SlideShare a Scribd company logo

Finding Diversity In Remote Code Injection Exploits

A
amiable_indian

www.secguru.com

Technology
1 of 38
Finding Diversity in Remote Code Injection Exploits Justin Ma , John Dunagan , Helen J. Wang , Stefan Savage , Geoffrey M. Voelker University of California, San Diego Microsoft Research Internet Measurement Conference 2006
Outline ,[object Object],[object Object],[object Object],[object Object],[object Object]
Introduction ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Introduction (cont’d) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Outline ,[object Object],[object Object],[object Object],[object Object],[object Object]
Background ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Stack Buffer Overflow Simple example of a remote stack-based buffer overflow. The shaded regions represent the shellcode of the exploit as sent over network packets, then as injected into the vulnerable buffer of the target host. The return address has been overwritten with injected data, thereby redirecting the execution flow to the shellcode residing in the vulnerable buffer .
Background (cont’d) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Background (cont’d) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[11] C. Kruegel, E. Kirda, D. Mutz, W. Robertson, and G. Vigna. Polymorphic Worm Detection Using Structural Information of Executables. In Proceedings of Symposium on Recent Advances in Intrusion Detection (RAID) , Seattle, WA, Sept.2005.
Outline ,[object Object],[object Object],[object Object],[object Object],[object Object]
Methodology-Exploit Collection ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Methodology-Extracting Shellcodes ,[object Object],[object Object],[object Object],[object Object],[29] H. Wang, C. Guo, D. Simon, and A. Zugenmaier. Shield: Vulnerability-Driven Network Filters for Preventing Known Vulnerability Exploits. In Proceedings of the ACM SIGCOMM Conference , Portland, Oregon, Sept. 2004.
Methodology-Exploit Emulation ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Methodology-Clustering ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Methodology-Clustering (cont’d) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[11]C. Kruegel, E. Kirda, D. Mutz, W. Robertson, and G. Vigna. Polymorphic Worm Detection Using Structural Information of Executables. In Proceedings of Symposium on Recent Advances in Intrusion Detection (RAID), Seattle, WA, Sept. 2005
Methodology-Clustering (cont’d) ,[object Object],[object Object],[object Object],[object Object],Canonical string for shellcode
Outline ,[object Object],[object Object],[object Object],[object Object],[object Object]
Exploit Diversity ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
SQL Name Resolution ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
LSASS (Local Security Authority Subsystem Service) ,[object Object],[object Object]
LSASS (cont’d) Exedit Edit structural Not fundamental to the code Ignores subtle differences between shellcodes
LSASS (cont’d) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
LSASS (cont’d) - Prevalence
ISystemActivator ,[object Object],[object Object],The result of polymorphism? indicate that exploits within a family are similar, but that ISys families differ more substantially from each other than the LSASS exploit families
ISystemActivator ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
ISystemActivator 4-byte decoding key Kernel-address loading function Function-finding block 4-byte encoding key Kernel base loader Function finder
ISystemActivator largest payload length and its flow of execution was the most complicated
ISystemActivator ,[object Object],[object Object],[object Object]
ISystemActivator Different instructions in parts, otherwise very similar
ISystemActivator “ Bind” version required the newly-infected host to bind on a socket and wait for a connection attempt from the infecting host “ Connect-back” version required the newly-infected host to connect back to the infecting host Interestingly, the number of iterations in ISys-3’s loop overshoots the exploit payload. Thus, it seems that either ISys-2 was a refinement of ISys-3, or that ISys-3 was a poor imitation of ISys-2.
ISystemActivator
RemoteActivation ,[object Object]
RemoteActivation (cont’d) Exedit distance is very small ,[object Object],[object Object],[object Object],0 : “Bind” version 1 : “Connect-back” version Manual inspection : the last third (roughly 300 bytes) of the payload contained randomly generated characters
Diversity Across Vulnerabilities ,[object Object],[object Object]
Diversity Across Vulnerabilities (cont’d) Dendrogram for the LBL trace exploits using exedit distance. The 1st set of hash marks just below 0% represent ISystemActivator, the 2nd represent LSASS, the 3rd represent PNP, and the 4th represent RemoteActivation.
Diversity Across Vulnerabilities (cont’d) Multi-vector family
Discussion - Polymorphism ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Conclusion ,[object Object],[object Object],[object Object],[object Object],[object Object]

Recommended

Intrusion Alert Correlation
Intrusion Alert CorrelationIntrusion Alert Correlation
Intrusion Alert Correlationamiable_indian
 
IDS - Fact, Challenges and Future
IDS - Fact, Challenges and FutureIDS - Fact, Challenges and Future
IDS - Fact, Challenges and Futureamiable_indian
 
