HOW TO CATCH A CHAMELEON: ITS ALL IN YOUR HEAP presented at Ruxcon 2012

by Steven Seeley,

Tags: Exploitation Heap Overflows Tools Immdbg

Summary : "The detection of heap based buffer overflows have always been difficult due to the use of the corrupted memory happening often much later after the overwrite occurs during an execution process. Add to that the difficulty in the classification and exploitation of these vulnerabilities and you are doomed for eternity.
Meet Heaper. Heaper is an evolving Immunity Debugger plugin designed to not only detect corrupted heap memory during a dynamic assessment, but also to use a number of heuristics to detect exploitable conditions. Once a condition is triggered, it will hopefully guide you on how you should 'massage' the heap. Additionally, it introduces the ability to graph and analysis the heap state and performs other important heap tasks.
Come and learn how Steve failed, succeeded, what functionality was developed and why and the future direction of the project."