Submit Search
Upload
Memory Corruption Heap
•
Download as PPT, PDF
•
2 likes
•
1,193 views
codevania
Follow
Technology
Education
Report
Share
Report
Share
1 of 45
Download now
Recommended
ret2lib without information leak
Return to dlresolve
Return to dlresolve
Angel Boy
Sigreturn Oriented Programming Angelboy @ bamboofox
Sigreturn Oriented Programming
Sigreturn Oriented Programming
Angel Boy
Practical Windows Kernel Exploitation slides from DerbyCon 5.0 2015
Practical Windows Kernel Exploitation
Practical Windows Kernel Exploitation
zeroSteiner
2016 Inc0gnito Seminar Heap Exploitation Explanation fastbin_dup, house of force, poison null byte
How2heap
How2heap
Seonghwan Cho
延續先前的 heap exploitation 再增加一些常見的 heap 漏洞利用的技巧
Advanced heap exploitaion
Advanced heap exploitaion
Angel Boy
"Using the CGC's Fully Automated Vulnerability Detection Tools in Security Evaluation and Its Effectiveness - Are Tools Good for Hackers Good for Security Evaluators? -" @ CODE BLUE 2016, Tokyo, Japan (October 20, 2016)
Using the CGC's Fully Automated Vulnerability Detection Tools in Security Eva...
Using the CGC's Fully Automated Vulnerability Detection Tools in Security Eva...
Seungjoo Kim
Heap exploitation in glibc malloc
Heap exploitation
Heap exploitation
Angel Boy
Past few years our team was focusing on different operating systems including Microsoft windows kernel. Honestly our first pwn at Windows kernel was not that challenging. Number of available targets with friendly environment for straightforward pwn, from user up to reliable kernel code execution. However, step by step, security policies continue to evolve, and it becomes more troublesome to choose ideal attack surface from various sandboxes. In addition, what steps to follow for digging security holes is highly dependent upon the chosen target. In general, a few common strategies are available for researchers to choose: e.g choose “unknown” one which hasn’t been researched before; Select well fuzzed or well audited one, or research on kernel module internals to find “hidden” attack surfaces which are not explicitly interconnected. In the first part of the talk we introduce our methodology of selecting, alongside with cost of tricks around to choose seemingly banned targets, illustrated by notable examples. After getting hands on potential bug available from targeted sandbox, it is time for Microsoft windows taking hardening efforts to put attacker into corner. Strong mitigations are being introduced more frequently than ever, with promising direction which cuts lots of attack surface off, and a several exploitation techniques being killed. We will show difficulties of developing universal exploitation techniques, and demonstrate needed technical level depending on code quality of target. We will examine how different it becomes with era of Redstone and following versions even with those techniques and good vulnerability in hand. How it changed attacker landscape and how it will (and will not) kill those techniques and applications. However will it really change the game or not?
You didnt see it’s coming? "Dawn of hardened Windows Kernel"
You didnt see it’s coming? "Dawn of hardened Windows Kernel"
Peter Hlavaty
Recommended
ret2lib without information leak
Return to dlresolve
Return to dlresolve
Angel Boy
Sigreturn Oriented Programming Angelboy @ bamboofox
Sigreturn Oriented Programming
Sigreturn Oriented Programming
Angel Boy
Practical Windows Kernel Exploitation slides from DerbyCon 5.0 2015
Practical Windows Kernel Exploitation
Practical Windows Kernel Exploitation
zeroSteiner
2016 Inc0gnito Seminar Heap Exploitation Explanation fastbin_dup, house of force, poison null byte
How2heap
How2heap
Seonghwan Cho
延續先前的 heap exploitation 再增加一些常見的 heap 漏洞利用的技巧
Advanced heap exploitaion
Advanced heap exploitaion
Angel Boy
"Using the CGC's Fully Automated Vulnerability Detection Tools in Security Evaluation and Its Effectiveness - Are Tools Good for Hackers Good for Security Evaluators? -" @ CODE BLUE 2016, Tokyo, Japan (October 20, 2016)
Using the CGC's Fully Automated Vulnerability Detection Tools in Security Eva...
