Exploiting the Jemalloc Memory Allocator - Owning Firefox's Heap

Exploiting the Jemalloc Memory Allocator - Owning Firefox's Heap

Black Hat via YouTube Direct link

References

28 of 28

28 of 28

References

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

Exploiting the Jemalloc Memory Allocator - Owning Firefox's Heap

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 Outline
  3. 3 jemalloc flavors... yummy
  4. 4 SMP systems & multithreaded applications
  5. 5 jemalloc overview
  6. 6 Central concepts
  7. 7 jemalloc basic design
  8. 8 Chunks (arena_chunk_t)
  9. 9 Runs (arena_run_t)
  10. 10 Regions
  11. 11 Region size classes
  12. 12 Bins (arena bin_t)
  13. 13 Architecture of jemalloc
  14. 14 Allocation algorithm
  15. 15 No unlinking, no frontlinking
  16. 16 Exploitation techniques
  17. 17 Adjacent memory overwrite
  18. 18 Run header corruption
  19. 19 OS X and gdb/Python
  20. 20 unmask_jemalloc
  21. 21 Firefox heap manipulation
  22. 22 CVE-2011-3026
  23. 23 The vulnerability
  24. 24 Mitigations
  25. 25 Redzone
  26. 26 Concluding remarks
  27. 27 Acknowledgements
  28. 28 References

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.