Attacking the Webkit Heap
WebKit provides the backbone for an increasing number of Web Browsers, including Safari, Chrome and the Android browser. Within these browsers we see it coupled with the TCMalloc allocator to manage dynamic memory allocation. This common combination means that understanding of WebKit heap manipulation techniques and TCMalloc heap management algorithms and structures is very useful for reliable exploit development. In this talk we will explain the TCMalloc allocator from the point of view of heap manipulation and exploitation.
As is often the case with custom heap allocators, TCMalloc has far weaker (or entirely absent) protections than those offered by the core Windows, Linux or OS X allocators.
Finally, in an illustration of exploit dev necromancy we will plunder TCMalloc and resurrect some of your favourite exploitation strategies from allocators-past.
Sobre Agustin Gianni
Agustin is a security researcher with Immunity. His primary interests are system programming, reverse engineering and exploit development. Before joining Immunity Agustin was an independent researcher and developed tools related with network security and reverse engineering.