Using the CGC's Fully Automated Vulnerability Detection Tools in Security Eva...
Seungjoo Kim
Heap exploitation in glibc malloc
Heap exploitation
Heap exploitation
Angel Boy
Past few years our team was focusing on different operating systems including Microsoft windows kernel. Honestly our first pwn at Windows kernel was not that challenging. Number of available targets with friendly environment for straightforward pwn, from user up to reliable kernel code execution. However, step by step, security policies continue to evolve, and it becomes more troublesome to choose ideal attack surface from various sandboxes. In addition, what steps to follow for digging security holes is highly dependent upon the chosen target. In general, a few common strategies are available for researchers to choose: e.g choose “unknown” one which hasn’t been researched before; Select well fuzzed or well audited one, or research on kernel module internals to find “hidden” attack surfaces which are not explicitly interconnected. In the first part of the talk we introduce our methodology of selecting, alongside with cost of tricks around to choose seemingly banned targets, illustrated by notable examples. After getting hands on potential bug available from targeted sandbox, it is time for Microsoft windows taking hardening efforts to put attacker into corner. Strong mitigations are being introduced more frequently than ever, with promising direction which cuts lots of attack surface off, and a several exploitation techniques being killed. We will show difficulties of developing universal exploitation techniques, and demonstrate needed technical level depending on code quality of target. We will examine how different it becomes with era of Redstone and following versions even with those techniques and good vulnerability in hand. How it changed attacker landscape and how it will (and will not) kill those techniques and applications. However will it really change the game or not?
You didnt see it’s coming? "Dawn of hardened Windows Kernel"
You didnt see it’s coming? "Dawn of hardened Windows Kernel"
Peter Hlavaty
memory, object pooling
Memory & object pooling
Memory & object pooling
Nam Hyeonuk
Image Deep Learning 실무적용 전처리 학습 평가 Service
Image Deep Learning 실무적용
Image Deep Learning 실무적용
Youngjae Kim
Effective c++ 정리
Effective c++ 1~8장
Effective c++ 1~8장
Shin heemin
Exception handling & log
Exception&log
Exception&log
Nam Hyeonuk
메모리 할당과 관련한 내용입니다.
메모리 할당에 관한 기초
메모리 할당에 관한 기초
Changyol BAEK
Hotspot JVM GC_Wh apm
Hotspot JVM GC_Wh apm
Hotspot JVM GC_Wh apm
엑셈
Effective C++ chapter 8
Effective c++chapter8
Effective c++chapter8
성연 김
