SlideShare une entreprise Scribd logo

Buffer overflow attacks

Télécharger en tant que PPTX, PDF
Joe McCarthy
Joe McCarthy

Stack-based and heap-based buffer overflow attacks, based on Counter Hack Reloaded (by Skoudis & Liston), & other sources.

Technologie
1  sur  36
Network Security:Buffer Overflow Attacks Joe McCarthy
Today’s Agenda What is Network Security? Why should you care? What is a network security attack? What is a buffer overflow attack? Where can you learn more? All in 30 minutes …
What is Network Security? Computer Security The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications) February 2004 http://csrc.nist.gov/publications/fips/fips199/FIPS-PUB-199-final.pdf Network Security Essentials, 4/E William Stallings Prentice Hall, 2011
Why study Network Security? Multi-disciplinary Computer science, mathematics, psychology, sociology, politics, ethics, economics, forensics, … New way of thinking: security mind set Preventing undesirable behavior vs. enabling desirable behavior Personal relevance Keeping your personal data & devices safe Professional relevance
TCSS 431: Network Security Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, 2/E Ed Skoudis Tom Liston Prentice Hall, 2006 Network Security:Private Communication in a Public World, 2/E Charlie Kaufman Radia Perlman Mike Speciner Prentice Hall, 2002
Today’s Agenda 1. Introduction   2. Networking Overview   3. Linux and UNIX Overview   4. Windows NT/000/XP/00 Overview   5. Phase 1: Reconnaissance   6. Phase 2: Scanning   7. Phase 3: Gaining Access Using Application & OS Attacks     Script Kiddie Exploit Trolling     Pragmatism for More Sophisticated Attackers      Buffer Overflow Exploits      Password Attacks      Web Application Attacks      Exploiting Browser Flaws   8. Phase 4: Gaining Access Using Network Attacks   9. Phase 4: Denial-of-Service Attacks 10. Phase 4: Maintaining Access: Trojans, Backdoors& Rootkits 11. Phase 5: Covering Tracks & Hiding 12. Putting It All Together: Anatomy of an Attack 13. The Future, References & Conclusions Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, 2/E Skoudis & Liston Prentice Hall, 2006
Anatomy of an Attack Reconnaissance “casing the joint” Discovery of physical & online sensitive information Names, contact info (phone, email), IP addresses Social engineering, dumpster diving, Google Scanning “trying doorknobs & windows” Search for openings, network topology, OS type(s) Wireless access points, TCP ports, routers, gateways Inventory of target system & possible vulnerabilities Gaining access “breaking in” Application & OS attacks (Chapter 7) Stack-based & Heap-based Buffer Overflow Attacks
Brief review of Main Memory Data Data Heap Stack Code Stack Heap Code user view of memory logical memory space ,[object Object]
A program is a collection of segments such as:
main program,
procedure,
function,
global variables,
common block,
stack,
symbol tablehttp://courses.washington.edu/css430/ppt/Memory.ppt
Stack-based Buffer Overflow Attacks
Stack-based Buffer Overflow Attacks
Stack-based Buffer Overflow Attacks
Stack-based Buffer Overflow Attacks
Stack-based Buffer Overflow Attacks
C library functions considered harmful
C library functions considered harmful Frank Rubin. (March 1987) Communications of the ACM 30 (3): 195–196. Donald Moore, Chuck Musciano, Michael J. Liebhaber, Steven F. Lott and Lee Starr. (May 1987) Communications of the ACM 30 (5): 351–355. http://en.wikipedia.org/wiki/Considered_harmful
Finding stack-based buffer overflow vulnerabilities Examine source code (if available) Use debugger on executableto find exploitable library Apply brute force Inundate application with input data Examine stack traces after crashes But what would you input … & what would you look for?
Sample program #include <stdio.h> void f() { char s[9]; printf( "_________12345678901234567890" ); printf( "Enter s: " ); gets( s ); printf( "You entered: %s", s ); return; } main() { f(); }
Running the program
Running the program
Running the program
Running the program
Running the program 0x49 = “I”, 0x48 = “H”, 0x47 = “G”, 0x46 = “F”
Running the program 0x49 = “I”, 0x48 = “H”, 0x47 = “G”, 0x46 = “F”
Strategy & Structure of a “Sploit” “Fuzzing” Repeated input patterns AAAA… (“A” = 0x41) ABCDEFG… DEF1, DEF2, DEF3, … NOP (No Operation) 0x90 on x86 Also: Add 0 Multiply by 1 Jump to next instruction … NOP sled
Heap-based Buffer Overflow Attacks
Heap-based Buffer Overflow Attacks
Script Kiddies & Exploit Collections Attacks (exploits) are widely available French Security Response Team (FrSIRT) http://www.vupen.com/english/ “Only available to trusted organizations” Packet Storm Security http://packetstormsecurity.org/ Security Focus Bugtraq Archives http://www.securityfocus.com/bid Metasploit Project http://www.metasploit.com Little or no knowledge required

