SlideShare une entreprise Scribd logo

Buffer overflow attacks

Télécharger en tant que PPTX, PDF
Joe McCarthy
Joe McCarthy

Stack-based and heap-based buffer overflow attacks, based on Counter Hack Reloaded (by Skoudis & Liston), & other sources.

Technologie
1  sur  36
Network Security:Buffer Overflow Attacks Joe McCarthy
Today’s Agenda What is Network Security? Why should you care? What is a network security attack? What is a buffer overflow attack? Where can you learn more? All in 30 minutes …
What is Network Security? Computer Security The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications) February 2004 http://csrc.nist.gov/publications/fips/fips199/FIPS-PUB-199-final.pdf Network Security Essentials, 4/E William Stallings Prentice Hall, 2011
Why study Network Security? Multi-disciplinary Computer science, mathematics, psychology, sociology, politics, ethics, economics, forensics, … New way of thinking: security mind set Preventing undesirable behavior vs. enabling desirable behavior Personal relevance Keeping your personal data & devices safe Professional relevance
TCSS 431: Network Security Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, 2/E Ed Skoudis Tom Liston Prentice Hall, 2006 Network Security:Private Communication in a Public World, 2/E Charlie Kaufman Radia Perlman Mike Speciner Prentice Hall, 2002
Today’s Agenda 1. Introduction   2. Networking Overview   3. Linux and UNIX Overview   4. Windows NT/000/XP/00 Overview   5. Phase 1: Reconnaissance   6. Phase 2: Scanning   7. Phase 3: Gaining Access Using Application & OS Attacks     Script Kiddie Exploit Trolling     Pragmatism for More Sophisticated Attackers      Buffer Overflow Exploits      Password Attacks      Web Application Attacks      Exploiting Browser Flaws   8. Phase 4: Gaining Access Using Network Attacks   9. Phase 4: Denial-of-Service Attacks 10. Phase 4: Maintaining Access: Trojans, Backdoors& Rootkits 11. Phase 5: Covering Tracks & Hiding 12. Putting It All Together: Anatomy of an Attack 13. The Future, References & Conclusions Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, 2/E Skoudis & Liston Prentice Hall, 2006
Anatomy of an Attack Reconnaissance “casing the joint” Discovery of physical & online sensitive information Names, contact info (phone, email), IP addresses Social engineering, dumpster diving, Google Scanning “trying doorknobs & windows” Search for openings, network topology, OS type(s) Wireless access points, TCP ports, routers, gateways Inventory of target system & possible vulnerabilities Gaining access “breaking in” Application & OS attacks (Chapter 7) Stack-based & Heap-based Buffer Overflow Attacks
Brief review of Main Memory Data Data Heap Stack Code Stack Heap Code user view of memory logical memory space ,[object Object]
A program is a collection of segments such as:
main program,
procedure,
function,
global variables,
common block,
stack,
symbol tablehttp://courses.washington.edu/css430/ppt/Memory.ppt
Stack-based Buffer Overflow Attacks
Stack-based Buffer Overflow Attacks
Stack-based Buffer Overflow Attacks
Stack-based Buffer Overflow Attacks
Stack-based Buffer Overflow Attacks
C library functions considered harmful
C library functions considered harmful Frank Rubin. (March 1987) Communications of the ACM 30 (3): 195–196. Donald Moore, Chuck Musciano, Michael J. Liebhaber, Steven F. Lott and Lee Starr. (May 1987) Communications of the ACM 30 (5): 351–355. http://en.wikipedia.org/wiki/Considered_harmful
Finding stack-based buffer overflow vulnerabilities Examine source code (if available) Use debugger on executableto find exploitable library Apply brute force Inundate application with input data Examine stack traces after crashes But what would you input … & what would you look for?
Sample program #include <stdio.h> void f() { char s[9]; printf( "_________12345678901234567890" ); printf( "Enter s: " ); gets( s ); printf( "You entered: %s", s ); return; } main() { f(); }
Running the program
Running the program
Running the program
Running the program
Running the program 0x49 = “I”, 0x48 = “H”, 0x47 = “G”, 0x46 = “F”
Running the program 0x49 = “I”, 0x48 = “H”, 0x47 = “G”, 0x46 = “F”
Strategy & Structure of a “Sploit” “Fuzzing” Repeated input patterns AAAA… (“A” = 0x41) ABCDEFG… DEF1, DEF2, DEF3, … NOP (No Operation) 0x90 on x86 Also: Add 0 Multiply by 1 Jump to next instruction … NOP sled
Heap-based Buffer Overflow Attacks
Heap-based Buffer Overflow Attacks
Script Kiddies & Exploit Collections Attacks (exploits) are widely available French Security Response Team (FrSIRT) http://www.vupen.com/english/ “Only available to trusted organizations” Packet Storm Security http://packetstormsecurity.org/ Security Focus Bugtraq Archives http://www.securityfocus.com/bid Metasploit Project http://www.metasploit.com Little or no knowledge required

