Modern browsers participate in various exploit mitigations, often making it very difficult to exploit a discovered vulnerability. One of the most troublesome mitigations is Address Space Layout Randomization (ASLR). This control changes the layout of memory each time a process is started or the system is rebooted, removing any address predictability often desired by an attacker. Memory leak bugs can allow an attacker visibility into the affected process, rendering ASLR useless. Join Stephen for this advanced talk where he'll demonstrate weaponizing a memory leak bug affecting Internet Explorer 11 or Edge. This will include a summary of the relative bug class, triggering the bug, followed by walking through it in a debugger, and finally weaponizing it to aid in exploitation of the browser.
Stephen Sims is the lead course author of our advanced penetration testing and exploit writing and development courses, SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking and SEC760: Advanced Exploit Development for Penetration Testers