Justin N. Ferguson: Understanding the Heap by Breaking It: A Case Study of the Heap as a Persistent Data Structure Through Non-traditional Exploitation Techniques - podcast episode cover

Justin N. Ferguson: Understanding the Heap by Breaking It: A Case Study of the Heap as a Persistent Data Structure Through Non-traditional Exploitation Techniques

Black Hat Briefings, USA 2007 [Video] Presentations from the security conference.
Jan 09, 200647 min
--:--
--:--
Listen in podcast apps:
Metacast
Spotify
Youtube
RSS
Download Metacast podcast app
Listen to this episode in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more

Episode description

Traditional exploitation techniques of overwriting heap metadata has been discussed ad-nauseum, however due to this common perspective the flexibility in abuse of the heap is commonly overlooked. This presentation examines a flaw that was found in several popular open-source applications including mod_auth_kerb (Apache Kerberos Authentication), Samba, Heimdal, OpenBSDs kerberos implementation (not exploitable), and so on, as a method for exploring
heap structure exploitation and hopefully providing a gateway to understanding the true beauty of data structure exploitation.

This focuses on the dynamic memory management implementation provided by the GNU C library, particularly ptmalloc2 and presents methods for evading certain sanity checks in the library along with previously unpublished methods for obtaining control.
For the best experience, listen in Metacast app for iOS or Android
Open in Metacast
Justin N. Ferguson: Understanding the Heap by Breaking It: A Case Study of the Heap as a Persistent Data Structure Through Non-traditional Exploitation Techniques | Black Hat Briefings, USA 2007 [Video] Presentations from the security conference. podcast - Listen or read transcript on Metacast