SlideShare a Scribd company logo

Buffer Overflow by SecArmour

Download as PPTX, PDF
Sec Armour
Sec Armour

A buffer overflow occurs when a program or process tries to store more data than it was intended for. Buffer is a sequential section of memory allocated to contain anything from a character string to an array of integers. Writing outside the bounds of a block of allocated memory can corrupt data, crash the program, or cause the execution of malicious code.

Technology
1 of 16
SECURITY BEYOND COMPARE
Buffer Overflow  Technique to force execution of malicious code with unauthorized privileges – launch a command shell – search local disk or network for sensitive data – register with command and control network as a zombie  Can be applied both locally and remotely  Attack technique is independent of machine  architecture and operating system  Can be tricky to execute, but extremely effective
Layout Of Stack  Grows from high-end address to low-end address (buffer grows from low-end address to high-end address);  Return Address- When a function returns, the instructions pointed by it will be executed;  Stack Frame pointer(esp)- is used to reference to local variables and function parameters.
Layout of the Virtual Space of a Process The layout of the virtual space of a process in Linux
Example low-end address esp int cal(int a, int b) { int c; c = a + b; return c; } int main () { int d; d = cal(1, 2); printf("%dn", d); return; } c ebp previous ebp retaddr(0x0804822) a(1) b(2) Stack high-end address
Shell code  Shellcode is defined as a set of instructions which is injected and then is executed by an exploited program;  Shellcode is used to directly manipulate registers and the function of a program;  Most of shellcodes use system call to do malicious behaviors;  System calls is a set of functions which allow you to access operating system-specific functions such as getting input, producing output, exiting a process;
How to prevent stack buffer overflow?  Stack Guard  In a stack , a canary word is placed after return address whenever a function is called;  The canary will be checked before the function returns. If value of canary is changed , then it indicates an malicious behavior. Local Variables Lower address Old Base Pointer Canary Value ReturnAddres Arguments Higher address Unix Stack Frame
Cont.  Non-Executable stack;  Return-to-libc exploitation might occur  Randomization.
Buffer Overflow by SecArmour
Buffer Overflow by SecArmour

Recommended

The Casting Demonstrator. Using the Raspberry Pi for graphics and simulated f...
The Casting Demonstrator. Using the Raspberry Pi for graphics and simulated f...The Casting Demonstrator. Using the Raspberry Pi for graphics and simulated f...
The Casting Demonstrator. Using the Raspberry Pi for graphics and simulated f...
InfinIT - Innovationsnetværket for it
 
0.5mln packets per second with Erlang
0.5mln packets per second with Erlang0.5mln packets per second with Erlang
0.5mln packets per second with Erlang
Maxim Kharchenko
 
Memory reference
Memory referenceMemory reference
Memory reference
rajshreemuthiah
 
System design uml
System design umlSystem design uml
System design umlkeerthisudha
 
Compiler design
Compiler designCompiler design
Compiler designShashwat Shriparv
 
Stack & heap
Stack & heap Stack & heap
Stack & heap Shajahan T S Shah
 
Presentation Virus (salami attack and trojan horse)
Presentation Virus (salami attack and trojan horse)Presentation Virus (salami attack and trojan horse)
Presentation Virus (salami attack and trojan horse)siti zulaikha
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
tejaspaliya
 

Recommended

The Casting Demonstrator. Using the Raspberry Pi for graphics and simulated f...
The Casting Demonstrator. Using the Raspberry Pi for graphics and simulated f...The Casting Demonstrator. Using the Raspberry Pi for graphics and simulated f...
The Casting Demonstrator. Using the Raspberry Pi for graphics and simulated f...
InfinIT - Innovationsnetværket for it
 
0.5mln packets per second with Erlang
0.5mln packets per second with Erlang0.5mln packets per second with Erlang
0.5mln packets per second with Erlang
Maxim Kharchenko
 
Memory reference
Memory referenceMemory reference
Memory reference
rajshreemuthiah
 
System design uml
System design umlSystem design uml
System design umlkeerthisudha
 
Compiler design
Compiler designCompiler design
Compiler designShashwat Shriparv
 
Stack & heap
Stack & heap Stack & heap
Stack & heap Shajahan T S Shah
 
Presentation Virus (salami attack and trojan horse)
Presentation Virus (salami attack and trojan horse)Presentation Virus (salami attack and trojan horse)
Presentation Virus (salami attack and trojan horse)siti zulaikha
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
tejaspaliya
 