Testbed For Ids
Testbed For IdsTestbed For Ids
Testbed For Idsamiable_indian
 
IRJET- Review on Intrusion Detection System using Recurrent Neural Network wi...
IRJET- Review on Intrusion Detection System using Recurrent Neural Network wi...IRJET- Review on Intrusion Detection System using Recurrent Neural Network wi...
IRJET- Review on Intrusion Detection System using Recurrent Neural Network wi...IRJET Journal
 
Intrusion Detection Techniques for Mobile Wireless Networks
Intrusion Detection Techniques for Mobile Wireless NetworksIntrusion Detection Techniques for Mobile Wireless Networks
Intrusion Detection Techniques for Mobile Wireless Networksguest1b5f71
 
Qualifying exam-2015-final
Qualifying exam-2015-finalQualifying exam-2015-final
Qualifying exam-2015-finalOpen Networking Perú (Opennetsoft)
 
IDS Network security - Bouvry
IDS Network security - BouvryIDS Network security - Bouvry
IDS Network security - Bouvrygh02
 
Intrusion detection using data mining
Intrusion detection using data miningIntrusion detection using data mining
Intrusion detection using data miningbalbeerrawat
 

Recommended

Intrusion Alert Correlation
Intrusion Alert CorrelationIntrusion Alert Correlation
Intrusion Alert Correlationamiable_indian
 
IDS - Fact, Challenges and Future
IDS - Fact, Challenges and FutureIDS - Fact, Challenges and Future
IDS - Fact, Challenges and Futureamiable_indian
 
Testbed For Ids
Testbed For IdsTestbed For Ids
Testbed For Idsamiable_indian
 
IRJET- Review on Intrusion Detection System using Recurrent Neural Network wi...
IRJET- Review on Intrusion Detection System using Recurrent Neural Network wi...IRJET- Review on Intrusion Detection System using Recurrent Neural Network wi...
IRJET- Review on Intrusion Detection System using Recurrent Neural Network wi...IRJET Journal
 
Intrusion Detection Techniques for Mobile Wireless Networks
Intrusion Detection Techniques for Mobile Wireless NetworksIntrusion Detection Techniques for Mobile Wireless Networks
Intrusion Detection Techniques for Mobile Wireless Networksguest1b5f71
 
Qualifying exam-2015-final
Qualifying exam-2015-finalQualifying exam-2015-final
Qualifying exam-2015-finalOpen Networking Perú (Opennetsoft)
 
IDS Network security - Bouvry
IDS Network security - BouvryIDS Network security - Bouvry
IDS Network security - Bouvrygh02
 
Intrusion detection using data mining
Intrusion detection using data miningIntrusion detection using data mining
Intrusion detection using data miningbalbeerrawat
 
Intrusion Detection with Neural Networks
Intrusion Detection with Neural NetworksIntrusion Detection with Neural Networks
Intrusion Detection with Neural Networksantoniomorancardenas
 
Layered approach
Layered approachLayered approach
Layered approachingenioustech
 
NICE: Network Intrusion Detection and Countermeasure Selection in Virtual Net...
NICE: Network Intrusion Detection and Countermeasure Selection in Virtual Net...NICE: Network Intrusion Detection and Countermeasure Selection in Virtual Net...
NICE: Network Intrusion Detection and Countermeasure Selection in Virtual Net...Migrant Systems
 
A wireless intrusion detection system and a new attack model (synopsis)
A wireless intrusion detection system and a new attack model (synopsis)A wireless intrusion detection system and a new attack model (synopsis)
A wireless intrusion detection system and a new attack model (synopsis)Mumbai Academisc
 
F0371046050
F0371046050F0371046050
F0371046050inventionjournals
 
Icacci presentation-cnn intrusion
Icacci presentation-cnn intrusionIcacci presentation-cnn intrusion
Icacci presentation-cnn intrusionvinaykumar R
 
Replay of Malicious Traffic in Network Testbeds
Replay of Malicious Traffic in Network TestbedsReplay of Malicious Traffic in Network Testbeds
Replay of Malicious Traffic in Network TestbedsDETER-Project
 
Practical real-time intrusion detection using machine learning approaches
Practical real-time intrusion detection using machine learning approachesPractical real-time intrusion detection using machine learning approaches
Practical real-time intrusion detection using machine learning approachesFull Stack Developer at Electro Mizan Andisheh
 
Databse Intrusion Detection Using Data Mining Approach
Databse Intrusion Detection Using Data Mining ApproachDatabse Intrusion Detection Using Data Mining Approach
Databse Intrusion Detection Using Data Mining ApproachSuraj Chauhan
 
AI for Cybersecurity Innovation
AI for Cybersecurity InnovationAI for Cybersecurity Innovation
AI for Cybersecurity InnovationPete Burnap
 
Project in malware analysis:C2C
Project in malware analysis:C2CProject in malware analysis:C2C
Project in malware analysis:C2CFabrizio Farinacci
 
IRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET- Penetration Testing using Metasploit Framework: An Ethical ApproachIRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET- Penetration Testing using Metasploit Framework: An Ethical ApproachIRJET Journal
 
