exploitation, especially with regards to heap spraying. The underlying knowledge of JavaScript string allocations were widely understood from Internet Explorer 6 through 7. However, while heap spray attacks adapted to changes in Internet Explorer 8‐9, public foundational knowledge did not keep pace. This presentation will discuss a brief history of string allocations from Internet Explorer 6 to Internet Explorer 8 then explore current memory management methods for Internet Explorer 9. The presentation will conclude with a look at how newly acquired knowledge can be useful for browser exploitation.