ISSA Journal: Heap Sprays to Sandbox Escapes
I’m pleased to post my article that got published in the January 2013 release of the International ISSA journal. The title of the article is “Heap Sprays to Sandbox Escapes: A Brief History of Browser Exploitation”. Given, this is a very broad (and hot) topic, I’ve primarily focused on the following areas:
– The evolution of exploitation techniques on client applications.
– The emergence of anti-exploitation technologies like memory protection to ‘break’ exploits.
– The evolution of known exploit vectors that ‘break’ memory protection schemes.
– Some well known evasion techniques to bypass standard detection techniques on client machines.
As the article states, I’ve taken examples of exploit vectors leveraging browsers – but most of these exploitation techniques are applicable for most other widely exploited client applications.
Hope you enjoy it!