Thought leaders in information security, we conduct radical, world-changing research and deliver renowned presentations around the world.
Blogs | INSIGHTS | November 15, 2013

heapLib 2.0

Hi everyone, as promised I’m releasing my code for heapLib2. For those of you not familiar, I introduced methods to perform predictable and controllable allocations/deallocations of strings in IE9-IE11 using JavaScript and the DOM. Much of this work is based on Alex Sotirov’s research from quite a few years ago (  The zip file contains:  heapLib2.js => The JavaScript library that needs to be imported to use heapLib2 heapLib2_test.html => Example usage of some of the functionality that is available in heapLib2 => A Python script…

Chris Valasek
Blogs | INSIGHTS | August 23, 2013

IE heaps at Nordic Security Conference

Remember when I used to be the Windows Heap guy? Yeah, me neither ;). I just wanted to give everyone a heads up regarding my upcoming presentation “An Examination of String Allocations: IE-9 Edition” at Nordic Security Conference ( The presentation title is a bit vague so I figured I would give a quick overview. First, I’ll briefly discuss the foundational knowledge regarding heap based memory allocations using JavaScript strings in IE-6 and IE-7. These technics to manipulate the heap are well documented and have been known…

Chris Valasek

Thoughts on Supply Chain Integrity

In this video presentation, John Sheehy, VP, Sales and Strategy at IOActive, shares his comprehensive view on the myriad considerations facing business as they undertake supply chain integrity assessments, focused on securing operations.