IRJET- SDN Multi-Controller based Framework to Detect and Mitigate DDoS i...
IRJET- SDN Multi-Controller based Framework to Detect and Mitigate DDoS i...IRJET- SDN Multi-Controller based Framework to Detect and Mitigate DDoS i...
IRJET- SDN Multi-Controller based Framework to Detect and Mitigate DDoS i...IRJET Journal
 
Optimized Intrusion Detection System using Deep Learning Algorithm
Optimized Intrusion Detection System using Deep Learning AlgorithmOptimized Intrusion Detection System using Deep Learning Algorithm
Optimized Intrusion Detection System using Deep Learning Algorithmijtsrd
 
Deep Learning based Threat / Intrusion detection system
Deep Learning based Threat / Intrusion detection systemDeep Learning based Threat / Intrusion detection system
Deep Learning based Threat / Intrusion detection systemAffine Analytics
 
Design and Implementation of Artificial Immune System for Detecting Flooding ...
Design and Implementation of Artificial Immune System for Detecting Flooding ...Design and Implementation of Artificial Immune System for Detecting Flooding ...
Design and Implementation of Artificial Immune System for Detecting Flooding ...Kent State University
 
SECURITY THREATS IN SENSOR NETWORK IN IOT: A SURVEY
SECURITY THREATS IN SENSOR NETWORK IN IOT: A SURVEYSECURITY THREATS IN SENSOR NETWORK IN IOT: A SURVEY
SECURITY THREATS IN SENSOR NETWORK IN IOT: A SURVEYJournal For Research
 
Ijnsa050214
Ijnsa050214Ijnsa050214
Ijnsa050214IJNSA Journal
 
Deep learning approach for network intrusion detection system
Deep learning approach for network intrusion detection systemDeep learning approach for network intrusion detection system
Deep learning approach for network intrusion detection systemAvinash Kumar
 
Cloudslam09:Building a Cloud Computing Analysis System for Intrusion Detection
Cloudslam09:Building a Cloud Computing Analysis System for Intrusion DetectionCloudslam09:Building a Cloud Computing Analysis System for Intrusion Detection
Cloudslam09:Building a Cloud Computing Analysis System for Intrusion DetectionWei-Yu Chen
 
Qué Es Internet
Qué Es InternetQué Es Internet
Qué Es Internetlaura.com
 
Soundplanning community
Soundplanning communitySoundplanning community
Soundplanning communitySalvatore Marras
 

More Related Content

What's hot

Intrusion Detection with Neural Networks
Intrusion Detection with Neural NetworksIntrusion Detection with Neural Networks
Intrusion Detection with Neural Networksantoniomorancardenas
 
NICE: Network Intrusion Detection and Countermeasure Selection in Virtual Net...
NICE: Network Intrusion Detection and Countermeasure Selection in Virtual Net...NICE: Network Intrusion Detection and Countermeasure Selection in Virtual Net...
NICE: Network Intrusion Detection and Countermeasure Selection in Virtual Net...Migrant Systems
 
A wireless intrusion detection system and a new attack model (synopsis)
A wireless intrusion detection system and a new attack model (synopsis)A wireless intrusion detection system and a new attack model (synopsis)
A wireless intrusion detection system and a new attack model (synopsis)Mumbai Academisc
 
Icacci presentation-cnn intrusion
Icacci presentation-cnn intrusionIcacci presentation-cnn intrusion
Icacci presentation-cnn intrusionvinaykumar R
 
Replay of Malicious Traffic in Network Testbeds
Replay of Malicious Traffic in Network TestbedsReplay of Malicious Traffic in Network Testbeds
Replay of Malicious Traffic in Network TestbedsDETER-Project
 
Databse Intrusion Detection Using Data Mining Approach
Databse Intrusion Detection Using Data Mining ApproachDatabse Intrusion Detection Using Data Mining Approach
Databse Intrusion Detection Using Data Mining ApproachSuraj Chauhan
 
AI for Cybersecurity Innovation
AI for Cybersecurity InnovationAI for Cybersecurity Innovation
AI for Cybersecurity InnovationPete Burnap
 
Project in malware analysis:C2C
Project in malware analysis:C2CProject in malware analysis:C2C
Project in malware analysis:C2CFabrizio Farinacci
 
IRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET- Penetration Testing using Metasploit Framework: An Ethical ApproachIRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET- Penetration Testing using Metasploit Framework: An Ethical ApproachIRJET Journal
 
IRJET- SDN Multi-Controller based Framework to Detect and Mitigate DDoS i...
IRJET- SDN Multi-Controller based Framework to Detect and Mitigate DDoS i...IRJET- SDN Multi-Controller based Framework to Detect and Mitigate DDoS i...
IRJET- SDN Multi-Controller based Framework to Detect and Mitigate DDoS i...IRJET Journal
 
