Abusing Silent Mitigations - Understanding Weakness Within Internet Explorers Isolated Heap and Memory Protection

by Brian Gorenc, Abdul-Aziz Hariri, Simon Zuckerbraun Sept. 18, 2017 via www.blackhat.com submitted by belen_caty

This talk covers the evolution of the Isolated Heap and MemoryProtection mitigations, examines how they operate, and studies their weaknesses. It outlines techniques and steps an attacker must take to attack these mitigations to gain code execution on use-after-free vulnerabilities where possible. It describes how an attacker can use MemoryProtection as an oracle to determine the address at which a module will be loaded to bypass ASLR. Finally, additional recommended defenses are laid out to further harden Internet Explorer from these new attack vectors.

https://www.blackhat.com/us-15/briefings.html#abusing-silent-mitigations-understanding-weaknesses...

Avatar
Steven Ulm 1 month ago

I like the way Brian explains the Isolated Heap and MemoryProtection mitigations but I do believe that the article could be slightly better researched. Thank you for sharing it with us though!

Reply