Defeating Web Browser Heap Spray Attacks presented at BlackHatDC 2007

by Moti Joseph, Stephan Chenette,


Summary : In 2007 black hat Europe a talk was given titled: "Heap Feng Shui in JavaScript"
That presentation introduced a new technique for precise manipulation of the browser heap layout using specific sequences of JavaScript allocations. This allowed an attacker to set up the heap in any desired state and exploit difficult heap corruption vulnerabilities with more reliability and precision.
Our talk is a defensive response to this new technique. We will begin with an overview of "in the wild" heap spray exploits and how we can catch them, as well other zero day exploits using our exploit-detection module. We will give an overview of the analysis engine we have built that utilizes this module and we will demonstrate scanning and detection of a "live" website hosting a heap corruption vulnerability.
The talk will focus on Internet Explorer exploitation, but the general technique presented is applicable to other browsers as well.