Internet Security Systems - AlertCon(TM)

A second Blackhat '09 talk

Posted by Chris Valasek on July 20, 2009 at 7:38 PM EDT.

Not to be one-upped by Dowd / Smith / Dewey, John McDonald and I are announcing our Blackhat USA 2009 presentation on “Practical Windows XP/2003 Heap Exploitation” (Go America!). We will be discussing the Windows Heap manager, distilling the current best-of-breed published techniques, and discussing a handful of newly-discovered tactics that prove useful when researching heap-based vulnerabilities on Windows XP SP3 and Windows 2003 SP2.
   
There has been a bounty of useful information regarding the Windows Heap over the years, so we’ve decided to take all this information, butcher it, and compress it into a one-hour presentation. We also have come across new exploitation techniques while spending endless hours staring at impossible vulnerabilities and crying. A generalized formula has also been conjured to assist others suffering through the hardships of creating reliable exploits in what appear to be intractable situations. We won't present this formula, as we have promised never to reveal the Wu-Tang secret, but we will, however, reveal a pale shadow of that formula. (Think Plato's allegory of the cave, but with hot chicks and science.) Real-world exploitations will also be demonstrated to prove that we’re not entirely lying.

Comments or opinions expressed on this Weblog are the opinions of the authors alone. They are not necessarily reviewed in advance by anyone but the individual authors, and neither IBM Internet Security Systems nor any other party necessarily agrees with them. The views expressed by outside contributors and links to outside websites do not represent the views of IBM Internet Security Systems, its management or employees. All content on this Weblog has been made available on an “as-is” basis, and IBM Internet Security Systems shall not be liable for any direct or indirect damages arising out of use of this Weblog.