Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
محتوای ارائه شده توسط Black Hat/ CMP Media, Inc. and Jeff Moss. تمام محتوای پادکست شامل قسمتها، گرافیکها و توضیحات پادکست مستقیماً توسط Black Hat/ CMP Media, Inc. and Jeff Moss یا شریک پلتفرم پادکست آنها آپلود و ارائه میشوند. اگر فکر میکنید شخصی بدون اجازه شما از اثر دارای حق نسخهبرداری شما استفاده میکند، میتوانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal
مشابه Black Hat Briefings, USA 2007 [Audio] Presentations from the security conference.
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and ...
…
continue reading
Every Friday and Sunday, Slate’s popular daily news podcast What Next brings you TBD, a clear-eyed look into the future. From fake news to fake meat, algorithms to augmented reality, Lizzie O’Leary is your guide to the tech industry and the world it’s creating for us to live in.
…
continue reading
On The Bike Shed, hosts Joël Quenneville and Stephanie Minn discuss development experiences and challenges at thoughtbot with Ruby, Rails, JavaScript, and whatever else is drawing their attention, admiration, or ire this week.
…
continue reading
Daily update on current cyber security threats
…
continue reading
Material is a weekly discussion about the Google and Android universe. Your intrepid hosts try to answer the question, “What holds up the digital world?” The answer, so far, is that it’s Google all the way down. Hosted by Andy Ihnatko and Florence Ion.
…
continue reading
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
An open show powered by community LINUX Unplugged takes the best attributes of open collaboration and turns it into a weekly show about Linux.
…
continue reading
From smart phones to smart homes, the Android Police Podcast gives you exactly what you need from a tech podcast - no more, no less. Every week, each of our hosts curate topics to talk about. It could be tracking through your newsfeed or a passion project or two. We're centered on Android, but go far and wide, so if you're looking for good talk that won't waste your time, listen and subscribe.
…
continue reading
Player FM - برنامه پادکست
با برنامه Player FM !
با برنامه Player FM !
))
Alexander Sotirov: Heap Feng Shui in JavaScript
Manage episode 153226761 series 1085097
محتوای ارائه شده توسط Black Hat/ CMP Media, Inc. and Jeff Moss. تمام محتوای پادکست شامل قسمتها، گرافیکها و توضیحات پادکست مستقیماً توسط Black Hat/ CMP Media, Inc. and Jeff Moss یا شریک پلتفرم پادکست آنها آپلود و ارائه میشوند. اگر فکر میکنید شخصی بدون اجازه شما از اثر دارای حق نسخهبرداری شما استفاده میکند، میتوانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal
Heap exploitation is getting harder. The heap protection features in the latest versions of Windows have been effective at stopping the basic exploitation techniques. In most cases bypassing the protection requires a great degree of control over the allocation patterns of the vulnerable application.
This presentation introduces a new technique for precise manipulation of the browser heap layout using specific sequences of JavaScript allocations. This allows an attacker to set up the heap in any desired state and exploit difficult heap corruption vulnerabilities with great reliability and precision.
This talk will begin with an overview of the current state of browser heap exploitation and the unreliability of many heap exploits. It will continue with a discussion of Internet Explorer heap internals and the techniques for JavaScript heap manipulation. I will present a JavaScript heap exploitation library that exposes an abstract heap manipulation API. Its use will be demonstrated by exploit code for two complex heap corruption vulnerabilities.
The talk will focus on Internet Explorer exploitation, but the general technique presented is applicable to other browsers as well.
…
continue reading
This presentation introduces a new technique for precise manipulation of the browser heap layout using specific sequences of JavaScript allocations. This allows an attacker to set up the heap in any desired state and exploit difficult heap corruption vulnerabilities with great reliability and precision.
This talk will begin with an overview of the current state of browser heap exploitation and the unreliability of many heap exploits. It will continue with a discussion of Internet Explorer heap internals and the techniques for JavaScript heap manipulation. I will present a JavaScript heap exploitation library that exposes an abstract heap manipulation API. Its use will be demonstrated by exploit code for two complex heap corruption vulnerabilities.
The talk will focus on Internet Explorer exploitation, but the general technique presented is applicable to other browsers as well.
