exploitation, especially with regards to heap spraying. The underlying knowledge of JavaScript string allocations were widely understood from Internet Explorer 6 through 7. However, while heap spray attacks adapted to changes in Internet Explorer 8‐9, public foundational knowledge did not keep pace. This presentation will discuss a brief history of string allocations from Internet Explorer 6 to Internet Explorer 8 then explore current memory management methods for Internet Explorer 9. The presentation will conclude with a look at how newly acquired knowledge can be useful for browser exploitation.
Christopher Valasek is the Director of Security Intelligence at IOActive, an industry leader in comprehensive computer security services. Valasek specializes in attack methodologies, reverse engineering, and exploitation techniques. While widely regarded for his research on Windows heap exploitation, he also regularly speaks on the security industry conference circuit on a variety of topics. His previous tenures include Coverity, Accuvant LABS, and IBM/ISS. Valasek is also the Chairman of SummerCon, the nation's oldest hacker conference. He holds a B.S. in Computer Science from the University of Pittsburgh.