Optimized Intrusion Detection System using Deep Learning Algorithm
Optimized Intrusion Detection System using Deep Learning AlgorithmOptimized Intrusion Detection System using Deep Learning Algorithm
Optimized Intrusion Detection System using Deep Learning Algorithmijtsrd
 
Deep Learning based Threat / Intrusion detection system
Deep Learning based Threat / Intrusion detection systemDeep Learning based Threat / Intrusion detection system
Deep Learning based Threat / Intrusion detection systemAffine Analytics
 
Design and Implementation of Artificial Immune System for Detecting Flooding ...
Design and Implementation of Artificial Immune System for Detecting Flooding ...Design and Implementation of Artificial Immune System for Detecting Flooding ...
Design and Implementation of Artificial Immune System for Detecting Flooding ...Kent State University
 
SECURITY THREATS IN SENSOR NETWORK IN IOT: A SURVEY
SECURITY THREATS IN SENSOR NETWORK IN IOT: A SURVEYSECURITY THREATS IN SENSOR NETWORK IN IOT: A SURVEY
SECURITY THREATS IN SENSOR NETWORK IN IOT: A SURVEYJournal For Research
 
Deep learning approach for network intrusion detection system
Deep learning approach for network intrusion detection systemDeep learning approach for network intrusion detection system
Deep learning approach for network intrusion detection systemAvinash Kumar
 
Cloudslam09:Building a Cloud Computing Analysis System for Intrusion Detection
Cloudslam09:Building a Cloud Computing Analysis System for Intrusion DetectionCloudslam09:Building a Cloud Computing Analysis System for Intrusion Detection
Cloudslam09:Building a Cloud Computing Analysis System for Intrusion DetectionWei-Yu Chen
 

What's hot (20)

Intrusion Detection with Neural Networks
Intrusion Detection with Neural NetworksIntrusion Detection with Neural Networks
Intrusion Detection with Neural Networks
 
Layered approach
Layered approachLayered approach
Layered approach
 
NICE: Network Intrusion Detection and Countermeasure Selection in Virtual Net...
NICE: Network Intrusion Detection and Countermeasure Selection in Virtual Net...NICE: Network Intrusion Detection and Countermeasure Selection in Virtual Net...
NICE: Network Intrusion Detection and Countermeasure Selection in Virtual Net...
 
A wireless intrusion detection system and a new attack model (synopsis)
A wireless intrusion detection system and a new attack model (synopsis)A wireless intrusion detection system and a new attack model (synopsis)
A wireless intrusion detection system and a new attack model (synopsis)
 
F0371046050
F0371046050F0371046050
F0371046050
 
Icacci presentation-cnn intrusion
Icacci presentation-cnn intrusionIcacci presentation-cnn intrusion
Icacci presentation-cnn intrusion
 
Replay of Malicious Traffic in Network Testbeds
Replay of Malicious Traffic in Network TestbedsReplay of Malicious Traffic in Network Testbeds
Replay of Malicious Traffic in Network Testbeds
 
Practical real-time intrusion detection using machine learning approaches
Practical real-time intrusion detection using machine learning approachesPractical real-time intrusion detection using machine learning approaches
Practical real-time intrusion detection using machine learning approaches
 
Databse Intrusion Detection Using Data Mining Approach
Databse Intrusion Detection Using Data Mining ApproachDatabse Intrusion Detection Using Data Mining Approach
Databse Intrusion Detection Using Data Mining Approach
 
AI for Cybersecurity Innovation
AI for Cybersecurity InnovationAI for Cybersecurity Innovation
AI for Cybersecurity Innovation
 
Project in malware analysis:C2C
Project in malware analysis:C2CProject in malware analysis:C2C
Project in malware analysis:C2C
 
IRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET- Penetration Testing using Metasploit Framework: An Ethical ApproachIRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
 
IRJET- SDN Multi-Controller based Framework to Detect and Mitigate DDoS i...
IRJET- SDN Multi-Controller based Framework to Detect and Mitigate DDoS i...IRJET- SDN Multi-Controller based Framework to Detect and Mitigate DDoS i...
IRJET- SDN Multi-Controller based Framework to Detect and Mitigate DDoS i...
 
Optimized Intrusion Detection System using Deep Learning Algorithm
Optimized Intrusion Detection System using Deep Learning AlgorithmOptimized Intrusion Detection System using Deep Learning Algorithm
Optimized Intrusion Detection System using Deep Learning Algorithm
 
Deep Learning based Threat / Intrusion detection system
Deep Learning based Threat / Intrusion detection systemDeep Learning based Threat / Intrusion detection system
Deep Learning based Threat / Intrusion detection system
 
Design and Implementation of Artificial Immune System for Detecting Flooding ...
Design and Implementation of Artificial Immune System for Detecting Flooding ...Design and Implementation of Artificial Immune System for Detecting Flooding ...
Design and Implementation of Artificial Immune System for Detecting Flooding ...
 