Virus
VirusVirus
Virus
Mukul Kumar
 
Virus (Trojan Horse and Salami Attack)
Virus (Trojan Horse and Salami Attack)Virus (Trojan Horse and Salami Attack)
Virus (Trojan Horse and Salami Attack)
Abdulkarim Zakaria
 
An Introduction of SQL Injection, Buffer Overflow & Wireless Attack
An Introduction of SQL Injection, Buffer Overflow & Wireless AttackAn Introduction of SQL Injection, Buffer Overflow & Wireless Attack
An Introduction of SQL Injection, Buffer Overflow & Wireless Attack
TechSecIT
 
Buffer overflow
Buffer overflowBuffer overflow
Buffer overflow
Evgeni Tsonev
 
Window architecture
Window architecture Window architecture
Window architecture
IGZ Software house
 
Trojan Horse Presentation
Trojan Horse PresentationTrojan Horse Presentation
Trojan Horse Presentationikmal91
 
Buffer Overflow - Smashing the Stack
Buffer Overflow - Smashing the StackBuffer Overflow - Smashing the Stack
Buffer Overflow - Smashing the Stack
ironSource
 
Buffer overflow – Smashing The Stack
Buffer overflow – Smashing The StackBuffer overflow – Smashing The Stack
Buffer overflow – Smashing The Stack
Tomer Zait
 
Offensive cyber security: Smashing the stack with Python
Offensive cyber security: Smashing the stack with PythonOffensive cyber security: Smashing the stack with Python
Offensive cyber security: Smashing the stack with Python
Malachi Jones
 
Linux Networking Commands
Linux Networking CommandsLinux Networking Commands
Linux Networking Commands
tmavroidis
 
Code Red Security
Code Red SecurityCode Red Security
Code Red Security
Amr Ali
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacks
Kapil Nagrale
 
Dc 12 Chiueh
Dc 12 ChiuehDc 12 Chiueh
Dc 12 Chiuehwollard
 
Reversing malware analysis training part4 assembly programming basics
Reversing malware analysis training part4 assembly programming basicsReversing malware analysis training part4 assembly programming basics
Reversing malware analysis training part4 assembly programming basics
Cysinfo Cyber Security Community
 
The Best Programming Practice for Cell/B.E.
The Best Programming Practice for Cell/B.E.The Best Programming Practice for Cell/B.E.
The Best Programming Practice for Cell/B.E.
Slide_N
 
Software Security
Software SecuritySoftware Security
Software Security
Roman Oliynykov
 
Chapter Seven(1)
Chapter Seven(1)Chapter Seven(1)
Chapter Seven(1)bolovv
 
Buffer Overflow Demo by Saurabh Sharma
Buffer Overflow Demo by Saurabh SharmaBuffer Overflow Demo by Saurabh Sharma
Buffer Overflow Demo by Saurabh Sharma
n|u - The Open Security Community
 
Reversing & malware analysis training part 4 assembly programming basics
Reversing & malware analysis training part 4 assembly programming basics Reversing & malware analysis training part 4 assembly programming basics
Reversing & malware analysis training part 4 assembly programming basics Abdulrahman Bassam
 
BioMake BOSC 2004
BioMake BOSC 2004BioMake BOSC 2004
BioMake BOSC 2004
Chris Mungall
 
Smash the Stack: Writing a Buffer Overflow Exploit (Win32)
Smash the Stack: Writing a Buffer Overflow Exploit (Win32)Smash the Stack: Writing a Buffer Overflow Exploit (Win32)
Smash the Stack: Writing a Buffer Overflow Exploit (Win32)
Elvin Gentiles
 
Shellcode injection
Shellcode injectionShellcode injection
Shellcode injection
Dhaval Kapil
 

More Related Content

Viewers also liked

Virus
VirusVirus
Virus
Mukul Kumar
 
Virus (Trojan Horse and Salami Attack)
Virus (Trojan Horse and Salami Attack)Virus (Trojan Horse and Salami Attack)
Virus (Trojan Horse and Salami Attack)
Abdulkarim Zakaria
 
An Introduction of SQL Injection, Buffer Overflow & Wireless Attack
An Introduction of SQL Injection, Buffer Overflow & Wireless AttackAn Introduction of SQL Injection, Buffer Overflow & Wireless Attack
An Introduction of SQL Injection, Buffer Overflow & Wireless Attack
TechSecIT
 
Buffer overflow
Buffer overflowBuffer overflow
Buffer overflow
Evgeni Tsonev
 
Window architecture
Window architecture Window architecture
Window architecture
IGZ Software house
 
