O'Reilly logo

Gray Hat Hacking The Ethical Hacker's Handbook, Fourth Edition, 4th Edition by Stephen Sims, Ryan Linn, Branko Spasojevic, Jonathan Ness, Chris Eagle, Allen Harper, Shon Harris, Daniel Regalado

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

CHAPTER 16

 

Exploiting IE: Smashing the Heap

This chapter shows you the different techniques used in 0-day attacks, as disclosed in 2013 and 2014, to place malicious code (shellcode) at predictable addresses in the heap.

            In this chapter, we cover the following topics:

            •  Spraying with HTML5

            •  DOM Element Property Spray (DEPS)

            •  HeapLib2 technique

            •  Flash spray with byte arrays

            •  Flash spray with integer vectors

            •  Leveraging low fragmentation heap (LFH)

 

Setting Up the Environment

Before learning about the different heap spray techniques, it is imperative that you have a solid understanding of how to configure and use WinDbg Debugger since we will use ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required