Justin N. Ferguson: Understanding the Heap by Breaking It: A Case Study of the Heap as a Persistent Data Structure Through Non-traditional Exploitation Techniques
MP4•בית הפרקים
Manage episode 152211988 series 1053194
תוכן מסופק על ידי Black Hat Briefings, USA 2007 [Video] Presentations from the security conference.. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי Black Hat Briefings, USA 2007 [Video] Presentations from the security conference. או שותף פלטפורמת הפודקאסט שלהם. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.
Traditional exploitation techniques of overwriting heap metadata has been discussed ad-nauseum, however due to this common perspective the flexibility in abuse of the heap is commonly overlooked. This presentation examines a flaw that was found in several popular open-source applications including mod_auth_kerb (Apache Kerberos Authentication), Samba, Heimdal, OpenBSDs kerberos implementation (not exploitable), and so on, as a method for exploring
heap structure exploitation and hopefully providing a gateway to understanding the true beauty of data structure exploitation.
This focuses on the dynamic memory management implementation provided by the GNU C library, particularly ptmalloc2 and presents methods for evading certain sanity checks in the library along with previously unpublished methods for obtaining control.
…
continue reading
heap structure exploitation and hopefully providing a gateway to understanding the true beauty of data structure exploitation.
This focuses on the dynamic memory management implementation provided by the GNU C library, particularly ptmalloc2 and presents methods for evading certain sanity checks in the library along with previously unpublished methods for obtaining control.
89 פרקים