Recommandé

Program security
Program securityProgram security
Program securityG Prachi
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacksKapil Nagrale
 
Buffer overflow
Buffer overflowBuffer overflow
Buffer overflowAbu Juha Ahmed Muid
 
Buffer overflow
Buffer overflowBuffer overflow
Buffer overflowEvgeni Tsonev
 
Message authentication
Message authenticationMessage authentication
Message authenticationCAS
 
Buffer overflow
Buffer overflowBuffer overflow
Buffer overflowقصي نسور
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
Hacking ppt
Hacking pptHacking ppt
Hacking pptgiridhar_sadasivuni
 

Recommandé

Program security
Program securityProgram security
Program securityG Prachi
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacksKapil Nagrale
 
Buffer overflow
Buffer overflowBuffer overflow
Buffer overflowAbu Juha Ahmed Muid
 
Buffer overflow
Buffer overflowBuffer overflow
Buffer overflowEvgeni Tsonev
 
Message authentication
Message authenticationMessage authentication
Message authenticationCAS
 
Buffer overflow
Buffer overflowBuffer overflow
Buffer overflowقصي نسور
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
Hacking ppt
Hacking pptHacking ppt
Hacking pptgiridhar_sadasivuni
 
Cyber security and AI
Cyber security and AICyber security and AI
Cyber security and AIDexterJanPineda
 
Security Automation and Machine Learning
Security Automation and Machine LearningSecurity Automation and Machine Learning
Security Automation and Machine LearningSiemplify
 
The role of big data, artificial intelligence and machine learning in cyber i...
The role of big data, artificial intelligence and machine learning in cyber i...The role of big data, artificial intelligence and machine learning in cyber i...
The role of big data, artificial intelligence and machine learning in cyber i...Aladdin Dandis
 
Thrashing allocation frames.43
Thrashing allocation frames.43Thrashing allocation frames.43
Thrashing allocation frames.43myrajendra
 
Chapter 2 program-security
Chapter 2 program-securityChapter 2 program-security
Chapter 2 program-securityVamsee Krishna Kiran
 
Artificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityArtificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityOlivier Busolini
 
Virus and Malicious Code Chapter 5
Virus and Malicious Code Chapter 5Virus and Malicious Code Chapter 5
Virus and Malicious Code Chapter 5AfiqEfendy Zaen
 
Keymanagement of ipsec
Keymanagement of ipsecKeymanagement of ipsec
Keymanagement of ipsecPACHIYAPPAN PACHIYAPPAS
 
Cyber Security Introduction.pptx
Cyber Security Introduction.pptxCyber Security Introduction.pptx
Cyber Security Introduction.pptxANIKETKUMARSHARMA3
 
Session Hijacking ppt
Session Hijacking pptSession Hijacking ppt
Session Hijacking pptHarsh Kevadia
 