2013 CodeEngn Conference 08 Exploit으로 인한 보안 위협은 어제 오늘만의 문제가 아니다. 그에 따라서, Windows Version이 Update 되면서 다양한 Memory Protection 기능으로 Exploiting 으로 인한 공격을 방어하게 되었다. Exploiting Technique에 대한 History를 살펴 보며, Windows 8에서 Memory 관리 하는 방법 및 Memory Protection 방법에 대해서 살펴 볼 것이다. 이러한 변화로 인해 Exploiting 공격에 있어 어떤 방법으로 접근해야 될 지 알아보도록 하자. http://codeengn.com/conference/08
[2013 CodeEngn Conference 08] manGoo - Windows 8 Exploit
[2013 CodeEngn Conference 08] manGoo - Windows 8 Exploit
GangSeok Lee
-
백억개의 로그를 모아 검색하고 분석하고 학습도 시켜보자 : 로기스
백억개의 로그를 모아 검색하고 분석하고 학습도 시켜보자 : 로기스
NAVER D2
IBM JVM GC_Wh apm
IBM JVM GC_Wh apm
IBM JVM GC_Wh apm
엑셈
Java Garbage Collection Summary
Garbage collection
Garbage collection
soeun Lee
이더리움 연구회 정기 발표회, 세션2 - 이더리움 합의 알고리즘과 마이닝
세션2. 이더리움 합의 알고리즘과 마이닝
세션2. 이더리움 합의 알고리즘과 마이닝
Jay JH Park
NDC15 발표 자료
리소스 중심의 서든어택2 실시간 메모리 프로파일링 시스템 개발기
리소스 중심의 서든어택2 실시간 메모리 프로파일링 시스템 개발기
Wonha Ryu
14 virtual memory
14 virtual memory
codevania
Taocp 2_4
Taocp 2_4
codevania
Taocp 2_3_1
Taocp 2_3_1
codevania
Taocp 1 2-2
Taocp 1 2-2
codevania
Gstar gossip
Gstar gossip
codevania
Deferred rendering transparency
Deferred rendering transparency
codevania
테스트 자동화의 원칙
테스트 자동화의 원칙
codevania
3장 자동적으로 움직이는 게임 에이전트 생성법
3장 자동적으로 움직이는 게임 에이전트 생성법
codevania
Spin locks 추가 자료
Spin locks 추가 자료
codevania
More Related Content
Similar to Memory Corruption Heap
memory, object pooling
Memory & object pooling
Memory & object pooling
Nam Hyeonuk
Image Deep Learning 실무적용 전처리 학습 평가 Service
Image Deep Learning 실무적용
Image Deep Learning 실무적용
Youngjae Kim
Effective c++ 정리
Effective c++ 1~8장
Effective c++ 1~8장
Shin heemin
Exception handling & log
Exception&log
Exception&log
Nam Hyeonuk
메모리 할당과 관련한 내용입니다.
메모리 할당에 관한 기초
메모리 할당에 관한 기초
Changyol BAEK
Hotspot JVM GC_Wh apm
Hotspot JVM GC_Wh apm
Hotspot JVM GC_Wh apm
엑셈
Effective C++ chapter 8
Effective c++chapter8
Effective c++chapter8
성연 김
2013 CodeEngn Conference 08 Exploit으로 인한 보안 위협은 어제 오늘만의 문제가 아니다. 그에 따라서, Windows Version이 Update 되면서 다양한 Memory Protection 기능으로 Exploiting 으로 인한 공격을 방어하게 되었다. Exploiting Technique에 대한 History를 살펴 보며, Windows 8에서 Memory 관리 하는 방법 및 Memory Protection 방법에 대해서 살펴 볼 것이다. 이러한 변화로 인해 Exploiting 공격에 있어 어떤 방법으로 접근해야 될 지 알아보도록 하자. http://codeengn.com/conference/08
[2013 CodeEngn Conference 08] manGoo - Windows 8 Exploit
[2013 CodeEngn Conference 08] manGoo - Windows 8 Exploit
GangSeok Lee
-
백억개의 로그를 모아 검색하고 분석하고 학습도 시켜보자 : 로기스
백억개의 로그를 모아 검색하고 분석하고 학습도 시켜보자 : 로기스
NAVER D2
IBM JVM GC_Wh apm
IBM JVM GC_Wh apm
IBM JVM GC_Wh apm
엑셈
Java Garbage Collection Summary
Garbage collection
Garbage collection
soeun Lee
이더리움 연구회 정기 발표회, 세션2 - 이더리움 합의 알고리즘과 마이닝
세션2. 이더리움 합의 알고리즘과 마이닝
세션2. 이더리움 합의 알고리즘과 마이닝
Jay JH Park
NDC15 발표 자료
리소스 중심의 서든어택2 실시간 메모리 프로파일링 시스템 개발기
리소스 중심의 서든어택2 실시간 메모리 프로파일링 시스템 개발기
Wonha Ryu
Similar to Memory Corruption Heap
(13)
Memory & object pooling
Memory & object pooling
