{"id":477439,"date":"2023-08-09T09:14:50","date_gmt":"2023-08-09T09:14:50","guid":{"rendered":""},"modified":"2023-09-05T11:14:42","modified_gmt":"2023-09-05T11:14:42","slug":"heap-spraying","status":"publish","type":"wiki","link":"https:\/\/oneproxy.pro\/kr\/wiki\/heap-spraying\/","title":{"rendered":"\ud799 \uc2a4\ud504\ub808\uc774"},"content":{"rendered":"<p>\ud799 \uc2a4\ud504\ub808\uc774\ub294 \ucef4\ud4e8\ud130 \uc774\uc6a9 \ubd84\uc57c\uc5d0\uc11c \ub110\ub9ac \uc0ac\uc6a9\ub418\ub294 \uae30\uc220\uc785\ub2c8\ub2e4. \uc774\ub294 \uc8fc\ub85c \ubc84\ud37c \uc624\ubc84\ud50c\ub85c\uc640 \uac19\uc740 \ucde8\uc57d\uc810\uc774 \uc545\uc6a9\ub420 \ub54c \uc784\uc758 \ucf54\ub4dc\ub97c \uc2e4\ud589\ud560 \uac00\ub2a5\uc131\uc744 \ub192\uc774\uae30 \uc704\ud574 \ud504\ub85c\uc138\uc2a4\uc758 \ud799 \uba54\ubaa8\ub9ac \uc601\uc5ed\uc744 \uc258\ucf54\ub4dc\ub85c \ub118\uce58\uac8c \ud558\ub294 \uac83\uacfc \uad00\ub828\ub429\ub2c8\ub2e4.<\/p>\n<h2>\ud799 \uc2a4\ud504\ub808\uc774\uc758 \uc5ed\uc0ac\uc640 \uccab \ubc88\uc9f8 \uc5b8\uae09<\/h2>\n<p>\ud799 \uc2a4\ud504\ub808\uc774\ub294 2000\ub144\ub300 \ucd08\ubc18 Matt Conover\uc640 Oded Horovitz\uac00 \uc791\uc131\ud55c &quot;\ud799 \uc2a4\ud504\ub808\uc774: \uc77c\ubc18\uc801\uc778 \ubcf4\uc548 \uc870\uce58\uc5d0 \ub300\uc751\ud558\ub294 \uae30\uc220&quot;\uc774\ub77c\ub294 \ubcf4\uc548 \ubb38\uc11c\uc5d0\uc11c \ucc98\uc74c\uc73c\ub85c \ub300\uc911\uc758 \uad00\uc2ec\uc744 \ub04c\uc5c8\uc2b5\ub2c8\ub2e4. \uc2e4\ud589 \uc911\uc778 \ud504\ub85c\uc138\uc2a4\uc758 \uc8fc\uc18c \uacf5\uac04\uc744 \ubb34\uc791\uc704\ub85c \uc9c0\uc815\ud558\ub3c4\ub85d \uc124\uacc4\ub41c \ubcf4\uc548 \uba54\ucee4\ub2c8\uc998\uc758 \uad6c\ud604\uc774 \uc99d\uac00\ud558\uba74\uc11c \uc2dc\uc791\ub418\uc5c8\uc73c\uba70, \uc774\uc5d0 \ub530\ub77c \uacf5\uaca9\uc790\uac00 \uba54\ubaa8\ub9ac\uc5d0\uc11c \uc258\ucf54\ub4dc\uac00 \uc5b4\ub514\uc5d0 \uc704\uce58\ud560\uc9c0 \uc608\uce21\ud558\uae30\uac00 \ub354 \uc5b4\ub824\uc6cc\uc84c\uc2b5\ub2c8\ub2e4.<\/p>\n<h2>\uc8fc\uc81c \ud655\uc7a5: \ud799 \uc2a4\ud504\ub808\uc774<\/h2>\n<p>\ud799 \uc2a4\ud504\ub808\uc774\ub294 \uc8fc\ub85c \uba54\ubaa8\ub9ac \uc190\uc0c1 \ucde8\uc57d\uc810\uc744 \uc545\uc6a9\ud558\ub294 \ub370 \uc0ac\uc6a9\ub429\ub2c8\ub2e4. \uadf8 \ubaa9\uc801\uc740 \uacf5\uaca9\uc790\uc758 \uc258\ucf54\ub4dc\uac00 \ud504\ub85c\uc138\uc2a4\uc758 \ud070 \ubd80\ubd84\uc5d0 \ubd84\uc0b0\ub418\ub294 \ubc29\uc2dd\uc73c\ub85c \ud504\ub85c\uc138\uc2a4\uc758 \ud799\uc744 \uc870\uc791\ud558\ub294 \uac83\uc785\ub2c8\ub2e4. \uc774\ub294 \ud799 \ub0b4\uc5d0 \uc6d0\ud558\ub294 \uc258\ucf54\ub4dc\uc758 \ubcf5\uc0ac\ubcf8\uc744 \ud3ec\ud568\ud558\ub294 \uc5ec\ub7ec \uac1c\uccb4\ub098 \uc778\uc2a4\ud134\uc2a4\ub97c \uc0dd\uc131\ud558\uc5ec \uc218\ud589\ub429\ub2c8\ub2e4.<\/p>\n<p>\uc774 \uae30\uc220\uc740 \uc784\uc758 \ucf54\ub4dc \uc2e4\ud589\uc744 \ud5c8\uc6a9\ud558\ub294 \ub2e4\ub978 \uacf5\uaca9\uacfc \ud568\uaed8 \uc0ac\uc6a9\ub418\ub294 \uacbd\uc6b0\uac00 \ub9ce\uc2b5\ub2c8\ub2e4. \uadf8\ub7ec\ub098 \uc774\ub7ec\ud55c \uc775\uc2a4\ud50c\ub85c\uc787\uc758 \ubb38\uc81c\ub294 \uc2e4\ud589\ub420 \ucf54\ub4dc\uc758 \uc815\ud655\ud55c \uba54\ubaa8\ub9ac \uc704\uce58\uc5d0 \ub300\ud55c \uc9c0\uc2dd\uc774 \ud544\uc694\ud55c \uacbd\uc6b0\uac00 \ub9ce\uc73c\uba70, \ub2e4\uc591\ud55c \ubcf4\uc548 \uc870\uce58\ub85c \uc778\ud574 \uc774\ub97c \ud655\uc778\ud558\uae30 \uc5b4\ub824\uc6b8 \uc218 \uc788\ub2e4\ub294 \uac83\uc785\ub2c8\ub2e4. \ud799 \uc2a4\ud504\ub808\uc774\ub294 \ud544\uc694\ud55c \uc258\ucf54\ub4dc\ub85c \ud799\uc758 \uc0c1\ub2f9 \ubd80\ubd84\uc744 \ucc44\uc6cc\uc11c \ucf54\ub4dc \uc2e4\ud589\uc744 \ud2b8\ub9ac\uac70\ud558\ub294 \uacf5\uaca9 \uac00\ub2a5\uc131\uc744 \ud1b5\uacc4\uc801\uc73c\ub85c \uc99d\uac00\uc2dc\ucf1c \uc774 \ubb38\uc81c\ub97c \ud574\uacb0\ud569\ub2c8\ub2e4.<\/p>\n<h2>\ud799 \uc2a4\ud504\ub808\uc774\uc758 \ub0b4\ubd80 \uad6c\uc870<\/h2>\n<p>\ud799 \uc2a4\ud504\ub808\uc774 \uae30\ub2a5\uc740 \ub450 \ub2e8\uacc4 \ud504\ub85c\uc138\uc2a4\ub97c \ud1b5\ud574 \uc218\ud589\ub429\ub2c8\ub2e4.<\/p>\n<ol>\n<li>\n<p><strong>\uc2a4\ud504\ub808\uc774<\/strong>: \ud799 \uba54\ubaa8\ub9ac\ub294 \uc6d0\ud558\ub294 \uc258\ucf54\ub4dc\uc758 \uc5ec\ub7ec \uc778\uc2a4\ud134\uc2a4\ub85c \ucc44\uc6cc\uc9d1\ub2c8\ub2e4. \uc774\ub294 \uc258\ucf54\ub4dc\ub97c \uc6b4\ubc18\ud558\ub294 \uac1c\uccb4\ub098 \uc778\uc2a4\ud134\uc2a4\ub97c \uc0dd\uc131\ud558\uc5ec \uc218\ud589\ub418\uba70, \uc774 \uac1c\uccb4\ub294 \ud799\uc758 \ub2e4\ub978 \uba54\ubaa8\ub9ac \uc8fc\uc18c\uc5d0 \ud560\ub2f9\ub429\ub2c8\ub2e4.<\/p>\n<\/li>\n<li>\n<p><strong>\ubc29\uc544\uc1e0<\/strong>: \ucde8\uc57d\uc810\uc744 \uc545\uc6a9\ud558\uc5ec \uc784\uc758\uc758 \ucf54\ub4dc\ub97c \uc2e4\ud589\ud569\ub2c8\ub2e4. \uba54\ubaa8\ub9ac\uac00 \uc258\ucf54\ub4dc\uc758 \uc778\uc2a4\ud134\uc2a4\ub85c \uac00\ub4dd \ucc28 \uc788\uae30 \ub54c\ubb38\uc5d0 \uc2e4\ud589\ub41c \ucf54\ub4dc\uac00 \uacf5\uaca9\uc790\uc758 \uc258\ucf54\ub4dc\uc77c \uac00\ub2a5\uc131\uc774 \uc0c1\ub2f9\ud788 \ub192\uc544\uc9c4\ub2e4.