Understanding The Heap By Breaking It: A Case Study Of The Heap As A Persistent Data Structure Through Non-Traditional Exploitation Techniques presented at Blackhat USA 2007

by Justin Ferguson,

Tags: Security Exploitation

Summary : Traditional exploitation techniques of
overwriting heap metadata has been discussed ad-nauseum, however due to
this common perspective the flexibility in abuse of the heap is commonly
overlooked. This presentation examines a flaw that was found in
multiple open-source Simple and Protected Generic Security Services API
Negotiation (SPNEGO) modules with the talk focusing on the
implementation provided by mod_auth_kerb, an Apache Kerberos
authentication module, as a method for exploring heap structure
exploitation and hopefully providing a gateway to understanding the true
beauty of data structure exploitation.