Recommandé

Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacksKapil Nagrale
 
Man in The Middle Attack
Man in The Middle AttackMan in The Middle Attack
Man in The Middle AttackDeepak Upadhyay
 
Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Amit Tyagi
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONAnoop T
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internetRohan Bharadwaj
 
DDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin BishtDDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin BishtNitin Bisht
 
Security threats
Security threatsSecurity threats
Security threatsQamar Farooq
 
Buffer overflow
Buffer overflowBuffer overflow
Buffer overflowقصي نسور
 

Recommandé

Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacksKapil Nagrale
 
Man in The Middle Attack
Man in The Middle AttackMan in The Middle Attack
Man in The Middle AttackDeepak Upadhyay
 
Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Amit Tyagi
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONAnoop T
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internetRohan Bharadwaj
 
DDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin BishtDDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin BishtNitin Bisht
 
Security threats
Security threatsSecurity threats
Security threatsQamar Farooq
 
Buffer overflow
Buffer overflowBuffer overflow
Buffer overflowقصي نسور
 
Buffer overflow
Buffer overflowBuffer overflow
Buffer overflowEvgeni Tsonev
 
Web security
Web securityWeb security
Web securityPadam Banthia
 
zero day exploits
zero day exploitszero day exploits
zero day exploitsAdv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]
 
Phishing Detection using Machine Learning
Phishing Detection using Machine LearningPhishing Detection using Machine Learning
Phishing Detection using Machine LearningArjun BM
 
Buffer overflow
Buffer overflowBuffer overflow
Buffer overflowAbu Juha Ahmed Muid
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testingNezar Alazzabi
 
Password Cracking
Password CrackingPassword Cracking
Password CrackingSagar Verma
 
DDOS Attack
DDOS Attack DDOS Attack
DDOS Attack Ahmed Salama
 
Detection of phishing websites
Detection of phishing websitesDetection of phishing websites
Detection of phishing websitesm srikanth
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingMonika Deswal
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingNaveen Sihag
 
Cross Site Request Forgery
Cross Site Request ForgeryCross Site Request Forgery
Cross Site Request ForgeryTony Bibbs
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application SecurityAbdul Wahid
 
Types of attacks
Types of attacksTypes of attacks
Types of attacksVivek Gandhi
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detectionCAS
 
Basics of Denial of Service Attacks
Basics of Denial of Service AttacksBasics of Denial of Service Attacks
Basics of Denial of Service AttacksHansa Nidushan
 
Network attacks
Network attacksNetwork attacks
Network attacksManjushree Mashal
 
Malicious software
Malicious softwareMalicious software
Malicious softwareDr.Florence Dayana
 
Introduction to Software Security and Best Practices
Introduction to Software Security and Best PracticesIntroduction to Software Security and Best Practices
Introduction to Software Security and Best PracticesMaxime ALAY-EDDINE
 
Trends in network security feinstein - informatica64
Trends in network security feinstein - informatica64Trends in network security feinstein - informatica64
Trends in network security feinstein - informatica64Chema Alonso
 
