Heap Spraying Attack

Reading time: 10 minutes

heap spraying attack

Heap Spraying Attack is a type of cyber attack in which the attacker uses the ability to write the series of bytes in the memory for the running program at various places in the heap. The main aim of the attack is to ensure that the bytes can be accessed later as the vector of the separate attack.

Procedure For The Attack

  1. In the attack, the attacker first uses the exploits in the web browsers and other applications or languages such as Actionscript or Javascript in the Adobe Reader to put the malicious code in the memory heap at some predetermined location.
  2. The attacker further exploits the vulnerability by using the scripting support. For this, he makes the Extended Instruction Pointer (EIP) to directly point the predetermined location.
  3. The attacker thus can further run the malicious code and perform the malicious activity.

Mitigations For The Attack

Running the web browsers with the least privileges makes it much harder for the hackers to gain the admin access, which helps in mitigating this attack. Also, update the web browsers regularly to patch up the known bugs.


Question 1

What language can attacker exploit in this attack?


Question 2

What should be done to mitigate the attack?

Update the firewall time to time
Use multi-factor authentication
Use Honeypot to stop the attack
Update the application time to time