SECURITY THREATS IN SENSOR NETWORK IN IOT: A SURVEY
SECURITY THREATS IN SENSOR NETWORK IN IOT: A SURVEYSECURITY THREATS IN SENSOR NETWORK IN IOT: A SURVEY
SECURITY THREATS IN SENSOR NETWORK IN IOT: A SURVEY
 
Ijnsa050214
Ijnsa050214Ijnsa050214
Ijnsa050214
 
Deep learning approach for network intrusion detection system
Deep learning approach for network intrusion detection systemDeep learning approach for network intrusion detection system
Deep learning approach for network intrusion detection system
 
Cloudslam09:Building a Cloud Computing Analysis System for Intrusion Detection
Cloudslam09:Building a Cloud Computing Analysis System for Intrusion DetectionCloudslam09:Building a Cloud Computing Analysis System for Intrusion Detection
Cloudslam09:Building a Cloud Computing Analysis System for Intrusion Detection
 

Viewers also liked

Qué Es Internet
Qué Es InternetQué Es Internet
Qué Es Internetlaura.com
 
Perfil NicoláS GonzáLez
Perfil NicoláS GonzáLezPerfil NicoláS GonzáLez
Perfil NicoláS GonzáLezSusana Micheli
 
Maramaro Rodriguez Ramirez Zabala
Maramaro Rodriguez Ramirez ZabalaMaramaro Rodriguez Ramirez Zabala
Maramaro Rodriguez Ramirez ZabalaSusana Micheli
 
Apresentacao Positioning 20062007
Apresentacao Positioning 20062007Apresentacao Positioning 20062007
Apresentacao Positioning 20062007thiagoliveira
 

Viewers also liked (6)

Qué Es Internet
Qué Es InternetQué Es Internet
Qué Es Internet
 
Soundplanning community
Soundplanning communitySoundplanning community
Soundplanning community
 
Perfil NicoláS GonzáLez
Perfil NicoláS GonzáLezPerfil NicoláS GonzáLez
Perfil NicoláS GonzáLez
 
Maramaro Rodriguez Ramirez Zabala
Maramaro Rodriguez Ramirez ZabalaMaramaro Rodriguez Ramirez Zabala
Maramaro Rodriguez Ramirez Zabala
 
Apresentacao Positioning 20062007
Apresentacao Positioning 20062007Apresentacao Positioning 20062007
Apresentacao Positioning 20062007
 
Solsticio Invierno 2007
Solsticio Invierno 2007Solsticio Invierno 2007
Solsticio Invierno 2007
 

Similar to Finding Diversity In Remote Code Injection Exploits

1Buttercup On Network-based Detection of Polymorphic B.docx
1Buttercup On Network-based Detection of Polymorphic B.docx 1Buttercup On Network-based Detection of Polymorphic B.docx
1Buttercup On Network-based Detection of Polymorphic B.docxaryan532920
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
Report on hacking blind
Report on hacking blindReport on hacking blind
Report on hacking blindNikitaAndhale
 
Layered approach using conditional random fields for intrusion detection (syn...
Layered approach using conditional random fields for intrusion detection (syn...Layered approach using conditional random fields for intrusion detection (syn...
Layered approach using conditional random fields for intrusion detection (syn...Mumbai Academisc
 
A fast static analysis approach to detect exploit code inside network flows
A fast static analysis approach to detect exploit code inside network flowsA fast static analysis approach to detect exploit code inside network flows
A fast static analysis approach to detect exploit code inside network flowsUltraUploader
 
Iaetsd secure data dissemination based on
Iaetsd secure data dissemination based onIaetsd secure data dissemination based on
Iaetsd secure data dissemination based onIaetsd Iaetsd
 
RTOS BASED SECURE SHORTEST PATH ROUTING ALGORITHM IN MOBILE AD- HOC NETWORKS
RTOS BASED SECURE SHORTEST PATH ROUTING ALGORITHM IN MOBILE AD- HOC NETWORKSRTOS BASED SECURE SHORTEST PATH ROUTING ALGORITHM IN MOBILE AD- HOC NETWORKS
RTOS BASED SECURE SHORTEST PATH ROUTING ALGORITHM IN MOBILE AD- HOC NETWORKSIJNSA Journal
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacksKapil Nagrale
 
DTADA: Distributed Trusted Agent Based Detection Approach For Doline And Sen...
DTADA: Distributed Trusted Agent Based Detection Approach For Doline And Sen...DTADA: Distributed Trusted Agent Based Detection Approach For Doline And Sen...
DTADA: Distributed Trusted Agent Based Detection Approach For Doline And Sen...IOSR Journals
 
Wireless sensor Network using Zero Knowledge Protocol ppt
Wireless sensor Network using Zero Knowledge Protocol pptWireless sensor Network using Zero Knowledge Protocol ppt
Wireless sensor Network using Zero Knowledge Protocol pptsofiakhatoon
 
