Exploits and vulnerabilities. [Research Saturday]
CyberWire Daily
00:00
Manipulating the Heap for Remote Code Execution
In this chapter, they discuss the process of manipulating the heap to achieve remote code execution. They explain the determinism in controlling the data and layout of the heap, highlighting the goal of overwriting a function pointer in the SSL structure for ultimate control. They also cover the steps taken to exploit the SSL structure in Fortinet and the workaround implemented for the non-executable heap.
Play episode from 03:50
Transcript
