Permanent link: [Article]-Understanding Heap Overflow Exploits
Jack Koziol of Shellcoder's Handbook fame spoke at ChicagoCon last year on heap overflow exploitation, so we thought we'd share the entire audio recording and slide deck with you as an example of the type of talks you'll see at the next ChicagoCon in May 2009.
As defined by Wikipedia, "A heap overflow is a type of buffer overflow that occurs in the heap data area. Like all buffer overflows, a heap overflow may be introduced accidentally by an application programmer, or it may result from a deliberate exploit. In either case, the overflow occurs when an application copies more data into a buffer than the buffer was designed to contain. A routine is vulnerable to exploitation if it copies data to a buffer without first verifying that the source will fit into the destination. A deliberate exploit may result in data at a specific location being altered in an arbitrary way, or in arbitrary code being executed."
So what does all that mean and how do you do it? Find out in Jack's talk on "the most common type of heap overflow exploits for Linux and Windows. He will briefly explain how dynamically allocated memory works, its interaction with the heap memory structure, and how a normal heap operates. Jack will then demonstrate how heap overflows occur, and how they can be exploited on Linux, Windows 2000 and Windows XP SP2 with Data Execution Prevention (DEP) enabled. Unfortunately, the Vista portion of the talk had to be withdrawn. Expect to laugh, cry, and be entertained!"
Let us know what you think.