.

[Article]-Understanding Heap Overflow Exploits

<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Wed Mar 18, 2009 11:02 am

[Article]-Understanding Heap Overflow Exploits

Enjoy the audio and slide deck by Jack Koziol as your primer on heap overflow exploitation. Remember, if you want to learn this and much more directly from Jack, he will be teaching the CEPT course at ChicagoCon 2009s from May 4 - 8.

Permanent link: [Article]-Understanding Heap Overflow Exploits


Image


Jack Koziol of Shellcoder's Handbook fame spoke at ChicagoCon last year on heap overflow exploitation, so we thought we'd share the entire audio recording and slide deck with you as an example of the type of talks you'll see at the next ChicagoCon in May 2009

As defined by Wikipedia, "A heap overflow is a type of buffer overflow that occurs in the heap data area. Like all buffer overflows, a heap overflow may be introduced accidentally by an application programmer, or it may result from a deliberate exploit. In either case, the overflow occurs when an application copies more data into a buffer than the buffer was designed to contain. A routine is vulnerable to exploitation if it copies data to a buffer without first verifying that the source will fit into the destination. A deliberate exploit may result in data at a specific location being altered in an arbitrary way, or in arbitrary code being executed."

So what does all that mean and how do you do it? Find out in Jack's talk on "the most common type of heap overflow exploits for Linux and Windows. He will briefly explain how dynamically allocated memory works, its interaction with the heap memory structure, and how a normal heap operates. Jack will then demonstrate how heap overflows occur, and how they can be exploited on Linux, Windows 2000 and Windows XP SP2 with Data Execution Prevention (DEP) enabled. Unfortunately, the Vista portion of the talk had to be withdrawn. Expect to laugh, cry, and be entertained!"



Let us know what you think.

Don
Last edited by don on Wed Mar 18, 2009 11:07 am, edited 1 time in total.
CISSP, MCSE, CSTA, Security+ SME
<<

NickFnord

User avatar

Full Member
Full Member

Posts: 117

Joined: Fri Sep 05, 2008 5:25 am

Post Wed Mar 18, 2009 11:19 am

Re: [Article]-Understanding Heap Overflow Exploits

definately looking forward to this - I'm slowly creeping my way through shelcoders and havn't made the time to fully understand heap overflows yet - this should be good  :-)
<<

vijay2

Full Member
Full Member

Posts: 220

Joined: Wed Mar 28, 2007 6:22 am

Post Wed Mar 18, 2009 11:44 am

Re: [Article]-Understanding Heap Overflow Exploits

Nice,  Thanks Don
GPEN GCFA GCIH CISSP CISA GSEC OSCP C|EH Security+
<<

jason

User avatar

Hero Member
Hero Member

Posts: 1013

Joined: Sat Jun 21, 2008 6:23 pm

Location: USA

Post Thu Mar 19, 2009 8:07 pm

Re: [Article]-Understanding Heap Overflow Exploits

Very nice. Thanks much Don.

Return to /root

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software