Vulnerabilities and Exploitation - Application Security Sci-Fi Hipster Edition
Report
blaufishFollow
Aug. 5, 2013•0 likes•493 views
Vulnerabilities and Exploitation - Application Security Sci-Fi Hipster Edition
Aug. 5, 2013•0 likes•493 views
Download to read offline
Report
Technology
Explaining vulnerabilities, exploits, attack vectors, attack surface reduction, aslr etc to someone who understands The Imperial Deathstar. Presented at Opkoko 2013.1. Live presentation recording in Swedish here: http://www.youtube.com/watch?v=Xi9SRFENiO4
blaufishFollow
More Related Content
Similar to Vulnerabilities and Exploitation - Application Security Sci-Fi Hipster Edition
Buffer overflow attacksKapil Nagrale
Positive Hack Days. Тараканов. Мастер-класс: уязвимости нулевого дняPositive Hack Days
![[論文紹介] VCC-Finder: Finding Potential Vulnerabilities in Open-Source Projects ...](https://cdn.slidesharecdn.com/ss_thumbnails/wc6keiqftdgh7zr7wvvd-signature-ccecd48cadc8974316a6e7b60e94ab364de5fecf00501a2d79028caf1ea8efb1-poli-160521041645-thumbnail.jpg?width=384&height=256&fit=bounds)
[論文紹介] VCC-Finder: Finding Potential Vulnerabilities in Open-Source Projects ...Kenta Yamamoto
System Hacking Tutorial #1 - Introduction to Vulnerability and Type of Vulner...sanghwan ahn
![zkStudyClub: Zero-Knowledge Proofs Security, in Practice [JP Aumasson, Taurus]](https://cdn.slidesharecdn.com/ss_thumbnails/2022-secsnark-220331171948-thumbnail.jpg?width=384&height=256&fit=bounds)
zkStudyClub: Zero-Knowledge Proofs Security, in Practice [JP Aumasson, Taurus]Alex Pruden
Os Cookoscon2007
![[論文紹介] VCC-Finder: Finding Potential Vulnerabilities in Open-Source Projects ...](https://cdn.slidesharecdn.com/ss_thumbnails/wc6keiqftdgh7zr7wvvd-signature-ccecd48cadc8974316a6e7b60e94ab364de5fecf00501a2d79028caf1ea8efb1-poli-160521041645-thumbnail.jpg?width=2048&height=1162&fit=bounds)
![zkStudyClub: Zero-Knowledge Proofs Security, in Practice [JP Aumasson, Taurus]](https://cdn.slidesharecdn.com/ss_thumbnails/2022-secsnark-220331171948-thumbnail.jpg?width=2048&height=1162&fit=bounds)
Recently uploaded
Netwitness RT - Don’t scratch that patch.pptxStefano Maccaglia
Supplier Sourcing_Cathy.pptxCatarinaTorrenuevaMa
Future of SkillsAlison B. Lowndes
TEKART CON 2023AdedoyinSamuel1
Demystifying ML/AIMatthew Reynolds
Scaling out with WordPressKonstantin Kovshenin
Vulnerabilities and Exploitation - Application Security Sci-Fi Hipster Edition
- 1. Vulnerabilities and Exploitation APPLICATION SECURITY SCI-FI HIPSTER EDITION! peter magnusson twitter: @blaufish_ omegapoint.se sakerhetspodcasten.se
- 3. DEFENDER Imperial Death Star (legacy application)
- 5. ATTACKERS X-Wing squad (hackers, agile)
- 6. VULNERABILITY Reactor core (document.write, s printf, eval)
- 8. ATTACK VECTOR Exhaust port / shaft (code paths etc. connecting input to vulnerability )
- 10. EXPLOIT Torpedo fitting into exhaust port Reach and gain control over vulnerability, ?id=%27%20SQL
- 12. EXPLOIT PAYLOAD Exploding proton warhead (metasploit meterpreter, connect back shells, sqli downloading database, etc)
- 14. Improving the Imperial Death Star
- 15. ATTACK SURFACE REDUCTION Disable by default Close unused port Force-field (firewall)
- 16. FIX VULNERABILITY Exploding core -> safe non-exploding core (sprintf -> snprintf)
- 17. DON’T JUST FIX ONE ATTACK VECTOR Often multiple paths to same vulnernability
- 18. EXPLOIT MITIGATION ASLR: Randomize location of vulnerability
- 19. FIN Questions?