Nanika and me will be speaking at Blackhat USA 2011 next week. The presentation will disclouse many new document exploit techniques, including our new Flash JIT spraying approach.
Our Flash JIT spraying technique could defeat memory protections, even EMET has been adopted and all functions are enabled!
Here are two demonstration videos.
(1) MS11-050 with NEW Flash JIT Spraying (IE)
(2) CVE-2010-3333 with NEW Flash JIT Spraying (Office 2010)
Not only JIT spraying, we will also introduce our Flash AVM fuzzing technique, new tricks to bypass sandbox protection, and new ways to defeat HIPS protection.
See you in Vegas, and welcome to see us and talk to us.