Modern malware and threats
Modern malware and threatsModern malware and threats
Modern malware and threatsMartin Holovský
 

Contenu connexe

Tendances

Phishing Detection using Machine Learning
Phishing Detection using Machine LearningPhishing Detection using Machine Learning
Phishing Detection using Machine LearningArjun BM
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testingNezar Alazzabi
 
Password Cracking
Password CrackingPassword Cracking
Password CrackingSagar Verma
 
Detection of phishing websites
Detection of phishing websitesDetection of phishing websites
Detection of phishing websitesm srikanth
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
Cross Site Request Forgery
Cross Site Request ForgeryCross Site Request Forgery
Cross Site Request ForgeryTony Bibbs
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application SecurityAbdul Wahid
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detectionCAS
 
Basics of Denial of Service Attacks
Basics of Denial of Service AttacksBasics of Denial of Service Attacks
Basics of Denial of Service AttacksHansa Nidushan
 
Introduction to Software Security and Best Practices
Introduction to Software Security and Best PracticesIntroduction to Software Security and Best Practices
Introduction to Software Security and Best PracticesMaxime ALAY-EDDINE
 

Tendances (20)

Buffer overflow
Buffer overflowBuffer overflow
Buffer overflow
 
Web security
Web securityWeb security
Web security
 
zero day exploits
zero day exploitszero day exploits
zero day exploits
 
Phishing Detection using Machine Learning
Phishing Detection using Machine LearningPhishing Detection using Machine Learning
Phishing Detection using Machine Learning
 
Buffer overflow
Buffer overflowBuffer overflow
Buffer overflow
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
 
Password Cracking
Password CrackingPassword Cracking
Password Cracking
 
DDOS Attack
DDOS Attack DDOS Attack
DDOS Attack
 
Detection of phishing websites
Detection of phishing websitesDetection of phishing websites
Detection of phishing websites
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Cross Site Request Forgery
Cross Site Request ForgeryCross Site Request Forgery
Cross Site Request Forgery
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Security
 
Types of attacks
Types of attacksTypes of attacks
Types of attacks
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
 
Basics of Denial of Service Attacks
Basics of Denial of Service AttacksBasics of Denial of Service Attacks
Basics of Denial of Service Attacks
 
Network attacks
Network attacksNetwork attacks
Network attacks
 
Malicious software
Malicious softwareMalicious software
Malicious software
 
Introduction to Software Security and Best Practices
Introduction to Software Security and Best PracticesIntroduction to Software Security and Best Practices
Introduction to Software Security and Best Practices
 

Similaire à Buffer overflow attacks

Trends in network security feinstein - informatica64
Trends in network security feinstein - informatica64Trends in network security feinstein - informatica64
Trends in network security feinstein - informatica64Chema Alonso
 
Modern malware and threats
Modern malware and threatsModern malware and threats
Modern malware and threatsMartin Holovský
 
20101017 program analysis_for_security_livshits_lecture03_security
20101017 program analysis_for_security_livshits_lecture03_security20101017 program analysis_for_security_livshits_lecture03_security
20101017 program analysis_for_security_livshits_lecture03_securityComputer Science Club
 
01-intro-thompson.ppt
01-intro-thompson.ppt01-intro-thompson.ppt
01-intro-thompson.pptSadiaMuqaddas
 
Computer and Network Security
Computer and Network SecurityComputer and Network Security
Computer and Network SecurityAsif Raza
 
01-intro-thompson.ppt
01-intro-thompson.ppt01-intro-thompson.ppt
01-intro-thompson.pptROHITCHHOKER3
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network SecurityHarish Chaudhary
 
LIS3353 SP12 Week 9
LIS3353 SP12 Week 9LIS3353 SP12 Week 9
LIS3353 SP12 Week 9Amanda Case
 
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)INSIGHT FORENSIC
 
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)INSIGHT FORENSIC
 
Cyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTCyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTSimone Onofri
 
