-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Accuvant LABS researchers Chris Valasek and Ryan Smith will be presenting at INFILTRATE 2011! (http://www.immunityinc.com/infiltrate.shtml)
We will probably have to play a fun game of Nico and Nico versus Chris and Ryan somehow. Heap Bingo anyone? With enough beer, that could be fun! _______________________________________________________________________________ Title: Modern Heap Exploitation using the Low Fragmentation Heap Summary: Exploit mitigation technologies have made reliable heap exploitation increasingly difficult since the inception of the 4-byte over write, over ten years ago. At the same time, applications needed to become more stable without using absurd amounts of memory (Who doesn’t keep their web browser with multiple tabs open for days?). Heap memory management has matured over time, but with complex new code comes new opportunity for exploitation. This presentation will focus on understanding the Low Fragmentation heap on Windows 7 (32-bit). After a foundation of integral concepts is laid, new exploitation techniques will be thoroughly discussed. Finally, we will use this new found knowledge to leverage supposed non-exploitable vulnerabilities. Specifically we will cover a case study showing how to craft an exploit for the IIS FTP 7.5 denial of service [1] resulting in full control of EIP. We hope to see you there! http://illmatics.com/FTPOwned.PNG [1] See http://blogs.technet.com/b/srd/archive/2010/12/22/assessing-an-iis-ftp-7-5-unauthenticated-denial-of-service-vulnerability.aspx Thanks Dave Aitel Immunity, Inc. INFILTRATE 2011 ! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAk0vXyEACgkQtehAhL0gheoyBQCfSmsmOFIzA0f/mFOk+/+QYAOe ubEAn2ngAkWG0Ff+/96fGspmYxb7xt+X =Ir0L -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave
