heap spraying
kuhjapritsimine
olemus
liik ründeid, kasutades ära rakenduse mälukasutuse vigu
sunnib rakendust eraldama mälu
rohketele kahjurkoodi sisaldavatele objektidele
ning aitab realiseerida eksploiti, mis
viib täitmisvoo kahjuroodile kuhjas;
eeldab kuhja asukoha teadmist protsessi aadressiruumis,
on eriti toimiv brauseritel
=
a method of exploits that involves writing a malicious sequence of bytes at various uniformly distributed places of a heap
ülevaateid
https://www.computerhope.com/jargon/h/heap-spraying.htm
https://www.youtube.com/watch?v=Ec4UEtO7dPI
https://en.wikipedia.org/wiki/Heap_spraying
https://www.owasp.org/images/0/01/OWASL_IL_2010_Jan_-_Moshe_Ben_Abu_-_Advanced_Heapspray.pdf
https://www.blackhat.com/presentations/bh-europe-07/Sotirov/Presentation/bh-eu-07-sotirov-apr19.pdf
tõrje
https://media.blackhat.com/bh-us-11/LeMasters/BH_US_11_LeMasters_Heap_Inspector_WP.pdf
https://www.usenix.org/legacy/event/sec09/tech/full_papers/ratanaworabhan.pdf