Trojan Horse Presentation
Trojan Horse PresentationTrojan Horse Presentation
Trojan Horse Presentationikmal91
 

Viewers also liked (6)

Virus
VirusVirus
Virus
 
Virus (Trojan Horse and Salami Attack)
Virus (Trojan Horse and Salami Attack)Virus (Trojan Horse and Salami Attack)
Virus (Trojan Horse and Salami Attack)
 
An Introduction of SQL Injection, Buffer Overflow & Wireless Attack
An Introduction of SQL Injection, Buffer Overflow & Wireless AttackAn Introduction of SQL Injection, Buffer Overflow & Wireless Attack
An Introduction of SQL Injection, Buffer Overflow & Wireless Attack
 
Buffer overflow
Buffer overflowBuffer overflow
Buffer overflow
 
Window architecture
Window architecture Window architecture
Window architecture
 
Trojan Horse Presentation
Trojan Horse PresentationTrojan Horse Presentation
Trojan Horse Presentation
 

Similar to Buffer Overflow by SecArmour

Buffer Overflow - Smashing the Stack
Buffer Overflow - Smashing the StackBuffer Overflow - Smashing the Stack
Buffer Overflow - Smashing the Stack
ironSource
 
Buffer overflow – Smashing The Stack
Buffer overflow – Smashing The StackBuffer overflow – Smashing The Stack
Buffer overflow – Smashing The Stack
Tomer Zait
 
Offensive cyber security: Smashing the stack with Python
Offensive cyber security: Smashing the stack with PythonOffensive cyber security: Smashing the stack with Python
Offensive cyber security: Smashing the stack with Python
Malachi Jones
 
Linux Networking Commands
Linux Networking CommandsLinux Networking Commands
Linux Networking Commands
tmavroidis
 
Code Red Security
Code Red SecurityCode Red Security
Code Red Security
Amr Ali
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacks
Kapil Nagrale
 
Dc 12 Chiueh
Dc 12 ChiuehDc 12 Chiueh
Dc 12 Chiuehwollard
 
Reversing malware analysis training part4 assembly programming basics
Reversing malware analysis training part4 assembly programming basicsReversing malware analysis training part4 assembly programming basics
Reversing malware analysis training part4 assembly programming basics
Cysinfo Cyber Security Community
 
The Best Programming Practice for Cell/B.E.
The Best Programming Practice for Cell/B.E.The Best Programming Practice for Cell/B.E.
The Best Programming Practice for Cell/B.E.
Slide_N
 
Software Security
Software SecuritySoftware Security
Software Security
Roman Oliynykov
 
Chapter Seven(1)
Chapter Seven(1)Chapter Seven(1)
Chapter Seven(1)bolovv
 
Buffer Overflow Demo by Saurabh Sharma
Buffer Overflow Demo by Saurabh SharmaBuffer Overflow Demo by Saurabh Sharma
Buffer Overflow Demo by Saurabh Sharma
n|u - The Open Security Community
 
Reversing & malware analysis training part 4 assembly programming basics
Reversing & malware analysis training part 4 assembly programming basics Reversing & malware analysis training part 4 assembly programming basics
Reversing & malware analysis training part 4 assembly programming basics Abdulrahman Bassam
 
BioMake BOSC 2004
BioMake BOSC 2004BioMake BOSC 2004
BioMake BOSC 2004
Chris Mungall
 
Smash the Stack: Writing a Buffer Overflow Exploit (Win32)
Smash the Stack: Writing a Buffer Overflow Exploit (Win32)Smash the Stack: Writing a Buffer Overflow Exploit (Win32)
Smash the Stack: Writing a Buffer Overflow Exploit (Win32)
Elvin Gentiles
 
Shellcode injection
Shellcode injectionShellcode injection
Shellcode injection
Dhaval Kapil
 
Low Level Exploits
Low Level ExploitsLow Level Exploits
Low Level Exploitshughpearse
 
Exploits
ExploitsExploits
ExploitsKen Sai
 
Buffer overflow attack
Buffer overflow attackBuffer overflow attack
Buffer overflow attack
Prithiviraj Prithiviraj
 

Similar to Buffer Overflow by SecArmour (20)

Buffer Overflow - Smashing the Stack
Buffer Overflow - Smashing the StackBuffer Overflow - Smashing the Stack
Buffer Overflow - Smashing the Stack
 
