SyScan'11 TAIPEI - Modern Heap Exploitation using the Low Fragmentation Heap

توضیحات:

Exploit mitigation technologies have made reliable heap exploitation increasingly difficult since the inception of the 4-byte over write, over ten years ago. At the same time, applications needed to become more stable without using absurd amounts of memory (Who doesn't keep their web browser with multiple tabs open for days?). Heap memory management has matured over time, but with complex new code comes new opportunity for exploitation. This presentation will focus on understanding the Low Fragmentation heap on Windows 7 (32-bit). After a foundation of integral concepts is laid, new exploitation techniques will be thoroughly discussed. Finally, we will use this new found knowledge to leverage supposed non-exploitable vulnerabilities. Specifically we will cover a case study showing how to craft an exploit for the IIS FTP 7.5 denial of service (http://blogs.technet.com/b/srd/archive/2010/12/22/assessing-an-iis-ftp-7-5-unauthenticated-denial-of-service-vulnerability.aspx), resulting in full control of EIP. http://illmatics.com/FTPOwned.PNG

لغات کلیدی:

درباره ما | تماس با ما | قوانین تخته سفید