Windows 8 developer preview was released in September 2011. While many focused on the Metro UI of the operating system, we decided to investigate the memory manager. Although generic heap exploitation has been dead for quite some time, intricate knowledge of both the application and underlying operating system's memory manager have continued to prove that reliable heap exploitation is still achievable. This presentation will focus on the transition of heap exploitation mitigations from Windows 7 to Windows 8 (Consumer Preview) from both a user-land and kernel-land perspective. We will be examining the inner workings of the Windows memory manager for allocations, de-allocations and all additional heap-related security features implemented in Windows 8. Also, additional tips and tricks will be covered providing the attendees the proper knowledge to achieve the highest possible levels of heap determinism.
Chris Valasek is a Senior Security Researcher at Coverity. As part of the security research team in the Office of the CTO, Valasek is focused on reverse engineering and researching new and existing security vulnerabilities; building this knowledge into the Coverity technology portfolio and share it broadly across the development community. Prior to Coverity, Valasek was a Senior Research Scientist at Accuvant LABS and IBM Internet Security Systems. Valasek's research focus spans areas such as vulnerability discovery, exploitation techniques, and reverse engineering, contributing public disclosures and authoring research on these topics to the broader security community. While Valasek is best known for his publications regarding the Microsoft Windows Heap, his research has broken new ground in areas such as vulnerability discovery, exploitation techniques, reverse engineering, source code and binary auditing, and protocol analysis. Valasek has presented his research at major international security conferences including Black Hat USA and Europe, ekoparty, INFILTRATE, and RSA, and is the chairman of SummerCon, the nation's oldest hacker convention.
Tarjei Mandt is a senior vulnerability researcher at Azimuth Security. He holds a Master's degree in Information Security and has previously spoken at security conferences such as Black Hat USA, INFILTRATE, SyScan, H2HC, and Hackito Ergo Sum. In his free time, he enjoys spending countless hours challenging security mechanisms and researching intricate issues in low-level system components. Recently, he has done extensive research on modern kernel pool exploitation and discovered several vulnerabilities in Windows kernel components.