))
Justin N. Ferguson: Understanding the Heap by Breaking It: A Case Study of the Heap as a Persistent Data Structure Through Non-traditional Exploitation Techniques
Arşivlenmiş dizi ("Etkin olmayan yayın" status)
When?
This feed was archived on November 19, 2025 20:07 (
Why? Etkin olmayan yayın status. Sunucularımız bir süredir geçerli bir podcast beslemesi alamadı
What now? You might be able to find a more up-to-date version using the search function. This series will no longer be checked for updates. If you believe this to be in error, please check if the publisher's feed link below is valid and contact support to request the feed be restored or if you have any other concerns about this.
Manage episode 152211988 series 1053194
İçerik Black Hat Briefings, USA 2007 [Video] Presentations from the security conference. tarafından sağlanmıştır. Bölümler, grafikler ve podcast açıklamaları dahil tüm podcast içeriği doğrudan Black Hat Briefings, USA 2007 [Video] Presentations from the security conference. veya podcast platform ortağı tarafından yüklenir ve sağlanır. Birinin telif hakkıyla korunan çalışmanızı izniniz olmadan kullandığını düşünüyorsanız burada https://tr.player.fm/legal özetlenen süreci takip edebilirsiniz.
Traditional exploitation techniques of overwriting heap metadata has been discussed ad-nauseum, however due to this common perspective the flexibility in abuse of the heap is commonly overlooked. This presentation examines a flaw that was found in several popular open-source applications including mod_auth_kerb (Apache Kerberos Authentication), Samba, Heimdal, OpenBSDs kerberos implementation (not exploitable), and so on, as a method for exploring
heap structure exploitation and hopefully providing a gateway to understanding the true beauty of data structure exploitation.
This focuses on the dynamic memory management implementation provided by the GNU C library, particularly ptmalloc2 and presents methods for evading certain sanity checks in the library along with previously unpublished methods for obtaining control.
…
continue reading
heap structure exploitation and hopefully providing a gateway to understanding the true beauty of data structure exploitation.
This focuses on the dynamic memory management implementation provided by the GNU C library, particularly ptmalloc2 and presents methods for evading certain sanity checks in the library along with previously unpublished methods for obtaining control.
89 bölüm
Paylaş