89 قسمت
Alexander Sotirov: Heap Feng Shui in JavaScript
Black Hat Briefings, USA 2007 [Audio] Presentations from the security conference.
اشتراک گذاری
Manage episode 153226761 series 1085097
محتوای ارائه شده توسط Black Hat/ CMP Media, Inc. and Jeff Moss. تمام محتوای پادکست شامل قسمتها، گرافیکها و توضیحات پادکست مستقیماً توسط Black Hat/ CMP Media, Inc. and Jeff Moss یا شریک پلتفرم پادکست آنها آپلود و ارائه میشوند. اگر فکر میکنید شخصی بدون اجازه شما از اثر دارای حق نسخهبرداری شما استفاده میکند، میتوانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal
Heap exploitation is getting harder. The heap protection features in the latest versions of Windows have been effective at stopping the basic exploitation techniques. In most cases bypassing the protection requires a great degree of control over the allocation patterns of the vulnerable application.
This presentation introduces a new technique for precise manipulation of the browser heap layout using specific sequences of JavaScript allocations. This allows an attacker to set up the heap in any desired state and exploit difficult heap corruption vulnerabilities with great reliability and precision.
This talk will begin with an overview of the current state of browser heap exploitation and the unreliability of many heap exploits. It will continue with a discussion of Internet Explorer heap internals and the techniques for JavaScript heap manipulation. I will present a JavaScript heap exploitation library that exposes an abstract heap manipulation API. Its use will be demonstrated by exploit code for two complex heap corruption vulnerabilities.
The talk will focus on Internet Explorer exploitation, but the general technique presented is applicable to other browsers as well.
…
continue reading
This presentation introduces a new technique for precise manipulation of the browser heap layout using specific sequences of JavaScript allocations. This allows an attacker to set up the heap in any desired state and exploit difficult heap corruption vulnerabilities with great reliability and precision.
This talk will begin with an overview of the current state of browser heap exploitation and the unreliability of many heap exploits. It will continue with a discussion of Internet Explorer heap internals and the techniques for JavaScript heap manipulation. I will present a JavaScript heap exploitation library that exposes an abstract heap manipulation API. Its use will be demonstrated by exploit code for two complex heap corruption vulnerabilities.
The talk will focus on Internet Explorer exploitation, but the general technique presented is applicable to other browsers as well.
89 قسمت
همه قسمت ها
×
به Player FM خوش آمدید!
Player FM در سراسر وب را برای یافتن پادکست های با کیفیت اسکن می کند تا همین الان لذت ببرید. این بهترین برنامه ی پادکست است که در اندروید، آیفون و وب کار می کند. ثبت نام کنید تا اشتراک های شما در بین دستگاه های مختلف همگام سازی شود.
مشابه Black Hat Briefings, USA 2007 [Audio] Presentations from the security conference.
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and ...
…
continue reading
Every Friday and Sunday, Slate’s popular daily news podcast What Next brings you TBD, a clear-eyed look into the future. From fake news to fake meat, algorithms to augmented reality, Lizzie O’Leary is your guide to the tech industry and the world it’s creating for us to live in.
…
continue reading
On The Bike Shed, hosts Joël Quenneville and Stephanie Minn discuss development experiences and challenges at thoughtbot with Ruby, Rails, JavaScript, and whatever else is drawing their attention, admiration, or ire this week.
…
continue reading
Daily update on current cyber security threats
…
continue reading
Material is a weekly discussion about the Google and Android universe. Your intrepid hosts try to answer the question, “What holds up the digital world?” The answer, so far, is that it’s Google all the way down. Hosted by Andy Ihnatko and Florence Ion.
…
continue reading
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
An open show powered by community LINUX Unplugged takes the best attributes of open collaboration and turns it into a weekly show about Linux.
…
continue reading
From smart phones to smart homes, the Android Police Podcast gives you exactly what you need from a tech podcast - no more, no less. Every week, each of our hosts curate topics to talk about. It could be tracking through your newsfeed or a passion project or two. We're centered on Android, but go far and wide, so if you're looking for good talk that won't waste your time, listen and subscribe.
…
continue reading
Player FM - برنامه پادکست
با برنامه Player FM !
با برنامه Player FM !