Software security
Software securitySoftware security
Software securityRoman Oliynykov
 
Malware Classification and Analysis
Malware Classification and AnalysisMalware Classification and Analysis
Malware Classification and AnalysisPrashant Chopra
 
Malicious software
Malicious softwareMalicious software
Malicious softwareDr.Florence Dayana
 
Operating System Security
Operating System SecurityOperating System Security
Operating System SecurityRamesh Upadhaya
 
Machine learning in Cyber Security
Machine learning in Cyber SecurityMachine learning in Cyber Security
Machine learning in Cyber SecurityRajathV2
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingAlapan Banerjee
 
Ethical hacking
Ethical hacking Ethical hacking
Ethical hacking Institute of Information Security (IIS)
 
Malware detection-using-machine-learning
Malware detection-using-machine-learningMalware detection-using-machine-learning
Malware detection-using-machine-learningSecurity Bootcamp
 
Malicious software and software security
Malicious software and software securityMalicious software and software security
Malicious software and software securityG Prachi
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
Trends in network security feinstein - informatica64
Trends in network security feinstein - informatica64Trends in network security feinstein - informatica64
Trends in network security feinstein - informatica64Chema Alonso
 
Modern malware and threats
Modern malware and threatsModern malware and threats
Modern malware and threatsMartin Holovský
 

Contenu connexe

Tendances

Security Automation and Machine Learning
Security Automation and Machine LearningSecurity Automation and Machine Learning
Security Automation and Machine LearningSiemplify
 
The role of big data, artificial intelligence and machine learning in cyber i...
The role of big data, artificial intelligence and machine learning in cyber i...The role of big data, artificial intelligence and machine learning in cyber i...
The role of big data, artificial intelligence and machine learning in cyber i...Aladdin Dandis
 
Thrashing allocation frames.43
Thrashing allocation frames.43Thrashing allocation frames.43
Thrashing allocation frames.43myrajendra
 
Artificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityArtificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityOlivier Busolini
 
Virus and Malicious Code Chapter 5
Virus and Malicious Code Chapter 5Virus and Malicious Code Chapter 5
Virus and Malicious Code Chapter 5AfiqEfendy Zaen
 
Cyber Security Introduction.pptx
Cyber Security Introduction.pptxCyber Security Introduction.pptx
Cyber Security Introduction.pptxANIKETKUMARSHARMA3
 
Session Hijacking ppt
Session Hijacking pptSession Hijacking ppt
Session Hijacking pptHarsh Kevadia
 
Malware Classification and Analysis
Malware Classification and AnalysisMalware Classification and Analysis
Malware Classification and AnalysisPrashant Chopra
 
Operating System Security
Operating System SecurityOperating System Security
Operating System SecurityRamesh Upadhaya
 
Machine learning in Cyber Security
Machine learning in Cyber SecurityMachine learning in Cyber Security
Machine learning in Cyber SecurityRajathV2
 
Malware detection-using-machine-learning
Malware detection-using-machine-learningMalware detection-using-machine-learning
Malware detection-using-machine-learningSecurity Bootcamp
 
Malicious software and software security
Malicious software and software securityMalicious software and software security
Malicious software and software securityG Prachi
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 

Tendances (20)

Cyber security and AI
Cyber security and AICyber security and AI
Cyber security and AI
 
Security Automation and Machine Learning
Security Automation and Machine LearningSecurity Automation and Machine Learning
Security Automation and Machine Learning
 
The role of big data, artificial intelligence and machine learning in cyber i...
The role of big data, artificial intelligence and machine learning in cyber i...The role of big data, artificial intelligence and machine learning in cyber i...
The role of big data, artificial intelligence and machine learning in cyber i...
 