The Comprehensive Security Policy In The Trojan War
The Comprehensive Security Policy In The Trojan WarThe Comprehensive Security Policy In The Trojan War
The Comprehensive Security Policy In The Trojan WarMandy Cross
 
Thinking Differently About Security Protection and Prevention
Thinking Differently About Security Protection and PreventionThinking Differently About Security Protection and Prevention
Thinking Differently About Security Protection and PreventionDavid Perkins
 
Reverse Engineering 101
Reverse Engineering 101Reverse Engineering 101
Reverse Engineering 101ysurer
 
AI for Cybersecurity Innovation
AI for Cybersecurity InnovationAI for Cybersecurity Innovation
AI for Cybersecurity InnovationPete Burnap
 

Similaire à Buffer overflow attacks (20)

Trends in network security feinstein - informatica64
Trends in network security feinstein - informatica64Trends in network security feinstein - informatica64
Trends in network security feinstein - informatica64
 
Modern malware and threats
Modern malware and threatsModern malware and threats
Modern malware and threats
 
20101017 program analysis_for_security_livshits_lecture03_security
20101017 program analysis_for_security_livshits_lecture03_security20101017 program analysis_for_security_livshits_lecture03_security
20101017 program analysis_for_security_livshits_lecture03_security
 
Super1
Super1Super1
Super1
 
01-intro-thompson.ppt
01-intro-thompson.ppt01-intro-thompson.ppt
01-intro-thompson.ppt
 
Computer and Network Security
Computer and Network SecurityComputer and Network Security
Computer and Network Security
 
01-intro-thompson.ppt
01-intro-thompson.ppt01-intro-thompson.ppt
01-intro-thompson.ppt
 
01-intro-thompson.ppt
01-intro-thompson.ppt01-intro-thompson.ppt
01-intro-thompson.ppt
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security
 
LIS3353 SP12 Week 9
LIS3353 SP12 Week 9LIS3353 SP12 Week 9
LIS3353 SP12 Week 9
 
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
 
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
 
Cyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTCyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APT
 
The Comprehensive Security Policy In The Trojan War
The Comprehensive Security Policy In The Trojan WarThe Comprehensive Security Policy In The Trojan War
The Comprehensive Security Policy In The Trojan War
 
APT - Project
APT - Project APT - Project
APT - Project
 
Buffer Overflows
Buffer OverflowsBuffer Overflows
Buffer Overflows
 
Software security
Software securitySoftware security
Software security
 
Thinking Differently About Security Protection and Prevention
Thinking Differently About Security Protection and PreventionThinking Differently About Security Protection and Prevention
Thinking Differently About Security Protection and Prevention
 
Reverse Engineering 101
Reverse Engineering 101Reverse Engineering 101
Reverse Engineering 101
 
AI for Cybersecurity Innovation
AI for Cybersecurity InnovationAI for Cybersecurity Innovation
AI for Cybersecurity Innovation
 

Plus de Joe McCarthy

Situated Social Computing 20110622
Situated Social Computing 20110622Situated Social Computing 20110622
Situated Social Computing 20110622Joe McCarthy
 
Alone Together: Human-Robot Interaction
Alone Together: Human-Robot InteractionAlone Together: Human-Robot Interaction
Alone Together: Human-Robot InteractionJoe McCarthy
 
02 introduction to network security
02 introduction to network security02 introduction to network security
02 introduction to network securityJoe McCarthy
 
Toward Hybrid Computing
Toward Hybrid ComputingToward Hybrid Computing
Toward Hybrid ComputingJoe McCarthy
 
Technology Education in an Urban Metropolitan University
Technology Education in an Urban Metropolitan UniversityTechnology Education in an Urban Metropolitan University
Technology Education in an Urban Metropolitan UniversityJoe McCarthy
 
Hybrid Design Practices - Technology in Downtown Disney
Hybrid Design Practices - Technology in Downtown DisneyHybrid Design Practices - Technology in Downtown Disney
Hybrid Design Practices - Technology in Downtown DisneyJoe McCarthy
 
