with a discussion of Internet Explorer heap internals and the techniques for JavaScript heap manipulation. I will present a JavaScript heap exploitation library that exposes an abstract heap manipulation API. Its use will be demonstrated by exploit code for twcomplex heap corruption vulnerabilities.
The talk will focus on Internet Explorer exploitation, but the general technique presented is applicable tother browsers as well. "
Alexander Sotirov has been involved in computer security since 1998, when he started contributing tPhreedom Magazine, a Bulgarian underground technical publication. For the past nine years he has been working on reverse engineering, exploit code development and research of automated source code auditing. His most well-known work is the development of highly reliable exploits for Apache modssl, ProFTPd and Windows ASN.1. He graduated with a Masters degree in computer science in 2005. His current job is as a vulnerability researcher at Determina Inc.
…
continue reading
This presentation introduces a new technique for precise manipulation of the browser heap layout using specific sequences of JavaScript allocations. This allows an attacker tset up the heap in any desired state and exploit difficult heap corruption vulnerabilities with great reliability and precision.
This talk will begin with an overview of the current state of browser heap exploitation and the unreliability of many heap exploits. It will continue with a discussion of Internet Explorer heap internals and the techniques for JavaScript heap manipulation. I will present a JavaScript heap exploitation library that exposes an abstract heap manipulation API. Its use will be demonstrated by exploit code for twcomplex heap corruption vulnerabilities.
The talk will focus on Internet Explorer exploitation, but the general technique presented is applicable tother browsers as well. "
Alexander Sotirov has been involved in computer security since 1998, when he started contributing tPhreedom Magazine, a Bulgarian underground technical publication. For the past nine years he has been working on reverse engineering, exploit code development and research of automated source code auditing. His most well-known work is the development of highly reliable exploits for Apache modssl, ProFTPd and Windows ASN.1. He graduated with a Masters degree in computer science in 2005. His current job is as a vulnerability researcher at Determina Inc.
19 tập
Wszystkie odcinki
×
Chào mừng bạn đến với Player FM!
Player FM đang quét trang web để tìm các podcast chất lượng cao cho bạn thưởng thức ngay bây giờ. Đây là ứng dụng podcast tốt nhất và hoạt động trên Android, iPhone và web. Đăng ký để đồng bộ các theo dõi trên tất cả thiết bị.
Tương tự như Black Hat Briefings, Europe 2007 [Audio] Presentations from the security conference.
The award-winning WIRED UK Podcast with James Temperton and the rest of the team. Listen every week for the an informed and entertaining rundown of latest technology, science, business and culture news. New episodes every Friday.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Hungry for Technology Talk? Get All You Can Eat at the Android Buffet
…
continue reading
A weekly podcast show about Indian startups, entrepreneurs, and more! Hosted by Neil Patel & Friends
…
continue reading
Agile for Humans™ is a weekly podcast dedicated to the individuals and interactions that make agile work. The goal is to help create safe and collaborative working environments where people are empowered to do their best work.
…
continue reading
Daily update on current cyber security threats
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
We help founders make something people want.
…
continue reading
Player FM - Ứng dụng Podcast
Chuyển sang chế độ ngoại tuyến với ứng dụng Player FM !
Chuyển sang chế độ ngoại tuyến với ứng dụng Player FM !