Thrashing allocation frames.43
Thrashing allocation frames.43Thrashing allocation frames.43
Thrashing allocation frames.43
 
Chapter 2 program-security
Chapter 2 program-securityChapter 2 program-security
Chapter 2 program-security
 
Artificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityArtificial Intelligence and Cybersecurity
Artificial Intelligence and Cybersecurity
 
Virus and Malicious Code Chapter 5
Virus and Malicious Code Chapter 5Virus and Malicious Code Chapter 5
Virus and Malicious Code Chapter 5
 
Keymanagement of ipsec
Keymanagement of ipsecKeymanagement of ipsec
Keymanagement of ipsec
 
Cyber Security Introduction.pptx
Cyber Security Introduction.pptxCyber Security Introduction.pptx
Cyber Security Introduction.pptx
 
Session Hijacking ppt
Session Hijacking pptSession Hijacking ppt
Session Hijacking ppt
 
Software security
Software securitySoftware security
Software security
 
Malware Classification and Analysis
Malware Classification and AnalysisMalware Classification and Analysis
Malware Classification and Analysis
 
Malicious software
Malicious softwareMalicious software
Malicious software
 
Operating System Security
Operating System SecurityOperating System Security
Operating System Security
 
Machine learning in Cyber Security
Machine learning in Cyber SecurityMachine learning in Cyber Security
Machine learning in Cyber Security
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Ethical hacking
Ethical hacking Ethical hacking
Ethical hacking
 
Malware detection-using-machine-learning
Malware detection-using-machine-learningMalware detection-using-machine-learning
Malware detection-using-machine-learning
 
Malicious software and software security
Malicious software and software securityMalicious software and software security
Malicious software and software security
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
 

Similaire à Buffer overflow attacks

Trends in network security feinstein - informatica64
Trends in network security feinstein - informatica64Trends in network security feinstein - informatica64
Trends in network security feinstein - informatica64Chema Alonso
 
Modern malware and threats
Modern malware and threatsModern malware and threats
Modern malware and threatsMartin Holovský
 
20101017 program analysis_for_security_livshits_lecture03_security
20101017 program analysis_for_security_livshits_lecture03_security20101017 program analysis_for_security_livshits_lecture03_security
20101017 program analysis_for_security_livshits_lecture03_securityComputer Science Club
 
01-intro-thompson.ppt
01-intro-thompson.ppt01-intro-thompson.ppt
01-intro-thompson.pptSadiaMuqaddas
 
Computer and Network Security
Computer and Network SecurityComputer and Network Security
Computer and Network SecurityAsif Raza
 
01-intro-thompson.ppt
01-intro-thompson.ppt01-intro-thompson.ppt
01-intro-thompson.pptROHITCHHOKER3
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network SecurityHarish Chaudhary
 
LIS3353 SP12 Week 9
LIS3353 SP12 Week 9LIS3353 SP12 Week 9
LIS3353 SP12 Week 9Amanda Case
 
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)INSIGHT FORENSIC
 
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)INSIGHT FORENSIC
 
Cyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTCyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTSimone Onofri
 
The Comprehensive Security Policy In The Trojan War
The Comprehensive Security Policy In The Trojan WarThe Comprehensive Security Policy In The Trojan War
The Comprehensive Security Policy In The Trojan WarMandy Cross
 
Thinking Differently About Security Protection and Prevention
Thinking Differently About Security Protection and PreventionThinking Differently About Security Protection and Prevention
Thinking Differently About Security Protection and PreventionDavid Perkins
 
Reverse Engineering 101
Reverse Engineering 101Reverse Engineering 101
Reverse Engineering 101ysurer
 
AI for Cybersecurity Innovation
AI for Cybersecurity InnovationAI for Cybersecurity Innovation
AI for Cybersecurity InnovationPete Burnap
 
The Lazy Attacker: Defending Against Broad-based Cyber Attacks
The Lazy Attacker: Defending Against Broad-based Cyber AttacksThe Lazy Attacker: Defending Against Broad-based Cyber Attacks
The Lazy Attacker: Defending Against Broad-based Cyber AttacksAlienVault
 

