Description: Windows 7 introduced many new security mechanisms regarding the use of the front end allocator. In an attempt to mitigate many of yesterday's attacks, new, complicated functionality can be abused to place the heap manager into a unexpected state. With every new heap manager revision, security is often enhanced minimizing specific metadata attacks and incrementally increasing their requirements. The metadata attacks of today now facilitate application data attacks directly.
This presentation will begin by detailing Windows XP and Windows 7 heap data structures and core algorithms. Following that, the author will walk through past (un)famous windows heap exploitation techniques and present a new, undisclosed exploitation technique against the Low Fragmentation Heap known as the 'depth De-sync/Offset match attack'.
ABOUT STEVEN SEELEY
Steven Seeley is a senior penetration tester and security researcher for Stratsec BAE, Australia. In his spare time, Steven conducts vulnerability research enjoys reverse engineering. Lately, Steven has focused his research attention to discovering new attack vectors against window 7′s heap manager.
Tags: securitytube , hack in the box , hacking , hackers , information security , convention , computer security , HITB 12 , HITB-2012 ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.