Congratulations to the winners of the BlueHat Prize contest.
My entry was CounterHeapSpray:
CounterHeapSpray monitors the private memory usage of an application to guard against heap sprays. When the private memory usage of the application exceeds a predefined threshold, CounterHeapSpray assumes that a heap spray is ongoing and will pre-allocate virtual memory pages and populate these pages with its own shellcode. When the heap spray terminates and the exploit executes, code execution will transfer to CounterHeapSpray’s own shellcode. This shellcode will suspend all threads and display a warning message for the user. When the user clicks OK, CounterHeapSpray’s shellcode terminates the application.
By planting its own shellcode before the heap spray can fill the heap with malicious shellcode, CounterHeapSpray not only prevents execution of this malicious shellcode but is able to suspend the process and to inform the user of the attack.