Dumb fuzzing yields poor results on browsers today. @berendjanwever's fuzzers understand the DOM and coordinate to find complex interactions
-
-
He's collected data on BugID FPs over the last year. Short time between UAF was a typical FP. FNs using BugID are very low.
-
tl;dr Uses WinDBG, Page Heap for UAF. Relies heavily on symbols. Call stack hash and bug type for id. No src req'd, easy to deploy.
End of conversation
New conversation -
-
-
Umm
@berendjanwever are you sure? Or do you just mean the normal PageHeap (not full)? B/c: https://msdn.microsoft.com/en-us/library/ms220938(v=vs.90).aspx … -
That structure seems to be gone after free. I think the info is available, just don't know where. May be the page is just not accessible?...
-
Need to see if that's true: I could then make it accessible and extract the info. If anybody knows, let me know.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.