Similaire à Buffer overflow attacks (20)

Trends in network security feinstein - informatica64
Trends in network security feinstein - informatica64Trends in network security feinstein - informatica64
Trends in network security feinstein - informatica64
 
Modern malware and threats
Modern malware and threatsModern malware and threats
Modern malware and threats
 
20101017 program analysis_for_security_livshits_lecture03_security
20101017 program analysis_for_security_livshits_lecture03_security20101017 program analysis_for_security_livshits_lecture03_security
20101017 program analysis_for_security_livshits_lecture03_security
 
Super1
Super1Super1
Super1
 
01-intro-thompson.ppt
01-intro-thompson.ppt01-intro-thompson.ppt
01-intro-thompson.ppt
 
Computer and Network Security
Computer and Network SecurityComputer and Network Security
Computer and Network Security
 
01-intro-thompson.ppt
01-intro-thompson.ppt01-intro-thompson.ppt
01-intro-thompson.ppt
 
01-intro-thompson.ppt
01-intro-thompson.ppt01-intro-thompson.ppt
01-intro-thompson.ppt
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security
 
LIS3353 SP12 Week 9
LIS3353 SP12 Week 9LIS3353 SP12 Week 9
LIS3353 SP12 Week 9
 
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
 
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
 
Cyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTCyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APT
 
The Comprehensive Security Policy In The Trojan War
The Comprehensive Security Policy In The Trojan WarThe Comprehensive Security Policy In The Trojan War
The Comprehensive Security Policy In The Trojan War
 
APT - Project
APT - Project APT - Project
APT - Project
 
Buffer Overflows
Buffer OverflowsBuffer Overflows
Buffer Overflows
 
Thinking Differently About Security Protection and Prevention
Thinking Differently About Security Protection and PreventionThinking Differently About Security Protection and Prevention
Thinking Differently About Security Protection and Prevention
 
Reverse Engineering 101
Reverse Engineering 101Reverse Engineering 101
Reverse Engineering 101
 
AI for Cybersecurity Innovation
AI for Cybersecurity InnovationAI for Cybersecurity Innovation
AI for Cybersecurity Innovation
 
The Lazy Attacker: Defending Against Broad-based Cyber Attacks
The Lazy Attacker: Defending Against Broad-based Cyber AttacksThe Lazy Attacker: Defending Against Broad-based Cyber Attacks
The Lazy Attacker: Defending Against Broad-based Cyber Attacks
 

Plus de Joe McCarthy

Situated Social Computing 20110622
Situated Social Computing 20110622Situated Social Computing 20110622
Situated Social Computing 20110622Joe McCarthy
 
Alone Together: Human-Robot Interaction
Alone Together: Human-Robot InteractionAlone Together: Human-Robot Interaction
Alone Together: Human-Robot InteractionJoe McCarthy
 
02 introduction to network security
02 introduction to network security02 introduction to network security
02 introduction to network securityJoe McCarthy
 
Toward Hybrid Computing
Toward Hybrid ComputingToward Hybrid Computing
Toward Hybrid ComputingJoe McCarthy
 
Technology Education in an Urban Metropolitan University
Technology Education in an Urban Metropolitan UniversityTechnology Education in an Urban Metropolitan University
Technology Education in an Urban Metropolitan UniversityJoe McCarthy
 
Hybrid Design Practices - Technology in Downtown Disney
Hybrid Design Practices - Technology in Downtown DisneyHybrid Design Practices - Technology in Downtown Disney
Hybrid Design Practices - Technology in Downtown DisneyJoe McCarthy
 
UbiComp 2009 Town Hall
UbiComp 2009 Town HallUbiComp 2009 Town Hall
UbiComp 2009 Town HallJoe McCarthy
 
Ubicomp2009 Opening Remarks
Ubicomp2009 Opening RemarksUbicomp2009 Opening Remarks
Ubicomp2009 Opening RemarksJoe McCarthy
 