<\/p>\n<\/li>\n<\/ol>\n<h2>\ud799 \uc2a4\ud504\ub808\uc774\uc758 \uc8fc\uc694 \ud2b9\uc9d5<\/h2>\n<p>\ud799 \uc2a4\ud504\ub808\uc774\uc758 \uc8fc\uc694 \uae30\ub2a5\uc740 \ub2e4\uc74c\uacfc \uac19\uc2b5\ub2c8\ub2e4.<\/p>\n<ul>\n<li>\uc774\ub294 \ub300\uccb4\ub85c \ud398\uc774\ub85c\ub4dc\uc5d0 \uad6c\uc560\ubc1b\uc9c0 \uc54a\uc73c\uba70, \uc774\ub294 \uc0ac\uc2e4\uc0c1 \ubaa8\ub4e0 \uc885\ub958\uc758 \uc258\ucf54\ub4dc\ub97c \uc2e4\ud589\ud558\ub294 \ub370 \uc0ac\uc6a9\ud560 \uc218 \uc788\uc74c\uc744 \uc758\ubbf8\ud569\ub2c8\ub2e4.<\/li>\n<li>\ucde8\uc57d\uc810\uc744 \uc545\uc6a9\ud560 \ub54c \uc131\uacf5\uc801\uc778 \ucf54\ub4dc \uc2e4\ud589 \ud655\ub960\uc774 \ud06c\uac8c \ub192\uc544\uc9d1\ub2c8\ub2e4.<\/li>\n<li>\uc815\ud655\ud55c \uba54\ubaa8\ub9ac \uc8fc\uc18c\uc5d0 \ub300\ud55c \uc9c0\uc2dd\uc744 \uc694\uad6c\ud558\uc9c0 \uc54a\uc74c\uc73c\ub85c\uc368 ASLR(\uc8fc\uc18c \uacf5\uac04 \ub808\uc774\uc544\uc6c3 \ubb34\uc791\uc704\ud654)\uacfc \uac19\uc740 \ud2b9\uc815 \ubcf4\uc548 \uc870\uce58\ub97c \uc6b0\ud68c\ud569\ub2c8\ub2e4.<\/li>\n<\/ul>\n<h2>\ud799 \uc2a4\ud504\ub808\uc774 \uc720\ud615<\/h2>\n<p>\ud799 \uc2a4\ud504\ub808\uc774\uc5d0\ub294 \uc5ec\ub7ec \uac00\uc9c0 \ubcc0\ud615\uc774 \uc788\uc73c\uba70, \uac01\uac01\uc740 \ud799\uc744 \uc2a4\ud504\ub808\uc774\ud558\ub294 \ub370 \uc0ac\uc6a9\ub418\ub294 \ubc29\ubc95\uc5d0 \ub530\ub77c \ub2e4\ub985\ub2c8\ub2e4. \ub2e4\uc74c\uc740 \uba87 \uac00\uc9c0 \uc720\ud615\uc785\ub2c8\ub2e4.<\/p>\n<table>\n<thead>\n<tr>\n<th>\ud799 \uc2a4\ud504\ub808\uc774 \uc720\ud615<\/th>\n<th>\uc124\uba85<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><strong>\ud074\ub798\uc2dd \ud799 \uc2a4\ud504\ub808\uc774<\/strong><\/td>\n<td>\uac01 \ube14\ub85d\uc5d0\ub294 \uc258\ucf54\ub4dc\uac00 \ud3ec\ud568\ub41c \uba54\ubaa8\ub9ac \ube14\ub85d\uc774 \ubc18\ubcf5\uc801\uc73c\ub85c \ud560\ub2f9\ub429\ub2c8\ub2e4.<\/td>\n<\/tr>\n<tr>\n<td><strong>\uc21c\ucc28\uc801 \ud799 \uc2a4\ud504\ub808\uc774<\/strong><\/td>\n<td>\ud070 \uba54\ubaa8\ub9ac \ube14\ub85d\uc744 \ud560\ub2f9\ud558\uace0 \uc774\ub97c \uc258\ucf54\ub4dc\ub85c \ucc44\uc6c1\ub2c8\ub2e4.