Your SlideShare is downloading. ×
 Buffer Overflow by SecArmour
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Buffer Overflow by SecArmour

117
views

Published on

A buffer overflow occurs when a program or process tries to store more data than it was intended for. Buffer is a sequential section of memory allocated to contain anything from a character string to …

A buffer overflow occurs when a program or process tries to store more data than it was intended for. Buffer is a sequential section of memory allocated to contain anything from a character string to an array of integers. Writing outside the bounds of a block of allocated memory can corrupt data, crash the program, or cause the execution of malicious code.

Published in: Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
117
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
4
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. SECURITY BEYOND COMPARE
  • 2. Buffer Overflow  Technique to force execution of malicious code with unauthorized privileges – launch a command shell – search local disk or network for sensitive data – register with command and control network as a zombie  Can be applied both locally and remotely  Attack technique is independent of machine  architecture and operating system  Can be tricky to execute, but extremely effective
  • 3. Layout Of Stack  Grows from high-end address to low-end address (buffer grows from low-end address to high-end address);  Return Address- When a function returns, the instructions pointed by it will be executed;  Stack Frame pointer(esp)- is used to reference to local variables and function parameters.
  • 4. Layout of the Virtual Space of a Process The layout of the virtual space of a process in Linux
  • 5. Example low-end address esp int cal(int a, int b) { int c; c = a + b; return c; } int main () { int d; d = cal(1, 2); printf("%dn", d); return; } c ebp previous ebp retaddr(0x0804822) a(1) b(2) Stack high-end address
  • 6. Shell code  Shellcode is defined as a set of instructions which is injected and then is executed by an exploited program;  Shellcode is used to directly manipulate registers and the function of a program;  Most of shellcodes use system call to do malicious behaviors;  System calls is a set of functions which allow you to access operating system-specific functions such as getting input, producing output, exiting a process;
  • 7. How to prevent stack buffer overflow?  Stack Guard  In a stack , a canary word is placed after return address whenever a function is called;  The canary will be checked before the function returns. If value of canary is changed , then it indicates an malicious behavior. Local Variables Lower address Old Base Pointer Canary Value ReturnAddres Arguments Higher address Unix Stack Frame
  • 8. Cont.  Non-Executable stack;  Return-to-libc exploitation might occur  Randomization.