mailing list archives
From: asotirov at determina.com (Alexander Sotirov)
Date: Tue, 20 Feb 2007 19:55:26 -0800
H D Moore wrote:
Do whatever you can to see this talk, Alex's exploitation methods for
client-side exploits are second to none (my heap-fill code is sloppy
trash by comparison).
Hah, you should tell this to Dragos, I'm still waiting to find out if the talk
was accepted for CanSecWest.
The presentation is about a new technique for precise manipulation of the
controlled state before triggering a heap corruption bug. This will allow the
exploitation of very difficult heap corruption vulnerabilities with great
reliability and precision.
Even if you can't make it to the conference, check out the paper afterwards, it
will be worth it.