<\/td>\n<\/tr>\n<tr>\n<td><strong>NOP \uc2ac\ub808\ub4dc \ud799 \uc2a4\ud504\ub808\uc774<\/strong><\/td>\n<td>\uc131\uacf5\ub960\uc744 \ub192\uc774\uae30 \uc704\ud574 \uc258\ucf54\ub4dc \uc55e\uc5d0 NOP-sled(\uc5f0\uc18d\uc801\uc778 \ubb34\uc791\ub3d9 \uba85\ub839)\ub97c \uc0ac\uc6a9\ud569\ub2c8\ub2e4.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>\ud799 \uc2a4\ud504\ub808\uc774 \uc0ac\uc6a9 \ubc29\ubc95, \ubb38\uc81c \ubc0f \ud574\uacb0 \ubc29\ubc95<\/h2>\n<p>\ud799 \uc2a4\ud504\ub808\uc774\ub294 \uc8fc\ub85c \ubcf4\uc548 \uc545\uc6a9, \ud2b9\ud788 \uba54\ubaa8\ub9ac \uc190\uc0c1 \ucde8\uc57d\uc810\uc744 \uc545\uc6a9\ud558\ub294 \uacbd\uc6b0\uc5d0 \uc0ac\uc6a9\ub429\ub2c8\ub2e4. \ud2b9\ud788 \uc784\uc758 \ucf54\ub4dc \uc2e4\ud589\uc744 \ud5c8\uc6a9\ud558\ub294 \ucde8\uc57d\uc810\uacfc \ud568\uaed8 \uc0ac\uc6a9\ud558\uba74 \uac15\ub825\ud55c \uae30\uc220\uc785\ub2c8\ub2e4.<\/p>\n<p>\uadf8\ub7ec\ub098 \ud799 \uc2a4\ud504\ub808\uc774\ub97c \uc0ac\uc6a9\ud558\ub294 \ub370 \uc5b4\ub824\uc6c0\uc774 \uc5c6\ub294 \uac83\uc740 \uc544\ub2d9\ub2c8\ub2e4. \ud55c \uac00\uc9c0 \ubb38\uc81c\ub294 \ud799 \ud06c\uae30\uac00 \uc99d\uac00\ud568\uc5d0 \ub530\ub77c \uae30\uc220\uc744 \ub354 \uc27d\uac8c \uac10\uc9c0\ud560 \uc218 \uc788\ub2e4\ub294 \uac83\uc785\ub2c8\ub2e4. \ub610 \ub2e4\ub978 \uacfc\uc81c\ub294 ASLR \ubc0f DEP(\ub370\uc774\ud130 \uc2e4\ud589 \ubc29\uc9c0)\uc640 \uac19\uc740 \uc545\uc6a9 \uc644\ud654 \uae30\uc220\uc758 \uad6c\ud604\uc774 \ub298\uc5b4\ub098\ub294 \uac83\uc785\ub2c8\ub2e4. \uc774\ub85c \uc778\ud574 \ud799\uc5d0\uc11c \uc178\ucf54\ub4dc\ub97c \uc2e4\ud589\ud558\ub294 \uac83\uc774 \ub354 \uc5b4\ub824\uc6cc\uc9d1\ub2c8\ub2e4.<\/p>\n<p>\uc774\ub7ec\ud55c \ubb38\uc81c\ub97c \uadf9\ubcf5\ud558\uae30 \uc704\ud574 \uacf5\uaca9\uc790\ub294 JIT \uc2a4\ud504\ub808\uc774\uc640 \uac19\uc740 \ubcf4\ub2e4 \uc815\uad50\ud55c \ud799 \uc2a4\ud504\ub808\uc774 \ubc29\ubc95\uc744 \uc0ac\uc6a9\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4. JIT \uc2a4\ud504\ub808\uc774\ub294 JIT(Just-In-Time) \ucef4\ud30c\uc77c\ub7ec\ub97c \ud65c\uc6a9\ud558\uc5ec \ud799\uc744 \uc2e4\ud589 \uac00\ub2a5\ud558\uac8c \ub9cc\ub4ed\ub2c8\ub2e4. \ubc18\uba74\uc5d0 \ubcf4\uc548 \uc2e4\ubb34\uc790\ub294 \uc0c8\ub85c\uc6b4 \uc644\ud654 \uae30\uc220\uc744 \uc9c0\uc18d\uc801\uc73c\ub85c \uac1c\uc120\ud558\uace0 \uac1c\ubc1c\ud574\uc57c \ud569\ub2c8\ub2e4.