Heap Exploitation Abstraction by Example - OWASP AppSec Research 2012
This year’s OWASP AppSec Research conference took place in Athens, Greece and we were planning to be there as participants. However, the day before the conference, Konstantinos Papapanagiotou (General Chair) asked if we could do a presentation to replace a cancelled talk. Myself and Chariton Karamitas agreed to help and spend around three hours preparing a talk on heap exploitation abstraction, a subject dear to us.
Black Hat USA 2012 update
This year we have presented our jemalloc exploitation research work at Black Hat USA 2012, the leading information security conference. Our researchers Patroklos Argyroudis and Chariton Karamitas visited Caesar’s Palace at Las Vegas, Nevada and delivered the talk.
Exploiting the jemalloc Memory Allocator - Black Hat USA 2012
CENSUS researchers Chariton Karamitas and Patroklos Argyroudis will be presenting “Exploiting the jemalloc Memory Allocator: Owning Firefox’s Heap”, an in-depth security analysis of the jemalloc memory allocator at Black Hat USA 2012. The focus will be on offensive techniques and the identification of attack vectors, while the Mozilla Firefox browser will be used as a case study.
Packing Heat - AthCon 2012 update
AthCon 2012 is now over and what a great event that was! Our talk this year, entitled “Packing Heat!”, described ways in which PE executables can be packed to evade AntiVirus (AV) detection during penetration tests. Specifically, the talk presented a new type of packer; a packer that generates metamorphic executables. Each executable generated by this type of packer both looks different on-disk and behaves differently at runtime.