OR’LYEH? The Shadow over Firefox (INFILTRATE 2015)
About two months ago (April 15th 2015) I visited Miami and presented at the INFILTRATE Security Conference a talk on Firefox heap exploitation, titled “OR’LYEH? The Shadow over Firefox”. The organization of the conference was flawless and the people I met there were amazing. A special thank you to the Immunity team for being great hosts and for their helpful feedback.
Project Heapbleed
I recently presented a talk on heap exploitation abstraction at two conferences, namely ZeroNights 2014 (Moscow, Russia) and BalCCon 2014 (Novi Sad, Serbia). The talk titled “Project Heapbleed”, collected the experience of exploiting allocators in various different target applications and platforms. The talk focused on practical, reusable heap attack primitives that aim to reduce the exploit development time and effort.
Project Heapbleed talks at ZeroNights 2014 and BalCCon 2014
CENSUS researcher Patroklos Argyroudis presented "Project Heapbleed" at the 2014 ZeroNights (Moscow, Russia) and BalCCon (Novi Sad, Serbia) conferences. The talks focused on practical, reusable heap attack primitives that aim to reduce the exploit development time and effort.
Heap Exploitation Abstraction by Example - OWASP AppSec Research 2012
This year’s OWASP AppSec Research conference took place in Athens, Greece and we were planning to be there as participants. However, the day before the conference, Konstantinos Papapanagiotou (General Chair) asked if we could do a presentation to replace a cancelled talk. Myself and Chariton Karamitas agreed to help and spend around three hours preparing a talk on heap exploitation abstraction, a subject dear to us.