<\/p>\n<h2>\uc8fc\uc694 \ud2b9\uc9d5 \ubc0f \uc720\uc0ac \uc6a9\uc5b4\uc640\uc758 \ube44\uad50<\/h2>\n<p>\ud799 \uc2a4\ud504\ub808\uc774\ub294 \uc885\uc885 \uc2a4\ud0dd \uc2a4\ub9e4\uc2f1 \ubc0f ROP(\ubc18\ud658 \uc9c0\ud5a5 \ud504\ub85c\uadf8\ub798\ubc0d)\uc640 \uac19\uc740 \uc720\uc0ac\ud55c \uacf5\uaca9 \uae30\uc220\uacfc \ube44\uad50 \ubc0f \ub300\uc870\ub429\ub2c8\ub2e4.<\/p>\n<table>\n<thead>\n<tr>\n<th>\uae30\uc220<\/th>\n<th>\uc124\uba85<\/th>\n<th>\ud799 \uc2a4\ud504\ub808\uc774\uc640\uc758 \uc720\uc0ac\uc810\/\ucc28\uc774\uc810<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><strong>\uc2a4\ud0dd \uc2a4\ub9e4\uc2f1<\/strong><\/td>\n<td>\ud504\ub85c\uadf8\ub7a8 \uc2e4\ud589\uc744 \ubcc0\uacbd\ud558\uae30 \uc704\ud574 \uc2a4\ud0dd\uc744 \uc190\uc0c1\uc2dc\ud0a4\ub294 \uac83\uacfc \uad00\ub828\ub429\ub2c8\ub2e4.<\/td>\n<td>\ud799 \uc2a4\ud504\ub808\uc774\uc640 \ub2ec\ub9ac \uc2a4\ud0dd \uc2a4\ub9e4\uc2f1\uc5d0\ub294 \uc815\ud655\ud55c \uba54\ubaa8\ub9ac \ub808\uc774\uc544\uc6c3\uc5d0 \ub300\ud55c \uc9c0\uc2dd\uc774 \ud544\uc694\ud569\ub2c8\ub2e4.<\/td>\n<\/tr>\n<tr>\n<td><strong>\ubcf5\uadc0 \uc9c0\ud5a5 \ud504\ub85c\uadf8\ub798\ubc0d(ROP)<\/strong><\/td>\n<td>\uae30\uc874 \ucf54\ub4dc \uc870\uac01(\uac00\uc82f)\uc744 \uc0ac\uc6a9\ud558\uc5ec \uc545\uc758\uc801\uc778 \uc791\uc5c5\uc744 \uc218\ud589\ud569\ub2c8\ub2e4.<\/td>\n<td>\ud799 \uc2a4\ud504\ub808\uc774\uc640 \ub9c8\ucc2c\uac00\uc9c0\ub85c ROP\ub294 DEP\ub97c \uc6b0\ud68c\ud560 \uc218 \uc788\uc9c0\ub9cc \uc258\ucf54\ub4dc\ub85c \uba54\ubaa8\ub9ac\ub97c \ucc44\uc6b8 \ud544\uc694\ub294 \uc5c6\uc2b5\ub2c8\ub2e4.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>\ud799 \uc2a4\ud504\ub808\uc774 \uad00\ub828 \ubbf8\ub798 \uc804\ub9dd\uacfc \uae30\uc220<\/h2>\n<p>\ud799 \uc2a4\ud504\ub808\uc774\ub294 \uc5ec\uc804\ud788 \uc704\ud611\uc774\uc9c0\ub9cc \ubbf8\ub798\uc5d0\ub294 \ubcf4\ub2e4 \ud6a8\uacfc\uc801\uc778 \uc644\ud654 \uc804\ub7b5\uc774 \ud544\uc694\ud569\ub2c8\ub2e4. CFI(\uc81c\uc5b4 \ud750\ub984 \ubb34\uacb0\uc131) \ubc0f \ud5a5\uc0c1\ub41c ASLR\uacfc \uac19\uc740 \uae30\uc220\ub85c \uc778\ud574 \ucde8\uc57d\uc810 \uc545\uc6a9\uc774 \ub354\uc6b1 \uc5b4\ub824\uc6cc\uc9c8 \uc218 \uc788\uc2b5\ub2c8\ub2e4. \ub610\ud55c \uae30\uacc4 \ud559\uc2b5 \ubc0f AI \uc54c\uace0\ub9ac\uc998\uc744 \uc0ac\uc6a9\ud558\uc5ec \ud799\uc758 \ube44\uc815\uc0c1\uc801\uc778 \ub3d9\uc791\uc744 \ub354 \uc798 \uac10\uc9c0\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<p>\ubc18\uba74, \uae30\uc220\uc774 \ubc1c\uc804\ud568\uc5d0 \ub530\ub77c \uacf5\uaca9\uc790\ub294 JIT \uc2a4\ud504\ub808\uc774 \ubc0f Use-After-Free \ucde8\uc57d\uc810\uacfc \uac19\uc740 \ubcf4\ub2e4 \uc815\uad50\ud55c \uae30\uc220\uc5d0 \uc758\uc874\ud560 \uc218 \uc788\uc73c\uba70 \uc774\ub294 \uace0\uc720\ud55c \ubb38\uc81c\ub97c \uc57c\uae30\ud569\ub2c8\ub2e4.