HTML5 Heap Spray. EUSecWest 2012

HTML5 Heap Spray

HTML5 Heap Spray – EUSecWest 2012

Federico and I have just come back from our holidays after EUSecWest.

The conference was awesome, as usual. Very interesting talks, great ppl, and of course, great hosts.

In our talk, we presented a new technique to populate the heap in a multithreaded fashion making use of HTML5.
It’s very simple and it offers several benefits:

  • Very fast
  • Browser independent
  • Aligned
  • Supported by computers, smartphones, smart TVs and video game consoles

Still using strings to heap spray & feng shui? Take a look to the slides.
You can download it here or view it online here.  Alternatively,  if you dont like Prezi, you can obtain a pdf version here.

About these ads

~ by aLS -- on October 3, 2012.

8 Responses to “HTML5 Heap Spray. EUSecWest 2012”

  1. Hi man,

    This is damn interesting, but prezi format sucks in my opinion….do you have it as pdf or some other format perhaps?

    Thanks.

  2. Hey, I’ve added a pdf version.
    Prezi can be pretty messy sometimes. Anyway, I think it can add some value to the presentations when it’s well used. We try to do that.

  3. [...] heap spray in modern browsers.   Federico Muttis and Anibal Sacco from Core security recently published the results of their research on HTML5 spraying, which offers a great way to take advantage of new technology to perform heap [...]

  4. […] we can expect that the HTML5 vulnerabilities will be used to exploit Firefox OS in the future. Independent research has said that HTML5 features can be used to do memory fills for heap […]

  5. […] we can expect that the HTML5 vulnerabilities will be used to exploit Firefox OS in the future. Independent research has said that HTML5 features can be used to do memory fills for heap […]

  6. […] we can expect that the HTML5 vulnerabilities will be used to exploit Firefox OS in the future. Independent research has said that HTML5 features can be used to do memory fills for heap […]

  7. […] we can expect that the HTML5 vulnerabilities will be used to exploit Firefox OS in the future. Independent research has said that HTML5 features can be used to do memory fills for heap […]

  8. […] we can expect that the HTML5 vulnerabilities will be used to exploit Firefox OS in the future. Independent research has said that HTML5 features can be used to do memory fills for heap […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
Follow

Get every new post delivered to your Inbox.

%d bloggers like this: