HTML5 Heap Spray. EUSecWest 2012
HTML5 Heap Spray – EUSecWest 2012
Federico and I have just come back from our holidays after EUSecWest.
The conference was awesome, as usual. Very interesting talks, great ppl, and of course, great hosts.
In our talk, we presented a new technique to populate the heap in a multithreaded fashion making use of HTML5.
It’s very simple and it offers several benefits:
- Very fast
- Browser independent
- Aligned
- Supported by computers, smartphones, smart TVs and video game consoles
Still using strings to heap spray & feng shui? Take a look to the slides.
You can download it here or view it online here. Alternatively, if you dont like Prezi, you can obtain a pdf version here.
Hi man,
This is damn interesting, but prezi format sucks in my opinion….do you have it as pdf or some other format perhaps?
Thanks.
Hey, I’ve added a pdf version.
Prezi can be pretty messy sometimes. Anyway, I think it can add some value to the presentations when it’s well used. We try to do that.
[...] heap spray in modern browsers. Federico Muttis and Anibal Sacco from Core security recently published the results of their research on HTML5 spraying, which offers a great way to take advantage of new technology to perform heap [...]
DEPS – Precise Heap Spray on Firefox and IE10 | Corelan Team said this on February 20, 2013 at 5:47 am |