<\/p>\n<h2>\ud504\ub85d\uc2dc \uc11c\ubc84 \ubc0f \ud799 \uc2a4\ud504\ub808\uc774<\/h2>\n<p>\ud504\ub85d\uc2dc \uc11c\ubc84 \uc790\uccb4\ub294 \ud799 \uc2a4\ud504\ub808\uc774\uc640 \uc9c1\uc811 \uc5f0\uacb0\ub418\uc9c0 \uc54a\uc2b5\ub2c8\ub2e4. \uadf8\ub7ec\ub098 \ud799 \uc2a4\ud504\ub808\uc774\ub97c \uc0ac\uc6a9\ud558\ub294 \uacf5\uaca9\uc744 \uc800\uc9c0\ud558\uace0 \uc644\ud654\ud558\ub294 \uc5ed\ud560\uc744 \ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<p>\uacf5\uaca9\uc790\uc758 \uad00\uc810\uc5d0\uc11c \ud504\ub85d\uc2dc \uc11c\ubc84\ub97c \uc0ac\uc6a9\ud558\uba74 \uc704\uce58\ub97c \uc228\uae30\uace0 \uacf5\uaca9\uc744 \ucd94\uc801\ud558\uae30\uac00 \ub354 \uc5b4\ub824\uc6cc\uc9c8 \uc218 \uc788\uc2b5\ub2c8\ub2e4. \ubc29\uc5b4\uc801\uc778 \uce21\uba74\uc5d0\uc11c \ud504\ub85d\uc2dc \uc11c\ubc84\ub294 \ubd84\uc11d\uc744 \uc704\ud574 \ud2b8\ub798\ud53d \ub370\uc774\ud130\ub97c \uae30\ub85d\ud558\ub294 \ub300\uaddc\ubaa8 \ubcf4\uc548 \uc778\ud504\ub77c\uc758 \uc77c\ubd80\uac00 \ub420 \uc218 \uc788\uc73c\uba70, \uc774\ub294 \ucd08\uae30 \ub2e8\uacc4\uc5d0\uc11c \ube44\uc815\uc0c1\uc801\uc778 \ub3d9\uc791\uc774\ub098 \uc7a0\uc7ac\uc801\uc778 \uc545\uc6a9\uc744 \uac10\uc9c0\ud558\ub294 \ub370 \ub3c4\uc6c0\uc774 \ub420 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<h2>\uad00\ub828\ub41c \ub9c1\ud06c\ub4e4<\/h2>\n<p>\ud799 \uc2a4\ud504\ub808\uc774 \ubc0f \uad00\ub828 \uc8fc\uc81c\uc5d0 \ub300\ud55c \uc790\uc138\ud55c \ub0b4\uc6a9\uc740 \ub2e4\uc74c \ub9ac\uc18c\uc2a4\ub97c \ucc38\uc870\ud558\uc138\uc694.<\/p>\n<ul>\n<li>\ucf54\ub178\ubc84, M., &amp; \ud638\ub85c\ube44\uce20, O. (2004). \ud799 \uc2a4\ud504\ub808\uc774: \uc77c\ubc18\uc801\uc778 \ubcf4\uc548 \uc870\uce58\uc5d0 \ub300\uc751\ud558\ub294 \uae30\uc220. \ubcf4\uc548 \ubb38\uc11c.<\/li>\n<li>OWASP(\uac1c\ubc29\ud615 \uc6f9 \uc560\ud50c\ub9ac\ucf00\uc774\uc158 \ubcf4\uc548 \ud504\ub85c\uc81d\ud2b8)\uc758 &quot;\ud799 \uc2a4\ud504\ub808\uc774&quot;: <a href=\"https:\/\/www.owasp.org\/index.php\/Heap_spraying\" target=\"_new\" rel=\"noopener nofollow\">https:\/\/www.owasp.org\/index.php\/Heap_spraying<\/a><\/li>\n<li>MDN(Mozilla \uac1c\ubc1c\uc790 \ub124\ud2b8\uc6cc\ud06c)\uc758 &quot;\uba54\ubaa8\ub9ac \uc548\uc804&quot;: <a href=\"https:\/\/developer.mozilla.org\/en-US\/docs\/Memory_safety\" target=\"_new\" rel=\"noopener nofollow\">https:\/\/developer.mozilla.org\/en-US\/docs\/Memory_safety<\/a><\/li>\n<li>MSRC(Microsoft \ubcf4\uc548 \ub300\uc751 \uc13c\ud130)\uc758 &quot;Windows 8\uc758 \uc545\uc6a9 \uc644\ud654 \uac1c\uc120 \uc0ac\ud56d&quot;: <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-us\/\" target=\"_new\" rel=\"noopener nofollow\">https:\/\/msrc.microsoft.com\/update-guide\/en-us\/<\/a><\/li>\n<\/ul>\n<p>\ud799 \uc2a4\ud504\ub808\uc774 \ubc0f \uc720\uc0ac\ud55c \uae30\uc220\uc744 \uae4a\uc774 \uc774\ud574\ud558\ub824\uba74 \ucef4\ud4e8\ud130 \uba54\ubaa8\ub9ac \uad00\ub9ac \ubc0f \ud504\ub85c\uadf8\ub798\ubc0d \uc5b8\uc5b4\uc5d0 \ub300\ud55c \ud0c4\ud0c4\ud55c \uc9c0\uc2dd\uc774 \ud544\uc694\ud569\ub2c8\ub2e4. \ud56d\uc0c1 \ucd5c\uc2e0 \ubcf4\uc548 \uc870\uce58 \ubc0f \uc644\ud654 \uc804\ub7b5\uc5d0 \ub300\ud55c \ucd5c\uc2e0 \uc815\ubcf4\ub97c \ud655\uc778\ud558\uc138\uc694.<\/p>","protected":false},"featured_media":468529,"menu_order":0,"template":"","meta":{"_acf_changed":false,"content-type":"","inline_featured_image":false,"footnotes":""},"class_list":["post-477439","wiki","type-wiki","status-publish","has-post-thumbnail","hentry"],"acf":{"faq_title":"Frequently Asked Questions about <mark>Heap Spraying: A Detailed Analysis<\/mark>","faq_items":[{"question":"What is Heap Spraying?","answer":"<p>Heap Spraying is a technique used in computer exploitation. It involves flooding a region of a process's heap memory with shellcode to increase the likelihood of executing arbitrary code when vulnerabilities are exploited.<\/p>"},{"question":"Who first introduced Heap Spraying?","answer":"<p>Heap spraying was first introduced in a security paper written by Matt Conover and Oded Horovitz, published in the early 2000s.<\/p>"},{"question":"How does Heap Spraying work?","answer":"<p>Heap spraying functions through a two-step process: the Spray and the Trigger. During the spray, the heap memory is filled with multiple instances of the desired shellcode. The trigger is then used to exploit a vulnerability, executing arbitrary code. Since the memory has been filled with instances of the shellcode, the likelihood that the executed code will be the attacker's shellcode is significantly increased.