[framework] Javascript Shellcode

[Alexander Sotirov]

H D Moore wrote:
> Do whatever you can to see this talk, Alex's exploitation methods for 
> client-side exploits are second to none (my heap-fill code is sloppy 
> trash by comparison).

Hah, you should tell this to Dragos, I'm still waiting to find out if the talk
was accepted for CanSecWest.

The presentation is about a new technique for precise manipulation of the
browser heap layout using specific sequences of JavaScript allocations. I'll
release a JavaScript library with functions for setting up the heap in a
controlled state before triggering a heap corruption bug. This will allow the
exploitation of very difficult heap corruption vulnerabilities with great
reliability and precision.

Even if you can't make it to the conference, check out the paper afterwards, it
will be worth it.

Alex