Situated Community Technology C&T 2009
Situated Community Technology C&T 2009Situated Community Technology C&T 2009
Situated Community Technology C&T 2009Joe McCarthy
 
CoCollage Digital Cities 6
CoCollage Digital Cities 6CoCollage Digital Cities 6
CoCollage Digital Cities 6Joe McCarthy
 
CoCollage UW iSchool 20090515
CoCollage UW iSchool 20090515CoCollage UW iSchool 20090515
CoCollage UW iSchool 20090515Joe McCarthy
 
CoCollage Overview
CoCollage OverviewCoCollage Overview
CoCollage OverviewJoe McCarthy
 
Proactive Displays CSCW2008
Proactive Displays CSCW2008Proactive Displays CSCW2008
Proactive Displays CSCW2008Joe McCarthy
 
UbiComp 2008 Closing
UbiComp 2008 ClosingUbiComp 2008 Closing
UbiComp 2008 ClosingJoe McCarthy
 
Situated Computing U Korea Forum 20080924 Draft
Situated Computing U Korea Forum 20080924 DraftSituated Computing U Korea Forum 20080924 Draft
Situated Computing U Korea Forum 20080924 DraftJoe McCarthy
 
Ubicomp 2008 Opening
Ubicomp 2008 OpeningUbicomp 2008 Opening
Ubicomp 2008 OpeningJoe McCarthy
 
UbiComp2008 Town Hall
UbiComp2008 Town HallUbiComp2008 Town Hall
UbiComp2008 Town HallJoe McCarthy
 
Proactive Displays, UW DUB group, 16 July 2008
Proactive Displays, UW DUB group, 16 July 2008Proactive Displays, UW DUB group, 16 July 2008
Proactive Displays, UW DUB group, 16 July 2008Joe McCarthy
 
Proactive Displays IIIA 20080627
Proactive Displays IIIA 20080627Proactive Displays IIIA 20080627
Proactive Displays IIIA 20080627Joe McCarthy
 

Plus de Joe McCarthy (20)

Situated Social Computing 20110622
Situated Social Computing 20110622Situated Social Computing 20110622
Situated Social Computing 20110622
 
Alone Together: Human-Robot Interaction
Alone Together: Human-Robot InteractionAlone Together: Human-Robot Interaction
Alone Together: Human-Robot Interaction
 
02 introduction to network security
02 introduction to network security02 introduction to network security
02 introduction to network security
 
Toward Hybrid Computing
Toward Hybrid ComputingToward Hybrid Computing
Toward Hybrid Computing
 
Technology Education in an Urban Metropolitan University
Technology Education in an Urban Metropolitan UniversityTechnology Education in an Urban Metropolitan University
Technology Education in an Urban Metropolitan University
 
Hybrid Design Practices - Technology in Downtown Disney
Hybrid Design Practices - Technology in Downtown DisneyHybrid Design Practices - Technology in Downtown Disney
Hybrid Design Practices - Technology in Downtown Disney
 
UbiComp 2009 Town Hall
UbiComp 2009 Town HallUbiComp 2009 Town Hall
UbiComp 2009 Town Hall
 
Ubicomp2009 Opening Remarks
Ubicomp2009 Opening RemarksUbicomp2009 Opening Remarks
Ubicomp2009 Opening Remarks
 
CoCollage C&T2009
CoCollage C&T2009CoCollage C&T2009
CoCollage C&T2009
 
Situated Community Technology C&T 2009
Situated Community Technology C&T 2009Situated Community Technology C&T 2009
Situated Community Technology C&T 2009
 
CoCollage Digital Cities 6
CoCollage Digital Cities 6CoCollage Digital Cities 6
CoCollage Digital Cities 6
 
CoCollage UW iSchool 20090515
CoCollage UW iSchool 20090515CoCollage UW iSchool 20090515
CoCollage UW iSchool 20090515
 
