Ben Livshits and Ben Zorn talk about
Nozzle, a new tool to detect heap spraying attacks, a new security attack that significantly increases the exploitability of existing memory corruption errors in type unsafe applications.
Ben^2 give us a quick course on the basics of heap spraying attacks and a demo of Nozzle in action. Nozzle is a runtime monitoring tool that watches the 'health' of your browser and detects attempts of heap spraying attacks.
- Nozzle: http://research.microsoft.com/nozzle
- Nozzle Tech Report: http://research.microsoft.com/pubs/76528/tr-2008-176.pdf
The Research in Software Engineering team (RiSE) coordinates Microsoft's research in Software Engineering in Redmond, USA.