UbiComp 2009 Town Hall
UbiComp 2009 Town HallUbiComp 2009 Town Hall
UbiComp 2009 Town HallJoe McCarthy
 
Ubicomp2009 Opening Remarks
Ubicomp2009 Opening RemarksUbicomp2009 Opening Remarks
Ubicomp2009 Opening RemarksJoe McCarthy
 
Situated Community Technology C&T 2009
Situated Community Technology C&T 2009Situated Community Technology C&T 2009
Situated Community Technology C&T 2009Joe McCarthy
 
CoCollage Digital Cities 6
CoCollage Digital Cities 6CoCollage Digital Cities 6
CoCollage Digital Cities 6Joe McCarthy
 
CoCollage UW iSchool 20090515
CoCollage UW iSchool 20090515CoCollage UW iSchool 20090515
CoCollage UW iSchool 20090515Joe McCarthy
 
CoCollage Overview
CoCollage OverviewCoCollage Overview
CoCollage OverviewJoe McCarthy
 
Proactive Displays CSCW2008
Proactive Displays CSCW2008Proactive Displays CSCW2008
Proactive Displays CSCW2008Joe McCarthy
 
UbiComp 2008 Closing
UbiComp 2008 ClosingUbiComp 2008 Closing
UbiComp 2008 ClosingJoe McCarthy
 
Situated Computing U Korea Forum 20080924 Draft
Situated Computing U Korea Forum 20080924 DraftSituated Computing U Korea Forum 20080924 Draft
Situated Computing U Korea Forum 20080924 DraftJoe McCarthy
 
Ubicomp 2008 Opening
Ubicomp 2008 OpeningUbicomp 2008 Opening
Ubicomp 2008 OpeningJoe McCarthy
 
UbiComp2008 Town Hall
UbiComp2008 Town HallUbiComp2008 Town Hall
UbiComp2008 Town HallJoe McCarthy
 
Proactive Displays, UW DUB group, 16 July 2008
Proactive Displays, UW DUB group, 16 July 2008Proactive Displays, UW DUB group, 16 July 2008
Proactive Displays, UW DUB group, 16 July 2008Joe McCarthy
 
Proactive Displays IIIA 20080627
Proactive Displays IIIA 20080627Proactive Displays IIIA 20080627
Proactive Displays IIIA 20080627Joe McCarthy
 

Plus de Joe McCarthy (20)

Situated Social Computing 20110622
Situated Social Computing 20110622Situated Social Computing 20110622
Situated Social Computing 20110622
 
Alone Together: Human-Robot Interaction
Alone Together: Human-Robot InteractionAlone Together: Human-Robot Interaction
Alone Together: Human-Robot Interaction
 
02 introduction to network security
02 introduction to network security02 introduction to network security
02 introduction to network security
 
Toward Hybrid Computing
Toward Hybrid ComputingToward Hybrid Computing
Toward Hybrid Computing
 
Technology Education in an Urban Metropolitan University
Technology Education in an Urban Metropolitan UniversityTechnology Education in an Urban Metropolitan University
Technology Education in an Urban Metropolitan University
 
Hybrid Design Practices - Technology in Downtown Disney
Hybrid Design Practices - Technology in Downtown DisneyHybrid Design Practices - Technology in Downtown Disney
Hybrid Design Practices - Technology in Downtown Disney
 
UbiComp 2009 Town Hall
UbiComp 2009 Town HallUbiComp 2009 Town Hall
UbiComp 2009 Town Hall
 
Ubicomp2009 Opening Remarks
Ubicomp2009 Opening RemarksUbicomp2009 Opening Remarks
Ubicomp2009 Opening Remarks
 
CoCollage C&T2009
CoCollage C&T2009CoCollage C&T2009
CoCollage C&T2009
 
Situated Community Technology C&T 2009
Situated Community Technology C&T 2009Situated Community Technology C&T 2009
Situated Community Technology C&T 2009
 
