In this
paper, I introduce the reader to a heap metadata corruption against the latest version
of the glibc allocator, ptmalloc. In the TCache House of Spirit, an attacker
passes a pointer to a fake chunk header to the free API. This chunk can be of
almost arbitrary size. The allocator will subsequently insert this fake chunk
into a tcache freelist. The next malloc of the appropriate size will return the
fake chunk which may overlap data that may be of benefit to the attacker.
Linux Heap TCache House of Spirit.PDF
Exploiting the Lorex 2K Indoor Wifi at Pwn2Own Ireland
Introduction In October InfoSect participated in Pwn2Own Ireland 2024 and successfully exploited the Sonos Era 300 smart speaker and Lor...
-
InfoSect has always been committed to fostering diversity and inclusion within the cybersecurity industry, with a special focus on encourag...
-
Summary This is the next part of the C++ memory corruption series*. In this post, we'll look at corrupting the std:string object in L...
-
Syed Faraz Abrar @farazsth98 Summary In this blog post, I will provide some details on how the Chromium developers implemente...