Detection and localization of multiple spoofing attackers in wireless networks
Detection and localization of multiple spoofing attackers in wireless networksDetection and localization of multiple spoofing attackers in wireless networks
Detection and localization of multiple spoofing attackers in wireless networksEcwayt
 
Detection and localization of multiple spoofing attackers in wireless networks
Detection and localization of multiple spoofing attackers in wireless networksDetection and localization of multiple spoofing attackers in wireless networks
Detection and localization of multiple spoofing attackers in wireless networksEcwayt
 
Dotnet detection and localization of multiple spoofing attackers in wireless...
Dotnet detection and localization of multiple spoofing attackers in wireless...Dotnet detection and localization of multiple spoofing attackers in wireless...
Dotnet detection and localization of multiple spoofing attackers in wireless...Ecwaytech
 
Detection and localization of multiple spoofing attackers in wireless networks
Detection and localization of multiple spoofing attackers in wireless networksDetection and localization of multiple spoofing attackers in wireless networks
Detection and localization of multiple spoofing attackers in wireless networksecwayprojects
 
Dotnet detection and localization of multiple spoofing attackers in wireless...
Dotnet detection and localization of multiple spoofing attackers in wireless...Dotnet detection and localization of multiple spoofing attackers in wireless...
Dotnet detection and localization of multiple spoofing attackers in wireless...Ecwayt
 
10. sig free a signature free buffer overflow attack blocker
10. sig free a signature free buffer overflow attack blocker10. sig free a signature free buffer overflow attack blocker
10. sig free a signature free buffer overflow attack blockerakila_mano
 
Wireless Network Security Software Wireless Network Security Software
Wireless Network Security Software Wireless Network Security SoftwareWireless Network Security Software Wireless Network Security Software
Wireless Network Security Software Wireless Network Security SoftwareBRNSSPublicationHubI
 
Sdn pres v2-Software-defined networks
Sdn pres v2-Software-defined networksSdn pres v2-Software-defined networks
Sdn pres v2-Software-defined networksahmad abdelhafeez
 

Similar to Finding Diversity In Remote Code Injection Exploits (20)

1Buttercup On Network-based Detection of Polymorphic B.docx
1Buttercup On Network-based Detection of Polymorphic B.docx 1Buttercup On Network-based Detection of Polymorphic B.docx
1Buttercup On Network-based Detection of Polymorphic B.docx
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)
 
Report on hacking blind
Report on hacking blindReport on hacking blind
Report on hacking blind
 
Ijetr012045
Ijetr012045Ijetr012045
Ijetr012045
 
Layered approach using conditional random fields for intrusion detection (syn...
Layered approach using conditional random fields for intrusion detection (syn...Layered approach using conditional random fields for intrusion detection (syn...
Layered approach using conditional random fields for intrusion detection (syn...
 
A fast static analysis approach to detect exploit code inside network flows
A fast static analysis approach to detect exploit code inside network flowsA fast static analysis approach to detect exploit code inside network flows
A fast static analysis approach to detect exploit code inside network flows
 
Iaetsd secure data dissemination based on
Iaetsd secure data dissemination based onIaetsd secure data dissemination based on
Iaetsd secure data dissemination based on
 
RTOS BASED SECURE SHORTEST PATH ROUTING ALGORITHM IN MOBILE AD- HOC NETWORKS
RTOS BASED SECURE SHORTEST PATH ROUTING ALGORITHM IN MOBILE AD- HOC NETWORKSRTOS BASED SECURE SHORTEST PATH ROUTING ALGORITHM IN MOBILE AD- HOC NETWORKS
RTOS BASED SECURE SHORTEST PATH ROUTING ALGORITHM IN MOBILE AD- HOC NETWORKS
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacks
 
DTADA: Distributed Trusted Agent Based Detection Approach For Doline And Sen...
DTADA: Distributed Trusted Agent Based Detection Approach For Doline And Sen...DTADA: Distributed Trusted Agent Based Detection Approach For Doline And Sen...
DTADA: Distributed Trusted Agent Based Detection Approach For Doline And Sen...
 
Wireless sensor Network using Zero Knowledge Protocol ppt
Wireless sensor Network using Zero Knowledge Protocol pptWireless sensor Network using Zero Knowledge Protocol ppt
Wireless sensor Network using Zero Knowledge Protocol ppt
 
Detection and localization of multiple spoofing attackers in wireless networks
Detection and localization of multiple spoofing attackers in wireless networksDetection and localization of multiple spoofing attackers in wireless networks
Detection and localization of multiple spoofing attackers in wireless networks
 
Detection and localization of multiple spoofing attackers in wireless networks
Detection and localization of multiple spoofing attackers in wireless networksDetection and localization of multiple spoofing attackers in wireless networks
Detection and localization of multiple spoofing attackers in wireless networks
 
Dotnet detection and localization of multiple spoofing attackers in wireless...
Dotnet detection and localization of multiple spoofing attackers in wireless...Dotnet detection and localization of multiple spoofing attackers in wireless...
Dotnet detection and localization of multiple spoofing attackers in wireless...
 
