Mehdi Esmaeilpour, profile picture
Uploaded byMehdi Esmaeilpour
ODP, PPTX197 views

Simple Buffer overflow

The document discusses buffer overflow bugs and provides a simple example of exploiting one. It begins with defining key terms like vulnerability, exploit, patch, and zero-day exploit. It then explains what a buffer overflow is - when a program writing data to a buffer overruns its boundary and overwrites adjacent memory locations. The document demonstrates a real-world example program that causes a crash due to a buffer overflow and how that overflow could be exploited. It concludes with some useful resources for further information.

Software
Related topics:
Software Security

Embed presentation

Download as ODP, PPTX
Buffer Overflow Bugs And Simple Example of Exploiting Mehdi Esmaeilpour University of Applied Science and Technology
2 Contents ● Some Keywords ● Memory Space ● Simple Example of Buffer Overflow Bug ● Simple Example of BOF Exploits ● Useful Resources
3 Some Keywords ● Bug or Vulnerability ● Exploit ● Patch ● 0day Exploit (zero day exploit) ● Buffer Overflow
4 Bug or Vulnerability ● A vulnerability is a hole or a weakness in the application, which can be a design flaw or an implementation bug, that allows an attacker to cause harm to the stakeholders of an application
5 Exploit ● An exploit is a piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic (usually computerized).Such behavior frequently includes things like gaining control of a computer system, allowing privilege escalation, or a denial-of-service (DoS or related DDoS) attack.
6 Patch ● A patch is a piece of software designed to update a computer program or its supporting data, to fix or improve it.This includes fixing security vulnerabilities and other bugs, with such patches usually called bugfixes or bug fixes, and improving the usability or performance.
7 0day Exploit or Bug ● A zero-day (also known as zero-hour or 0-day or day zero) vulnerability is an undisclosed computer-software vulnerability that hackers can exploit to adversely affect computer programs, data, additional computers or a network
8 Buffer Overflow ● In computer security and programming, a buffer overflow, or buffer overrun, is an anomaly where a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory locations.
9 Real World Example of Overflow
10 Example program + crash LIVE
11 Exploiting LIV E
12 Memory Space – Layout of C Program Stack => LIFO %EIP %ESP %EBP common registers
13 Resources ● https://www.corelan.be ● https://www.exploit-db.com ● http://shell-storm.org/shellcode ● http://www.securitytube-training.com ● https://google.com

More Related Content

PDF
Fuzzing with Go-Fuzz
byjnewmano
 
PPTX
Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...
byEC-Council
 
PDF
CNIT 127 Ch 16: Fault Injection and 17: The Art of Fuzzing
bySam Bowne
 
PDF
CNIT 126: 8: Debugging
bySam Bowne
 
PPT
Python for pentesters
byRashid feroz
 
PDF
Practical Malware Analysis: Ch 15: Anti-Disassembly
bySam Bowne
 
PPTX
Concepts of Malicious Windows Programs
byNatraj G
 
PDF
CNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic Analysis
bySam Bowne
 
Fuzzing with Go-Fuzz
byjnewmano
 
Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...
byEC-Council
 
CNIT 127 Ch 16: Fault Injection and 17: The Art of Fuzzing
bySam Bowne
 
CNIT 126: 8: Debugging
bySam Bowne
 
Python for pentesters
byRashid feroz
 
Practical Malware Analysis: Ch 15: Anti-Disassembly
bySam Bowne
 
Concepts of Malicious Windows Programs
byNatraj G
 
CNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic Analysis
bySam Bowne
 

What's hot

PDF
Practical Malware Analysis: Ch 9: OllyDbg
bySam Bowne
 
PDF
CNIT 126 8: Debugging
bySam Bowne
 
PPTX
OpenMetrics: What Does It Mean for You (PromCon 2019, Munich)
byBrian Brazil
 