Buffer overflow – Smashing The Stack
Buffer overflow – Smashing The StackBuffer overflow – Smashing The Stack
Buffer overflow – Smashing The Stack
 
Offensive cyber security: Smashing the stack with Python
Offensive cyber security: Smashing the stack with PythonOffensive cyber security: Smashing the stack with Python
Offensive cyber security: Smashing the stack with Python
 
Linux Networking Commands
Linux Networking CommandsLinux Networking Commands
Linux Networking Commands
 
Code Red Security
Code Red SecurityCode Red Security
Code Red Security
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacks
 
Dc 12 Chiueh
Dc 12 ChiuehDc 12 Chiueh
Dc 12 Chiueh
 
Reversing malware analysis training part4 assembly programming basics
Reversing malware analysis training part4 assembly programming basicsReversing malware analysis training part4 assembly programming basics
Reversing malware analysis training part4 assembly programming basics
 
The Best Programming Practice for Cell/B.E.
The Best Programming Practice for Cell/B.E.The Best Programming Practice for Cell/B.E.
The Best Programming Practice for Cell/B.E.
 
Software Security
Software SecuritySoftware Security
Software Security
 
Chapter Seven(1)
Chapter Seven(1)Chapter Seven(1)
Chapter Seven(1)
 
Buffer Overflow Demo by Saurabh Sharma
Buffer Overflow Demo by Saurabh SharmaBuffer Overflow Demo by Saurabh Sharma
Buffer Overflow Demo by Saurabh Sharma
 
Reversing & malware analysis training part 4 assembly programming basics
Reversing & malware analysis training part 4 assembly programming basics Reversing & malware analysis training part 4 assembly programming basics
Reversing & malware analysis training part 4 assembly programming basics
 
BioMake BOSC 2004
BioMake BOSC 2004BioMake BOSC 2004
BioMake BOSC 2004
 
Smash the Stack: Writing a Buffer Overflow Exploit (Win32)
Smash the Stack: Writing a Buffer Overflow Exploit (Win32)Smash the Stack: Writing a Buffer Overflow Exploit (Win32)
Smash the Stack: Writing a Buffer Overflow Exploit (Win32)
 
Shellcode injection
Shellcode injectionShellcode injection
Shellcode injection
 
Low Level Exploits
Low Level ExploitsLow Level Exploits
Low Level Exploits
 
Exploits
ExploitsExploits
Exploits
 
Buffer overflow attack
Buffer overflow attackBuffer overflow attack
Buffer overflow attack
 
Local Exploits
Local ExploitsLocal Exploits
Local Exploits
 

Recently uploaded

UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
g2nightmarescribd
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
RTTS
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
Frank van Harmelen
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 

Recently uploaded (20)

UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 

Buffer Overflow by SecArmour

  • 2.
  • 3. Buffer Overflow  Technique to force execution of malicious code with unauthorized privileges – launch a command shell – search local disk or network for sensitive data – register with command and control network as a zombie  Can be applied both locally and remotely  Attack technique is independent of machine  architecture and operating system  Can be tricky to execute, but extremely effective
  • 4. Layout Of Stack  Grows from high-end address to low-end address (buffer grows from low-end address to high-end address);  Return Address- When a function returns, the instructions pointed by it will be executed;  Stack Frame pointer(esp)- is used to reference to local variables and function parameters.
  • 5. Layout of the Virtual Space of a Process The layout of the virtual space of a process in Linux
  • 6. Example low-end address esp int cal(int a, int b) { int c; c = a + b; return c; } int main () { int d; d = cal(1, 2); printf("%dn", d); return; } c ebp previous ebp retaddr(0x0804822) a(1) b(2) Stack high-end address
  • 7.
  • 8.
  • 9.
  • 10. Shell code  Shellcode is defined as a set of instructions which is injected and then is executed by an exploited program;  Shellcode is used to directly manipulate registers and the function of a program;  Most of shellcodes use system call to do malicious behaviors;  System calls is a set of functions which allow you to access operating system-specific functions such as getting input, producing output, exiting a process;
  • 11.
  • 12.
  • 13. How to prevent stack buffer overflow?  Stack Guard  In a stack , a canary word is placed after return address whenever a function is called;  The canary will be checked before the function returns. If value of canary is changed , then it indicates an malicious behavior. Local Variables Lower address Old Base Pointer Canary Value ReturnAddres Arguments Higher address Unix Stack Frame
  • 14. Cont.  Non-Executable stack;  Return-to-libc exploitation might occur  Randomization.