CoCollage Overview
CoCollage OverviewCoCollage Overview
CoCollage Overview
 
Proactive Displays CSCW2008
Proactive Displays CSCW2008Proactive Displays CSCW2008
Proactive Displays CSCW2008
 
UbiComp 2008 Closing
UbiComp 2008 ClosingUbiComp 2008 Closing
UbiComp 2008 Closing
 
Situated Computing U Korea Forum 20080924 Draft
Situated Computing U Korea Forum 20080924 DraftSituated Computing U Korea Forum 20080924 Draft
Situated Computing U Korea Forum 20080924 Draft
 
Ubicomp 2008 Opening
Ubicomp 2008 OpeningUbicomp 2008 Opening
Ubicomp 2008 Opening
 
UbiComp2008 Town Hall
UbiComp2008 Town HallUbiComp2008 Town Hall
UbiComp2008 Town Hall
 
Proactive Displays, UW DUB group, 16 July 2008
Proactive Displays, UW DUB group, 16 July 2008Proactive Displays, UW DUB group, 16 July 2008
Proactive Displays, UW DUB group, 16 July 2008
 
Proactive Displays IIIA 20080627
Proactive Displays IIIA 20080627Proactive Displays IIIA 20080627
Proactive Displays IIIA 20080627
 

Dernier

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 

Dernier (20)

