SLIDE 1
Heap Exploitation Heap Primitives malloc free calloc - - PowerPoint PPT Presentation
Heap Exploitation Heap Primitives malloc free calloc - - PowerPoint PPT Presentation
Heap Exploitation Heap Primitives malloc free calloc Organization of chunks Bins Fast Singly linked list 16, 24, 32, 40, 48, 56, 64, 72, 80 and 88 bytes Small Doubly linked list 16, 24, ... , 504 bytes
SLIDE 2
SLIDE 3
Heap Primitives
- malloc
- free
- calloc
SLIDE 4
SLIDE 5
SLIDE 6
SLIDE 7
Organization of chunks
- Bins
- Fast
- Singly linked list
- 16, 24, 32, 40, 48, 56, 64, 72, 80 and 88 bytes
- Small
- Doubly linked list
- 16, 24, ... , 504 bytes
- Large
- Doubly linked lists
- Different sizes
- Sorted in decreasing order
- Unsorted
SLIDE 8
Overview of Algorithms for malloc and free
- Malloc
- Free
SLIDE 9
Examples of exploits
- LIFO Experiment
- Use after free
- Unlink
SLIDE 10
FIFO Experiment
SLIDE 11
Example of UAF Heap exploit
Indian Institute of Science 11
SLIDE 12
Example of UAF Heap exploit
Indian Institute of Science 12
SLIDE 13
Example of UAF Heap exploit
Indian Institute of Science 13
SLIDE 14
Example of UAF Heap exploit
Indian Institute of Science 14
SLIDE 15
Example of UAF Heap exploit
Indian Institute of Science 15
SLIDE 16
Example of UnLink Exploit
SLIDE 17
Example of UnLink Exploit
SLIDE 18
SLIDE 19
Current Research: Attackers Perspective
- Automatic manipulation
- Dynamic and static analysis
- Understanding allocators
- Chunk placement
- Manual Exploitation: Exploit writing