Heap spray
(also heap spraying, heap spray attack)
Heap spray definition
A heap spray is a technique or method that allows individuals and organizations to attack and exploit vulnerable systems and networks. It is an old technique that facilitates arbitrary code execution.
A heap spray happens when an attacker writes to the heap for a running program. A heap is a predetermined location in a computer’s or system’s memory. The process of writing a heap is also called spraying the heap.
By conducting a heap spray, attackers can take control of a system or network and call commands in a heap. When someone conducts a heap spray, they do so to ensure they have access to a system or network later. So a heap spray is not an attack in itself. Instead, it is a way to make other cyberattacks more successful. Attackers can perform a heap spray using a few programming languages, like JavaScript, HTML5, and VBScript.
See also: cyberattack, exploit
Heap spray prevention
Create an allocation history. An allocation history is a list that shows information on allocations and cancellations made on a certain system.
Detect shellcode execution. A shellcode is a list of instructions that execute a command in a piece of software to exploit a compromised machine or computer or take control over said machine or computer. By setting up a system that detects it, you can prevent heap spray attacks from happening.