Exploiting IE: Smashing the Heap

This chapter shows you the different techniques used in 0-day attacks, as disclosed in 2013 and 2014, to place malicious code (shellcode) at predictable addresses in the heap.

            In this chapter, we cover the following topics:

            •  Spraying with HTML5

            •  DOM Element Property Spray (DEPS)

            •  HeapLib2 technique

            •  Flash spray with byte arrays

            •  Flash spray with integer vectors

            •  Leveraging low fragmentation heap (LFH)


Setting Up the Environment

Before learning about the different heap spray techniques, it is imperative that you have a solid understanding of how to configure and use WinDbg Debugger since we will use ...

Get Gray Hat Hacking The Ethical Hacker's Handbook, Fourth Edition, 4th Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.