ISSA Journal: Heap Sprays to Sandbox Escapes

Author: No Comments Share:

I’m pleased to post my article that got published in the January 2013 release of the International ISSA journal. The title of the article is “Heap Sprays to Sandbox Escapes: A Brief History of Browser Exploitation”. Given, this is a very broad (and hot) topic, I’ve primarily focused on the following areas:

– The evolution of exploitation techniques on client applications.

– The emergence of anti-exploitation technologies like memory protection to ‘break’ exploits.

– The evolution of known exploit vectors that ‘break’ memory protection schemes.

– Some well known evasion  techniques to bypass standard detection techniques on client machines.

As the article states, I’ve taken examples of exploit vectors leveraging browsers – but most of these exploitation techniques are applicable for most other widely exploited client applications.

Hope you enjoy it!

Previous Article

The Friction Affliction

Next Article

Why Oracle/Java Bashing Won’t Help

You may also like

Leave a Reply

Your email address will not be published. Required fields are marked *