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 

Buffer overflow attacks

  • 1. Network Security:Buffer Overflow Attacks Joe McCarthy
  • 2. Today’s Agenda What is Network Security? Why should you care? What is a network security attack? What is a buffer overflow attack? Where can you learn more? All in 30 minutes …
  • 3. What is Network Security? Computer Security The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications) February 2004 http://csrc.nist.gov/publications/fips/fips199/FIPS-PUB-199-final.pdf Network Security Essentials, 4/E William Stallings Prentice Hall, 2011
  • 4. Why study Network Security? Multi-disciplinary Computer science, mathematics, psychology, sociology, politics, ethics, economics, forensics, … New way of thinking: security mind set Preventing undesirable behavior vs. enabling desirable behavior Personal relevance Keeping your personal data & devices safe Professional relevance
  • 5. TCSS 431: Network Security Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, 2/E Ed Skoudis Tom Liston Prentice Hall, 2006 Network Security:Private Communication in a Public World, 2/E Charlie Kaufman Radia Perlman Mike Speciner Prentice Hall, 2002
  • 6. Today’s Agenda 1. Introduction   2. Networking Overview   3. Linux and UNIX Overview   4. Windows NT/000/XP/00 Overview   5. Phase 1: Reconnaissance   6. Phase 2: Scanning   7. Phase 3: Gaining Access Using Application & OS Attacks     Script Kiddie Exploit Trolling     Pragmatism for More Sophisticated Attackers      Buffer Overflow Exploits      Password Attacks      Web Application Attacks      Exploiting Browser Flaws   8. Phase 4: Gaining Access Using Network Attacks   9. Phase 4: Denial-of-Service Attacks 10. Phase 4: Maintaining Access: Trojans, Backdoors& Rootkits 11. Phase 5: Covering Tracks & Hiding 12. Putting It All Together: Anatomy of an Attack 13. The Future, References & Conclusions Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, 2/E Skoudis & Liston Prentice Hall, 2006
  • 7. Anatomy of an Attack Reconnaissance “casing the joint” Discovery of physical & online sensitive information Names, contact info (phone, email), IP addresses Social engineering, dumpster diving, Google Scanning “trying doorknobs & windows” Search for openings, network topology, OS type(s) Wireless access points, TCP ports, routers, gateways Inventory of target system & possible vulnerabilities Gaining access “breaking in” Application & OS attacks (Chapter 7) Stack-based & Heap-based Buffer Overflow Attacks
  • 8.
  • 9.
  • 10. A program is a collection of segments such as:
  • 23. C library functions considered harmful
  • 24. C library functions considered harmful Frank Rubin. (March 1987) Communications of the ACM 30 (3): 195–196. Donald Moore, Chuck Musciano, Michael J. Liebhaber, Steven F. Lott and Lee Starr. (May 1987) Communications of the ACM 30 (5): 351–355. http://en.wikipedia.org/wiki/Considered_harmful
  • 25. Finding stack-based buffer overflow vulnerabilities Examine source code (if available) Use debugger on executableto find exploitable library Apply brute force Inundate application with input data Examine stack traces after crashes But what would you input … & what would you look for?
  • 26. Sample program #include <stdio.h> void f() { char s[9]; printf( "_________12345678901234567890" ); printf( "Enter s: " ); gets( s ); printf( "You entered: %s", s ); return; } main() { f(); }
  • 31. Running the program 0x49 = “I”, 0x48 = “H”, 0x47 = “G”, 0x46 = “F”
  • 32. Running the program 0x49 = “I”, 0x48 = “H”, 0x47 = “G”, 0x46 = “F”
  • 33. Strategy & Structure of a “Sploit” “Fuzzing” Repeated input patterns AAAA… (“A” = 0x41) ABCDEFG… DEF1, DEF2, DEF3, … NOP (No Operation) 0x90 on x86 Also: Add 0 Multiply by 1 Jump to next instruction … NOP sled
  • 36. Script Kiddies & Exploit Collections Attacks (exploits) are widely available French Security Response Team (FrSIRT) http://www.vupen.com/english/ “Only available to trusted organizations” Packet Storm Security http://packetstormsecurity.org/ Security Focus Bugtraq Archives http://www.securityfocus.com/bid Metasploit Project http://www.metasploit.com Little or no knowledge required
  • 38. Sample Payloads Bind shell to current port Bind shell to arbitrary port Reverse shell Windows VNC Server DLL Reverse VNC DLL Inject Inject DLL into running application Create local admin user The Meterpreter (Metasploit Interpreter)
  • 41. Pros & Cons of Exploit Frameworks
  • 42. Pros & Cons of Exploit Frameworks Advantages for Attackers Reduced time Increased quality Advantages for Defenders Increased accuracy of security assessments Vulnerability scans yield many false positives (30-50%) Scan, then sploit to find “real” problems Verify IDS / IPS functionality Malfunctions, misconfiguration, pre-emptive attacks Improving management awareness “Please don’t steal this file!”
  • 43. Defenses against Buffer Overflow Attacks Safer programming StackGuard, Stack Shield Security reviews ITS4 (“It’s the Software, Stupid - Security Scanner”) RATS (Rough Auditing Tool for Security) Flawfinder
  • 44. For more information “Smashing the Stack for Fun and Profit” Aleph One, aleph1@underground.org http://www.phrack.org/issues.html?id=14&issue=49 Common Vulnerabilities & Exposures http://cve.mitre.org/cve/ Total CVEs: 45,149 Stack-based overflow vulnerabilities 1200+: IE, Safari, Firefox, Opera, RealPlayer, QuickTime, WMP, WinAmp, DB2, Excel, Access, Word, PowerPoint, OpenOffice, Eudora, Acrobat, Reader, JDK, JRE, Norton, McAfee, eTrust, RAZR Heap-based overflow vulnerabilities 900+: IE, Opera, Firefox, Thunderbird, Apache, VB, ColdFusion, Skype, PHP, Oracle, PostgreSQL, AIM, Windows Live Messenger, WordPerfect, Outlook Express, PageMaker, PowerPoint, Excel, Netscape, McAfee, DirectX, Shockwave, Subversion, QuickTime, Norton, Sophos, Kaspersky, RSA SecurID, PuTTY, iTunes, RealPlayer, WinAmp, OpenOffice, JRE, Facebook Photo Uploader ActiveX, Blackberry