I’m pleased to post my article that got published in the January 2013 release of the International ISSA journal. The title of the article is “Heap Sprays to Sandbox Escapes: A Brief History of Browser Exploitation”. Given, this is a very broad (and hot) topic, I’ve primarily focused on the following areas:
– The evolution of exploitation techniques on client applications.
– The emergence of anti-exploitation technologies like memory protection to ‘break’ exploits.
– The evolution of known exploit vectors that ‘break’ memory protection schemes.
– Some well known evasion techniques to bypass standard detection techniques on client machines.
As the article states, I’ve taken examples of exploit vectors leveraging browsers – but most of these exploitation techniques are applicable for most other widely exploited client applications.
Hope you enjoy it!