Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

The Info Leak Era on Software Exploitation

Black Hat via YouTube

Overview

Explore advanced software exploitation techniques in this Black Hat USA 2012 conference talk. Delve into the era of information leaks and their impact on defeating Address Space Layout Randomization (ASLR). Learn why ASLR is crucial for preventing reliable exploitation and how other mitigations fall short without it. Discover various methods for converting vulnerabilities into information leaks, including partial stack overflows, heap overflows with heap massaging, and object manipulation through non-virtual calls. Examine real-world examples, such as CVE-2012-0769, and understand how to transform information leaks into Universal Cross-Site Scripting (UXSS) attacks. Gain insights into continuous distribution, element creation, and object reclamation techniques. Enhance your understanding of software security and exploitation strategies through this comprehensive presentation.

Syllabus

Introduction
Info Leaks
What is an Info Leak
Techniques
Continuous Distribution
Creating an Element
Reclaiming an Object
Converting Vulnerabilities
Stack Overflows
Partial Overflows
JavaScript String
Nonmetal Methods
This is not an info leak
CV
Bitmap
User Data
Base of dll
Final notes
Questions

Taught by

Black Hat

Reviews

Start your review of The Info Leak Era on Software Exploitation

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.