CoCollage Digital Cities 6
CoCollage Digital Cities 6CoCollage Digital Cities 6
CoCollage Digital Cities 6
 
CoCollage UW iSchool 20090515
CoCollage UW iSchool 20090515CoCollage UW iSchool 20090515
CoCollage UW iSchool 20090515
 
CoCollage Overview
CoCollage OverviewCoCollage Overview
CoCollage Overview
 
Proactive Displays CSCW2008
Proactive Displays CSCW2008Proactive Displays CSCW2008
Proactive Displays CSCW2008
 
UbiComp 2008 Closing
UbiComp 2008 ClosingUbiComp 2008 Closing
UbiComp 2008 Closing
 
Situated Computing U Korea Forum 20080924 Draft
Situated Computing U Korea Forum 20080924 DraftSituated Computing U Korea Forum 20080924 Draft
Situated Computing U Korea Forum 20080924 Draft
 
Ubicomp 2008 Opening
Ubicomp 2008 OpeningUbicomp 2008 Opening
Ubicomp 2008 Opening
 
UbiComp2008 Town Hall
UbiComp2008 Town HallUbiComp2008 Town Hall
UbiComp2008 Town Hall
 
Proactive Displays, UW DUB group, 16 July 2008
Proactive Displays, UW DUB group, 16 July 2008Proactive Displays, UW DUB group, 16 July 2008
Proactive Displays, UW DUB group, 16 July 2008
 
Proactive Displays IIIA 20080627
Proactive Displays IIIA 20080627Proactive Displays IIIA 20080627
Proactive Displays IIIA 20080627
 

Dernier

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 

Dernier (20)

