Groups keyboard shortcuts have been updated
Dismiss
See shortcuts
Introduction to Heap Overflow
22 views
Skip to first unread message
Olivier Bilodeau
Jun 13, 2017, 4:11:55 PM6/13/17
to montrehack
English below
La prochaine édition de Montréhack aura lieu le 19 juin.
Introduction à l’exploitation sur le tas (heap)
Une introduction à l’exploitation de débordement de tampon qui sont stockés sur le tas (buffer overflows affecting the heap ;) ). Le fonctionnement de malloc et de free sera expliqué ainsi qu’une technique classique d’exploitation dlmalloc unlink. Les participants seront en mesure de mettre leurs talents à l’épreuve contre beatmeonthedl, un défi de Defcon Quals 2017.
Outils et expérience requis
- un Linux 64-bit (ou une VM)
- Debugger / Disassembler (j’utilise radare2 mais gdb, IDA, hopper ou autre)
- Connaissance de base en assembleur 64-bit recommandé
- Python avec pwntools (optional)
- un Linux 64-bit (ou une VM)
- Debugger / Disassembler (j’utilise radare2 mais gdb, IDA, hopper ou autre)
- Connaissance de base en assembleur 64-bit recommandé
- Python avec pwntools (optional)
Où
ESET
473 Ste-Catherine Ouest, Suite 300, Montréal, QC H3B 1B1, Canada
L’entrée est sur le côté, près de l’église.
ESET
473 Ste-Catherine Ouest, Suite 300, Montréal, QC H3B 1B1, Canada
L’entrée est sur le côté, près de l’église.
Quand
Lundi le 19 juin de 18h à 21h (suivi de bières au Bénélux)
Lundi le 19 juin de 18h à 21h (suivi de bières au Bénélux)
Remerciements
Next edition: June 19th 2017
The next edition of Montrehack will be held on Monday June 19th 2017
Introduction to Heap Exploitation
An introduction to how hackers can exploit overflows of buffers that are stored on the heap to achieve their evil deeds. The workings of malloc and free will be explained as well as the old-fashioned dlmalloc unlink exploitation technique. Participants will be able to put their skills to the test against beatmeonthedl, a challenge from defcon quals 2017.
Tools and Experience Required
- a Linux 64-bit system (or VM)
- Debugger / Disassembler (I use radare2 but gdb, IDA, hopper and others are fine too)
- At least a basic knowledge of 64-bit assembly is recommended
- Python with pwntools (recommended but optional).
Where
ESET
473 Ste-Catherine Ouest, Suite 300, Montréal, QC H3B 1B1, Canada
The entrance is on the side of the building, close to the church.
ESET
473 Ste-Catherine Ouest, Suite 300, Montréal, QC H3B 1B1, Canada
The entrance is on the side of the building, close to the church.
When
Monday June 19th from 6pm to 9pm (followed by drinks at Bénélux)
Monday June 19th from 6pm to 9pm (followed by drinks at Bénélux)
See you next Monday! With your Recon-con-flu ;)
Olivier Bilodeau
Jun 19, 2017, 11:03:15 AM6/19/17
to montrehack
Reminder: the event is tonight!
Rappel: MontréHack est ce soir!
arteau....@gmail.com
Jun 20, 2017, 1:34:32 PM6/20/17
to MontréHack
I cleaned up a bit the solution I had yesterday. It's a bit different from the presented solution since it works even with ASLR and DEP. You can find it here : https://gist.github.com/HoLyVieR/2d8566cbd500cc738cb20461751bec8e
Olivier Bilodeau
Jun 20, 2017, 1:41:22 PM6/20/17
to arteau....@gmail.com, MontréHack
That's a really neat sploit! (read in French in your head: esploie)
Thanks for sharing!
Reply all
Reply to author
Forward
0 new messages