Abusing Silent Mitigations - Understanding Weakness Within Internet Explorers Isolated Heap and Memory Protection

by Brian Gorenc, Abdul-Aziz Hariri, Simon Zuckerbraun
Sept. 18, 2017 1 comment www.blackhat.com belen_caty

This talk covers the evolution of the Isolated Heap and MemoryProtection mitigations, examines how they operate, and studies their weaknesses. It outlines techniques and steps an attacker must take to attack these mitigations to gain code execution on use-after-free vulnerabilities where possible. It describes how an attacker can use MemoryProtection as an oracle to determine the address at which a module will be loaded to bypass ASLR. Finally, additional recommended defenses are laid out to further harden Internet Explorer from these new attack vectors.

https://www.blackhat.com/us-15/briefings.html#abusing-silent-mitigations-understanding-weaknesses...

Avatar
Steven Ulm 2 months, 4 weeks ago

I like the way Brian explains the Isolated Heap and MemoryProtection mitigations but I do believe that the article could be slightly better researched. Thank you for sharing it with us though!

Reply