<\/p>"},{"question":"What are some key features of Heap Spraying?","answer":"<p>Heap spraying is payload-agnostic, it increases the probability of successful code execution, and it bypasses certain security measures like address space layout randomization (ASLR) by not requiring knowledge of exact memory addresses.<\/p>"},{"question":"What are the types of Heap Spraying?","answer":"<p>Heap spraying can be divided into types based on the methods used to spray the heap, including Classic Heap Spraying, Sequential Heap Spraying, and NOP-sled Heap Spraying.<\/p>"},{"question":"What problems are associated with Heap Spraying and how can they be solved?","answer":"<p>As heap size increases, heap spraying becomes more detectable and mitigation techniques like ASLR and DEP make executing shellcode from the heap more difficult. To overcome these challenges, attackers may resort to more sophisticated methods of heap spraying, such as JIT spraying. On the defensive side, constant improvement and development of new mitigation techniques are necessary.<\/p>"},{"question":"How do Heap Spraying and Proxy Servers relate?","answer":"<p>While proxy servers themselves are not directly associated with heap spraying, they can play a role in both the perpetration and mitigation of attacks that use heap spraying. Proxy servers can be used by attackers to hide their location and by defenders to log traffic data for analysis, which can help in detecting potential exploits.<\/p>"},{"question":"What are some resources for further information about Heap Spraying?","answer":"<p>Resources include security papers such as \"Heap Spraying: A Technique to Counter Common Security Measures\" by Conover and Horovitz, OWASP, Mozilla Developer Network (MDN), and the Microsoft Security Response Center (MSRC).<\/p>"}]},"_links":{"self":[{"href":"https:\/\/oneproxy.pro\/kr\/wp-json\/wp\/v2\/wiki\/477439","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/oneproxy.pro\/kr\/wp-json\/wp\/v2\/wiki"}],"about":[{"href":"https:\/\/oneproxy.pro\/kr\/wp-json\/wp\/v2\/types\/wiki"}],"version-history":[{"count":0,"href":"https:\/\/oneproxy.pro\/kr\/wp-json\/wp\/v2\/wiki\/477439\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/oneproxy.pro\/kr\/wp-json\/wp\/v2\/media\/468529"}],"wp:attachment":[{"href":"https:\/\/oneproxy.pro\/kr\/wp-json\/wp\/v2\/media?parent=477439"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}