Exploiting IE: Smashing the Heap
This chapter shows you the different techniques used in 0-day attacks, as disclosed in 2013 and 2014, to place malicious code (shellcode) at predictable addresses in the heap.
In this chapter, we cover the following topics:
• Spraying with HTML5
• DOM Element Property Spray (DEPS)
• HeapLib2 technique
• Flash spray with byte arrays
• Flash spray with integer vectors
• Leveraging low fragmentation heap (LFH)
Setting Up the Environment
Before learning about the different heap spray techniques, it is imperative that you have a solid understanding of how to configure and use WinDbg Debugger since we will use ...