In this
paper, I introduce the reader to a method to disclose the libc base in the
presence of ASLR given an information leak in the unsorted bin of the Linux
Heap allocator, ptmalloc.
Linux Heap Unsorted Bin LIBC Base Leak.PDF
Tuesday, 24 September 2019
Linux Heap Fast Bin Poisoning part 2
In this
paper, I introduce the reader to a heap metadata corruption against the current
Linux Heap allocator, ptmalloc. The attack is performed via corrupting, or
poisoning the fast bin such that malloc returns an arbitrary pointer. It
relaxes the requirements in part 1 of this paper and can now return an
arbitrary pointer. For this to happen, more heap grooming is required.
Linux Heap Fast Bin Poisoning part 2.PDF
Linux Heap Fast Bin Poisoning part 2.PDF
Monday, 23 September 2019
Linux Heap Fast Bin Poisoning part 1
In this
paper, I introduce the reader to a heap metadata corruption against the current
Linux Heap allocator, ptmalloc. The attack is performed via corrupting, or
poisoning the fast bin such that malloc returns a near arbitrary pointer. This
may allow for control flow hijacking if malloc returns a pointer to a function
pointer and an attacker is able to write to that malloc returned buffer.
Subscribe to:
Posts (Atom)
Exploiting the Lorex 2K Indoor Wifi at Pwn2Own Ireland
Introduction In October InfoSect participated in Pwn2Own Ireland 2024 and successfully exploited the Sonos Era 300 smart speaker and Lor...
-
InfoSect has always been committed to fostering diversity and inclusion within the cybersecurity industry, with a special focus on encourag...
-
Introduction In October InfoSect participated in Pwn2Own Ireland 2024 and successfully exploited the Sonos Era 300 smart speaker and Lor... -
Syed Faraz Abrar @farazsth98 Summary In this blog post, I will provide some details on how the Chromium developers implemente...
