Packt+ | Advance your knowledge in tech

You're reading from Hands-On Penetration Testing on Windows Unleash Kali Linux, PowerShell, and Windows debugging tools for security testing and analysis

Product type Paperback

Published in Jul 2018

Publisher Packt

ISBN-13 9781788295666

Length 452 pages

Edition 1st Edition

Languages

PowerShell

Tools

Kali Linux

Concepts

Penetration Testing

Author (1):

Phil Bramwell

View More author details

Table of Contents (19) Chapters

1. Bypassing Network Access Control FREE CHAPTER

2. Sniffing and Spoofing

3. Windows Passwords on the Network

4. Advanced Network Attacks

5. Cryptography and the Penetration Tester

6. Advanced Exploitation with Metasploit

7. Stack and Heap Memory Management

8. Windows Kernel Security

9. Weaponizing Python

10. Windows Shellcoding

11. Bypassing Protections with ROP

12. Fuzzing Techniques

13. Going Beyond the Foothold

14. Taking PowerShell to the Next Level

15. Escalating Privileges

16. Maintaining Access

17. Tips and Tricks

18. Assessment

19. Other Books You May Enjoy

Leave a review - let other readers know what you think

Taking out the guesswork – heap spraying

In Chapter 7, Stack and Heap: Memory Management, we had some fun with buffer overflows. In a nutshell, the concept is pretty simple: we try to stuff too much data into a container of a fixed size, which causes some data to spill out, hopefully overwriting the information that tells the processor what to execute next. We demonstrated this from the perspective of the stack. Now, we'll take a look at the exact same concept, but from the opposite end of memory space: the heap. We're about to discover that the heap is a whole different ballgame, so it will take some innovative thinking to make this work for us. Enter heap spraying, a technique that transforms a tiny target into a large one and thus increases our chances of a bullseye. Before we dive into what is one of my favorite attacks, we need a quick review of what the heap is.