About two months ago (April 15th 2015) I visited Miami and presented at the
INFILTRATE Security Conference
a talk on Firefox heap exploitation, titled “OR’LYEH? The Shadow over Firefox”. The organization of the conference was flawless and the people I met there were amazing. A special thank you to the Immunity team for being great hosts and for their helpful feedback.
In the talk I expanded upon and updated previous work I have done on Firefox/jemalloc heap exploitation, taking into account Firefox’s new GC implementation. Also, I introduced a major upgrade of the “unmask_jemalloc” Firefox heap exploration utility with new features, and support for Windows (and the WinDbg debugger). The new version of unmask_jemalloc, named “shadow”, is available on GitHub.
You can find the public version of my slide deck here. If you have attended INFILTRATE 2015, mail me to request the full version of the slides and the version of the shadow utility I demonstrated at the conference.
In case you missed my talk at INFILTRATE you have another chance to catch it at Summercon on July 18th at NYC. I hope to see you there.