A Look at Memory Disclosure Bugs presented at CyberThreat 2018

by Steve Sims,

Summary : Most security professionals are familiar with an effective exploit mitigation known as address space layout randomisation (ASLR). This control takes away an attacker's ability to rely on static addressing by randomising memory allocations, rebasing module load addresses, and randomising segments in memory, such as the stack and heap. If an attacker can discover and exploit an information disclosure bug, ASLR can be completely bypassed. Join Stephen as he walks through the exploitation of a modern browser-based memory disclosure bug.