Image Deep Learning 실무적용
Image Deep Learning 실무적용
Effective c++ 1~8장
Effective c++ 1~8장
Exception&log
Exception&log
메모리 할당에 관한 기초
메모리 할당에 관한 기초
Hotspot JVM GC_Wh apm
Hotspot JVM GC_Wh apm
Effective c++chapter8
Effective c++chapter8
[2013 CodeEngn Conference 08] manGoo - Windows 8 Exploit
[2013 CodeEngn Conference 08] manGoo - Windows 8 Exploit
백억개의 로그를 모아 검색하고 분석하고 학습도 시켜보자 : 로기스
백억개의 로그를 모아 검색하고 분석하고 학습도 시켜보자 : 로기스
IBM JVM GC_Wh apm
IBM JVM GC_Wh apm
Garbage collection
Garbage collection
세션2. 이더리움 합의 알고리즘과 마이닝
세션2. 이더리움 합의 알고리즘과 마이닝
리소스 중심의 서든어택2 실시간 메모리 프로파일링 시스템 개발기
리소스 중심의 서든어택2 실시간 메모리 프로파일링 시스템 개발기
More from codevania
14 virtual memory
14 virtual memory
codevania
Taocp 2_4
Taocp 2_4
codevania
Taocp 2_3_1
Taocp 2_3_1
codevania
Taocp 1 2-2
Taocp 1 2-2
codevania
Gstar gossip
Gstar gossip
codevania
Deferred rendering transparency
Deferred rendering transparency
codevania
테스트 자동화의 원칙
테스트 자동화의 원칙
codevania
3장 자동적으로 움직이는 게임 에이전트 생성법
3장 자동적으로 움직이는 게임 에이전트 생성법
codevania
Spin locks 추가 자료
Spin locks 추가 자료
codevania
Texture bombing
Texture bombing
codevania
Memory corruption stack
Memory corruption stack
codevania
for study
Mathematical Structures for CS [Chapter3]456
Mathematical Structures for CS [Chapter3]456
codevania
Retrieved from: http://gamesfromwithin.com/optimizing-the-content-pipeline
Optimizing The Content Pipeline
Optimizing The Content Pipeline
codevania
시간 있으면 설계나 합시다
시간 있으면 설계나 합시다
codevania
Generic Refraction Simulation
Generic Refraction Simulation
codevania
Material for studying 6.3 section of ShaderX5
Interactive Refractions And Caustics Using Image Space Techniques
Interactive Refractions And Caustics Using Image Space Techniques
codevania
More from codevania
(16)
14 virtual memory
14 virtual memory
Taocp 2_4
Taocp 2_4
Taocp 2_3_1
Taocp 2_3_1
Taocp 1 2-2
Taocp 1 2-2
Gstar gossip
Gstar gossip
Deferred rendering transparency
Deferred rendering transparency
테스트 자동화의 원칙
테스트 자동화의 원칙
3장 자동적으로 움직이는 게임 에이전트 생성법
3장 자동적으로 움직이는 게임 에이전트 생성법
Spin locks 추가 자료
Spin locks 추가 자료
Texture bombing
Texture bombing
Memory corruption stack
Memory corruption stack
Mathematical Structures for CS [Chapter3]456
Mathematical Structures for CS [Chapter3]456
Optimizing The Content Pipeline
Optimizing The Content Pipeline
시간 있으면 설계나 합시다
시간 있으면 설계나 합시다
Generic Refraction Simulation
Generic Refraction Simulation
Interactive Refractions And Caustics Using Image Space Techniques
Interactive Refractions And Caustics Using Image Space Techniques
Memory Corruption Heap
1.
Memory Corruption -
Heap 아꿈사 (http://cafe.naver.com/architect1.cafe) Codevania (http://codevania.textcube.com)
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
Under the hood
of Heap Allocation
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
Download now