USERLAND EXPLOITATION

Heap Exploitation

Adobe Flash

CENSUS researcher Chariton Karamitas published on Phrack magazine Volume 0x0f, Issue 0x45 an article on the exploitation of an Adobe Flash Player bug.

jemalloc (NetBSD, FreeBSD, vlc, Firefox, Android)

We have investigated in depth the exploitation of the jemalloc memory allocator and the Mozilla Firefox browser. Our research on this subject is divided into four parts.

The first part covers an in-depth analysis of the jemalloc memory allocator as used in the libc of the FreeBSD and NetBSD operating systems:

The second part of our research applied the exploitation primitives we have identified in the first part to the Mozilla Firefox browser. This work was presented a) in Las Vegas at the Black Hat USA 2012 information security conference, and b) in Athens at AthCon 2013:

The third part defines a reusable exploitation methodology against the latest versions of the Mozilla Firefox browser in the context of the modern protections provided by most operating systems. It was presented in Miami Beach at the INFILTRATE offensive security conference:

The fourth part of our research on jemalloc focused on the Android operating system. As the jemalloc allocator became the libc allocator of Android, CENSUS researchers Tsaousoglou and Argyroudis released the shadow v2 tool at INFILTRATE 2017 that enables vulnerability researchers to explore Android heap structures and cuts down on the time needed to develop a heap corruption exploit for an Android application.