Hemos actualizado nuestra política de privacidad. Haga clic aquí para revisar los detalles. Pulse aquí para revisar los detalles
Active su período de prueba de 30 días gratis para desbloquear las lecturas ilimitadas.
Active su período de prueba de 30 días gratis para seguir leyendo.
Descargar para leer sin conexión
If any susceptible application data to a buffer overflow like a function pointer was on the memory block allocated by the target program, we can assume that Heap-based Buffer Overflow is as amenable to attacks as Stack-based Buffer Overflow. Although the remote attackers have no way to figure out whether it is really exploitable or not because the memory layout is conditional on a target application. Thus, an exploitation to Heap-based Buffer Overflow is not so practical. However it is so interesting and we focus on it.
One objective of attackers is gaining the program counter to lead to an arbitrary code execution and they usually realize that with "write-what-where primitive", an arbitary data write to anywhere, to the susceptible data. An ancient technique called "Unlink Attack" provides direct "write-what-where primitive" but it is not available today thus the recent exploit writers excogitate indirect "write-what-where primitive" by forcing malloc() to return a nearly-arbitrary address. There are several Heap Exploitation techniques like Malloc Maleficarum, a paper with some great techniques published by Phantasmal Phantasmagoria, which provides such indirect "write-what-where primitive". Some of them have been fixed but some others like House of Force and so on have been still available today.
This paper propose the "House of Einherjar", a new technique as an indirect "write-what-where primitive" on the latest GLIBC.
--- Hiroki Matsukuma
Hiroki MATSUKUMA is a web pentest rookie at Cyber Defense Institute, Inc. in Japan, a member of TokyoWesterns.
He was an electrical engineering student at NITTC(National Institute of Technology, Tokyo College). /* However, his interest has been in a computer security before thus he often neglected studying and participated in CTF competitions :P */
Sometimes he gets a good feeling the moment he got a control of an application, when listening EDM and he likes having something good to eat with a girl;)
Now his interest is towards heap implementations, exploitation of embedded systems and suchlike technology related to pwn.
If any susceptible application data to a buffer overflow like a function pointer was on the memory block allocated by the target program, we can assume that Heap-based Buffer Overflow is as amenable to attacks as Stack-based Buffer Overflow. Although the remote attackers have no way to figure out whether it is really exploitable or not because the memory layout is conditional on a target application. Thus, an exploitation to Heap-based Buffer Overflow is not so practical. However it is so interesting and we focus on it.
One objective of attackers is gaining the program counter to lead to an arbitrary code execution and they usually realize that with "write-what-where primitive", an arbitary data write to anywhere, to the susceptible data. An ancient technique called "Unlink Attack" provides direct "write-what-where primitive" but it is not available today thus the recent exploit writers excogitate indirect "write-what-where primitive" by forcing malloc() to return a nearly-arbitrary address. There are several Heap Exploitation techniques like Malloc Maleficarum, a paper with some great techniques published by Phantasmal Phantasmagoria, which provides such indirect "write-what-where primitive". Some of them have been fixed but some others like House of Force and so on have been still available today.
This paper propose the "House of Einherjar", a new technique as an indirect "write-what-where primitive" on the latest GLIBC.
--- Hiroki Matsukuma
Hiroki MATSUKUMA is a web pentest rookie at Cyber Defense Institute, Inc. in Japan, a member of TokyoWesterns.
He was an electrical engineering student at NITTC(National Institute of Technology, Tokyo College). /* However, his interest has been in a computer security before thus he often neglected studying and participated in CTF competitions :P */
Sometimes he gets a good feeling the moment he got a control of an application, when listening EDM and he likes having something good to eat with a girl;)
Now his interest is towards heap implementations, exploitation of embedded systems and suchlike technology related to pwn.
Parece que ya has recortado esta diapositiva en .
¡Acabas de recortar tu primera diapositiva!
Los recortes son una forma práctica de recopilar diapositivas importantes para volver a ellas más tarde. Ahora puedes personalizar el nombre de un tablero de recortes para guardar tus recortes.La familia SlideShare crece. Disfruta de acceso a millones de libros electrónicos, audiolibros, revistas y mucho más de Scribd.
Cancela en cualquier momento.Lecturas ilimitadas
Aprenda más rápido y de forma más inteligente con los mejores expertos
Descargas ilimitadas
Descárguelo para aprender sin necesidad de estar conectado y desde cualquier lugar
¡Además, tiene acceso gratis a Scribd!
Acceso instantáneo a millones de libros electrónicos, audiolibros, revistas, podcasts y mucho más.
Lea y escuche sin conexión desde cualquier dispositivo.
Acceso gratis a servicios prémium como TuneIn, Mubi y muchos más.
Hemos actualizado su política de privacidad para cumplir con las cambiantes normativas de privacidad internacionales y para ofrecerle información sobre las limitadas formas en las que utilizamos sus datos.
Puede leer los detalles a continuación. Al aceptar, usted acepta la política de privacidad actualizada.
¡Gracias!