In this
paper, I introduce the reader to a heap metadata corruption against the latest
version of diet libc. This allocator is used in embedded systems. In freelist
poisoning, an attacker corrupts the chunk header of a free chunk. This chunk’s next
pointer is modified to point to an arbitrary address. The allocator, in a
subsequent malloc, will return this arbitrary pointer. In conjunction with program
application logic, an arbitrary write may be achievable.
Diet LIBC Freelist Poisoning.PDF
Exploiting the Lorex 2K Indoor Wifi at Pwn2Own Ireland
Introduction In October InfoSect participated in Pwn2Own Ireland 2024 and successfully exploited the Sonos Era 300 smart speaker and Lor...
-
InfoSect has always been committed to fostering diversity and inclusion within the cybersecurity industry, with a special focus on encourag...
-
Introduction In October InfoSect participated in Pwn2Own Ireland 2024 and successfully exploited the Sonos Era 300 smart speaker and Lor... -
Syed Faraz Abrar @farazsth98 Summary In this blog post, I will provide some details on how the Chromium developers implemente...
