Description: This talk will discuss 100% reliable exploitation of CVE-2011-2371 (found by Chris Rohlf) by turning it into an infoleak and no heap spraying techniques. There won't be any spamming the address space and relying on the sayonara ROP chain - this will instead go over how exploit writers are supposed to ball to produce quality and reliable exploits. A second, very different, bug will have the same work over as the first. All relevant Firefox internals will be discussed.
FIONNBHARR DAVIES BIO
Fionnbharr Davies / thoth is a professional accountant by day and whitehat security evangelist by night. When Fionnbharr isn't spending his free time going through personal receipts (a receipt a day keeps the tax man away!), he can be found mountaineering, whitewater rafting or practising kegels.
Tags: securitytube , hacking , hackers , information security , convention , computer security , ruxcon-2012 ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.