Detection and localization of multiple spoofing attackers in wireless networks
Detection and localization of multiple spoofing attackers in wireless networksDetection and localization of multiple spoofing attackers in wireless networks
Detection and localization of multiple spoofing attackers in wireless networks
 
Dotnet detection and localization of multiple spoofing attackers in wireless...
Dotnet detection and localization of multiple spoofing attackers in wireless...Dotnet detection and localization of multiple spoofing attackers in wireless...
Dotnet detection and localization of multiple spoofing attackers in wireless...
 
Detection of Self-Disciplinary Worms
Detection of Self-Disciplinary WormsDetection of Self-Disciplinary Worms
Detection of Self-Disciplinary Worms
 
10. sig free a signature free buffer overflow attack blocker
10. sig free a signature free buffer overflow attack blocker10. sig free a signature free buffer overflow attack blocker
10. sig free a signature free buffer overflow attack blocker
 
Wireless Network Security Software Wireless Network Security Software
Wireless Network Security Software Wireless Network Security SoftwareWireless Network Security Software Wireless Network Security Software
Wireless Network Security Software Wireless Network Security Software
 
Sdn pres v2-Software-defined networks
Sdn pres v2-Software-defined networksSdn pres v2-Software-defined networks
Sdn pres v2-Software-defined networks
 

More from amiable_indian

Phishing As Tragedy of the Commons
Phishing As Tragedy of the CommonsPhishing As Tragedy of the Commons
Phishing As Tragedy of the Commonsamiable_indian
 
Cisco IOS Attack & Defense - The State of the Art
Cisco IOS Attack & Defense - The State of the Art Cisco IOS Attack & Defense - The State of the Art
Cisco IOS Attack & Defense - The State of the Art amiable_indian
 
Secrets of Top Pentesters
Secrets of Top PentestersSecrets of Top Pentesters
Secrets of Top Pentestersamiable_indian
 
Workshop on Wireless Security
Workshop on Wireless SecurityWorkshop on Wireless Security
Workshop on Wireless Securityamiable_indian
 
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...amiable_indian
 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CDamiable_indian
 
Reverse Engineering for exploit writers
Reverse Engineering for exploit writersReverse Engineering for exploit writers
Reverse Engineering for exploit writersamiable_indian
 
State of Cyber Law in India
State of Cyber Law in IndiaState of Cyber Law in India
State of Cyber Law in Indiaamiable_indian
 
AntiSpam - Understanding the good, the bad and the ugly
AntiSpam - Understanding the good, the bad and the uglyAntiSpam - Understanding the good, the bad and the ugly
AntiSpam - Understanding the good, the bad and the uglyamiable_indian
 
Reverse Engineering v/s Secure Coding
Reverse Engineering v/s Secure CodingReverse Engineering v/s Secure Coding
Reverse Engineering v/s Secure Codingamiable_indian
 
Network Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons LearnedNetwork Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons Learnedamiable_indian
 
Economic offenses through Credit Card Frauds Dissected
Economic offenses through Credit Card Frauds DissectedEconomic offenses through Credit Card Frauds Dissected
Economic offenses through Credit Card Frauds Dissectedamiable_indian
 
Immune IT: Moving from Security to Immunity
Immune IT: Moving from Security to ImmunityImmune IT: Moving from Security to Immunity
Immune IT: Moving from Security to Immunityamiable_indian
 
Reverse Engineering for exploit writers
Reverse Engineering for exploit writersReverse Engineering for exploit writers
Reverse Engineering for exploit writersamiable_indian
 
Hacking Client Side Insecurities
Hacking Client Side InsecuritiesHacking Client Side Insecurities
Hacking Client Side Insecuritiesamiable_indian
 
Web Exploit Finder Presentation
Web Exploit Finder PresentationWeb Exploit Finder Presentation
Web Exploit Finder Presentationamiable_indian
 
Network Security Data Visualization
Network Security Data VisualizationNetwork Security Data Visualization
Network Security Data Visualizationamiable_indian
 
Enhancing Computer Security via End-to-End Communication Visualization
Enhancing Computer Security via End-to-End Communication Visualization Enhancing Computer Security via End-to-End Communication Visualization
Enhancing Computer Security via End-to-End Communication Visualization amiable_indian
 
Top Network Vulnerabilities Over Time
Top Network Vulnerabilities Over TimeTop Network Vulnerabilities Over Time
Top Network Vulnerabilities Over Timeamiable_indian
 
What are the Business Security Metrics?
What are the Business Security Metrics? What are the Business Security Metrics?
What are the Business Security Metrics? amiable_indian
 

More from amiable_indian (20)

Phishing As Tragedy of the Commons
Phishing As Tragedy of the CommonsPhishing As Tragedy of the Commons
Phishing As Tragedy of the Commons
 
