Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

dailydave logo Dailydave mailing list archives

Heap Feng Shui in JavaScript
From: Alexander Sotirov <asotirov () determina com>
Date: Fri, 30 Mar 2007 11:55:50 -0700
Heap Feng Shui is the ancient art of arranging heap blocks in order to redirect
the program control flow to the shellcode. I just published the slides from my
BlackHat Europe presentation about a JavaScript implementation of this technique.

http://www.determina.com/security.research/presentations/

This work is an evolution of the heap spraying technique, but it allows precise
application data overwrites and reliable browser exploitation. It will be of
great interest to everybody working on client side exploitation.

The materials include slides, a paper and source code of a JavaScript heap
manipulation library.

Take care,
Alex
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

  By Date           By Thread  

Current thread:
  • Heap Feng Shui in JavaScript Alexander Sotirov (Mar 30)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]