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 

Buffer overflow attacks

  • 1. Network Security:Buffer Overflow Attacks Joe McCarthy
  • 2. Today’s Agenda What is Network Security? Why should you care? What is a network security attack? What is a buffer overflow attack? Where can you learn more? All in 30 minutes …
  • 3. What is Network Security? Computer Security The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications) February 2004 http://csrc.nist.gov/publications/fips/fips199/FIPS-PUB-199-final.pdf Network Security Essentials, 4/E William Stallings Prentice Hall, 2011
  • 4. Why study Network Security? Multi-disciplinary Computer science, mathematics, psychology, sociology, politics, ethics, economics, forensics, … New way of thinking: security mind set Preventing undesirable behavior vs. enabling desirable behavior Personal relevance Keeping your personal data & devices safe Professional relevance
  • 5. TCSS 431: Network Security Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, 2/E Ed Skoudis Tom Liston Prentice Hall, 2006 Network Security:Private Communication in a Public World, 2/E Charlie Kaufman Radia Perlman Mike Speciner Prentice Hall, 2002
  • 6. Today’s Agenda 1. Introduction   2. Networking Overview   3. Linux and UNIX Overview   4. Windows NT/000/XP/00 Overview   5. Phase 1: Reconnaissance   6. Phase 2: Scanning   7. Phase 3: Gaining Access Using Application & OS Attacks     Script Kiddie Exploit Trolling     Pragmatism for More Sophisticated Attackers      Buffer Overflow Exploits      Password Attacks      Web Application Attacks      Exploiting Browser Flaws   8. Phase 4: Gaining Access Using Network Attacks   9. Phase 4: Denial-of-Service Attacks 10. Phase 4: Maintaining Access: Trojans, Backdoors& Rootkits 11. Phase 5: Covering Tracks & Hiding 12. Putting It All Together: Anatomy of an Attack 13. The Future, References & Conclusions Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, 2/E Skoudis & Liston Prentice Hall, 2006
  • 7. Anatomy of an Attack Reconnaissance “casing the joint” Discovery of physical & online sensitive information Names, contact info (phone, email), IP addresses Social engineering, dumpster diving, Google Scanning “trying doorknobs & windows” Search for openings, network topology, OS type(s) Wireless access points, TCP ports, routers, gateways Inventory of target system & possible vulnerabilities Gaining access “breaking in” Application & OS attacks (Chapter 7) Stack-based & Heap-based Buffer Overflow Attacks
  • 8.
  • 9.
  • 10. A program is a collection of segments such as:
  • 23. C library functions considered harmful
  • 24. C library functions considered harmful Frank Rubin. (March 1987) Communications of the ACM 30 (3): 195–196. Donald Moore, Chuck Musciano, Michael J. Liebhaber, Steven F. Lott and Lee Starr. (May 1987) Communications of the ACM 30 (5): 351–355. http://en.wikipedia.org/wiki/Considered_harmful
  • 25. Finding stack-based buffer overflow vulnerabilities Examine source code (if available) Use debugger on executableto find exploitable library Apply brute force Inundate application with input data Examine stack traces after crashes But what would you input … & what would you look for?
  • 26. Sample program #include <stdio.h> void f() { char s[9]; printf( "_________12345678901234567890" ); printf( "Enter s: " ); gets( s ); printf( "You entered: %s", s ); return; } main() { f(); }
  • 31. Running the program 0x49 = “I”, 0x48 = “H”, 0x47 = “G”, 0x46 = “F”
  • 32. Running the program 0x49 = “I”, 0x48 = “H”, 0x47 = “G”, 0x46 = “F”
  • 33. Strategy & Structure of a “Sploit” “Fuzzing” Repeated input patterns AAAA… (“A” = 0x41) ABCDEFG… DEF1, DEF2, DEF3, … NOP (No Operation) 0x90 on x86 Also: Add 0 Multiply by 1 Jump to next instruction … NOP sled
  • 36. Script Kiddies & Exploit Collections Attacks (exploits) are widely available French Security Response Team (FrSIRT) http://www.vupen.com/english/ “Only available to trusted organizations” Packet Storm Security http://packetstormsecurity.org/ Security Focus Bugtraq Archives http://www.securityfocus.com/bid Metasploit Project http://www.metasploit.com Little or no knowledge required
  • 38. Sample Payloads Bind shell to current port Bind shell to arbitrary port Reverse shell Windows VNC Server DLL Reverse VNC DLL Inject Inject DLL into running application Create local admin user The Meterpreter (Metasploit Interpreter)
  • 41. Pros & Cons of Exploit Frameworks
  • 42. Pros & Cons of Exploit Frameworks Advantages for Attackers Reduced time Increased quality Advantages for Defenders Increased accuracy of security assessments Vulnerability scans yield many false positives (30-50%) Scan, then sploit to find “real” problems Verify IDS / IPS functionality Malfunctions, misconfiguration, pre-emptive attacks Improving management awareness “Please don’t steal this file!”
  • 43. Defenses against Buffer Overflow Attacks Safer programming StackGuard, Stack Shield Security reviews ITS4 (“It’s the Software, Stupid - Security Scanner”) RATS (Rough Auditing Tool for Security) Flawfinder
  • 44. For more information “Smashing the Stack for Fun and Profit” Aleph One, aleph1@underground.org http://www.phrack.org/issues.html?id=14&issue=49 Common Vulnerabilities & Exposures http://cve.mitre.org/cve/ Total CVEs: 45,149 Stack-based overflow vulnerabilities 1200+: IE, Safari, Firefox, Opera, RealPlayer, QuickTime, WMP, WinAmp, DB2, Excel, Access, Word, PowerPoint, OpenOffice, Eudora, Acrobat, Reader, JDK, JRE, Norton, McAfee, eTrust, RAZR Heap-based overflow vulnerabilities 900+: IE, Opera, Firefox, Thunderbird, Apache, VB, ColdFusion, Skype, PHP, Oracle, PostgreSQL, AIM, Windows Live Messenger, WordPerfect, Outlook Express, PageMaker, PowerPoint, Excel, Netscape, McAfee, DirectX, Shockwave, Subversion, QuickTime, Norton, Sophos, Kaspersky, RSA SecurID, PuTTY, iTunes, RealPlayer, WinAmp, OpenOffice, JRE, Facebook Photo Uploader ActiveX, Blackberry