Cisco IOS Attack & Defense - The State of the Art
Cisco IOS Attack & Defense - The State of the Art Cisco IOS Attack & Defense - The State of the Art
Cisco IOS Attack & Defense - The State of the Art
 
Secrets of Top Pentesters
Secrets of Top PentestersSecrets of Top Pentesters
Secrets of Top Pentesters
 
Workshop on Wireless Security
Workshop on Wireless SecurityWorkshop on Wireless Security
Workshop on Wireless Security
 
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CD
 
Reverse Engineering for exploit writers
Reverse Engineering for exploit writersReverse Engineering for exploit writers
Reverse Engineering for exploit writers
 
State of Cyber Law in India
State of Cyber Law in IndiaState of Cyber Law in India
State of Cyber Law in India
 
AntiSpam - Understanding the good, the bad and the ugly
AntiSpam - Understanding the good, the bad and the uglyAntiSpam - Understanding the good, the bad and the ugly
AntiSpam - Understanding the good, the bad and the ugly
 
Reverse Engineering v/s Secure Coding
Reverse Engineering v/s Secure CodingReverse Engineering v/s Secure Coding
Reverse Engineering v/s Secure Coding
 
Network Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons LearnedNetwork Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons Learned
 
Economic offenses through Credit Card Frauds Dissected
Economic offenses through Credit Card Frauds DissectedEconomic offenses through Credit Card Frauds Dissected
Economic offenses through Credit Card Frauds Dissected
 
Immune IT: Moving from Security to Immunity
Immune IT: Moving from Security to ImmunityImmune IT: Moving from Security to Immunity
Immune IT: Moving from Security to Immunity
 
Reverse Engineering for exploit writers
Reverse Engineering for exploit writersReverse Engineering for exploit writers
Reverse Engineering for exploit writers
 
Hacking Client Side Insecurities
Hacking Client Side InsecuritiesHacking Client Side Insecurities
Hacking Client Side Insecurities
 
Web Exploit Finder Presentation
Web Exploit Finder PresentationWeb Exploit Finder Presentation
Web Exploit Finder Presentation
 
Network Security Data Visualization
Network Security Data VisualizationNetwork Security Data Visualization
Network Security Data Visualization
 
Enhancing Computer Security via End-to-End Communication Visualization
Enhancing Computer Security via End-to-End Communication Visualization Enhancing Computer Security via End-to-End Communication Visualization
Enhancing Computer Security via End-to-End Communication Visualization
 
Top Network Vulnerabilities Over Time
Top Network Vulnerabilities Over TimeTop Network Vulnerabilities Over Time
Top Network Vulnerabilities Over Time
 
What are the Business Security Metrics?
What are the Business Security Metrics? What are the Business Security Metrics?
What are the Business Security Metrics?
 

Recently uploaded

How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 

Recently uploaded (20)

How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 

Finding Diversity In Remote Code Injection Exploits

  • 1. Finding Diversity in Remote Code Injection Exploits Justin Ma , John Dunagan , Helen J. Wang , Stefan Savage , Geoffrey M. Voelker University of California, San Diego Microsoft Research Internet Measurement Conference 2006
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7. Stack Buffer Overflow Simple example of a remote stack-based buffer overflow. The shaded regions represent the shellcode of the exploit as sent over network packets, then as injected into the vulnerable buffer of the target host. The return address has been overwritten with injected data, thereby redirecting the execution flow to the shellcode residing in the vulnerable buffer .
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.
  • 20.
  • 21. LSASS (cont’d) Exedit Edit structural Not fundamental to the code Ignores subtle differences between shellcodes
  • 22.
  • 23. LSASS (cont’d) - Prevalence
  • 24.
  • 25.
  • 26. ISystemActivator 4-byte decoding key Kernel-address loading function Function-finding block 4-byte encoding key Kernel base loader Function finder
  • 27. ISystemActivator largest payload length and its flow of execution was the most complicated
  • 28.
  • 29. ISystemActivator Different instructions in parts, otherwise very similar
  • 30. ISystemActivator “ Bind” version required the newly-infected host to bind on a socket and wait for a connection attempt from the infecting host “ Connect-back” version required the newly-infected host to connect back to the infecting host Interestingly, the number of iterations in ISys-3’s loop overshoots the exploit payload. Thus, it seems that either ISys-2 was a refinement of ISys-3, or that ISys-3 was a poor imitation of ISys-2.
  • 32.
  • 33.
  • 34.
  • 35. Diversity Across Vulnerabilities (cont’d) Dendrogram for the LBL trace exploits using exedit distance. The 1st set of hash marks just below 0% represent ISystemActivator, the 2nd represent LSASS, the 3rd represent PNP, and the 4th represent RemoteActivation.
  • 36. Diversity Across Vulnerabilities (cont’d) Multi-vector family
  • 37.
  • 38.