PPTX
Shamsa altayer
byshamsaot
 
PPTX
Linux binary analysis and exploitation
byDharmalingam Ganesan
 
PDF
National software testing conference 2016 fergal hynes
byFergal Hynes
 
PPTX
Practical Malware Analysis: Ch 2 Malware Analysis in Virtual Machines & 3: Ba...
bySam Bowne
 
PDF
Hacking with Reverse Engineering and Defense against it
byPrakashchand Suthar
 
PPT
Fuzzing 101 Webinar on Zero Day Management
byCodenomicon
 
PPTX
Static Code Analysis
byGeneva, Switzerland
 
PPTX
Debugging with Fiddler
byIdo Flatow
 
PDF
Tricorder: Diagnose and heal your software (without science fiction)
byDavide Tampellini
 
PPTX
Reverse engineering with python
byn|u - The Open Security Community
 
PDF
CNIT 129S Ch 9: Attacking Data Stores (Part 2 of 2)
bySam Bowne
 
Practical Malware Analysis: Ch 9: OllyDbg
bySam Bowne
 
CNIT 126 8: Debugging
bySam Bowne
 
OpenMetrics: What Does It Mean for You (PromCon 2019, Munich)
byBrian Brazil
 
Shamsa altayer
byshamsaot
 
Linux binary analysis and exploitation
byDharmalingam Ganesan
 
National software testing conference 2016 fergal hynes
byFergal Hynes
 
Practical Malware Analysis: Ch 2 Malware Analysis in Virtual Machines & 3: Ba...
bySam Bowne
 
Hacking with Reverse Engineering and Defense against it
byPrakashchand Suthar
 
Fuzzing 101 Webinar on Zero Day Management
byCodenomicon
 
Static Code Analysis
byGeneva, Switzerland
 
Debugging with Fiddler
byIdo Flatow
 
Tricorder: Diagnose and heal your software (without science fiction)
byDavide Tampellini
 
Reverse engineering with python
byn|u - The Open Security Community
 
CNIT 129S Ch 9: Attacking Data Stores (Part 2 of 2)
bySam Bowne
 

Similar to Simple Buffer overflow

PPSX
Ids 008 buffer overflow
byjyoti_lakhani
 
PPTX
Buffer overflow attack
byKrish
 
PPTX
Buffer overflow
byAbu Juha Ahmed Muid
 
PDF
Advanced Arm Exploitation
byHimanshu Khokhar Jaat
 
PDF
Buffer OverFlow Exploit
bySuresh Krishna
 
PDF
What is Remote Buffer Overflow Attack.pdf
byuzair
 
PDF
Lecture #15: Buffer Overflow Attack (Non Malicious Attack)
byDr. Ramchandra Mangrulkar
 
PPTX
antoanthongtin_Lesson 3- Software Security (1).pptx
by23162024
 
DOCX
1Buttercup On Network-based Detection of Polymorphic B.docx
byaryan532920
 
PPTX
Buffer overflow attacks
byKapil Nagrale
 
PPTX
Golf teamlearnerlecture
bykairistiona
 
PPTX
Reversing malware analysis training part10 exploit development basics
byCysinfo Cyber Security Community
 
PDF
An automated approach to fix buffer overflows
byIJECEIAES
 
PDF
Module 20 (buffer overflows)
byWail Hassan
 
PPTX
Exploitation techniques and fuzzing
byPrachi Gulihar
 
PDF
What is a buffer overflow Briefly explain this vulnerability.Briefly .pdf
byfashiodofashion
 
PPTX
Buffer overflow attacks
byJoe McCarthy
 
PPTX
In-the-Wild 0-day Exploits Maddie Stone (@maddiestone) Google Project Zero
byidanbanani1
 
PPTX
fjfh mjgkj jkhglkjh jhlkh lhlkkhl kjhjkhjk
byahmed8790
 
PDF
Advanced Windows Exploitation
byUTD Computer Security Group
 
Ids 008 buffer overflow
byjyoti_lakhani
 
Buffer overflow attack
byKrish
 
Buffer overflow
byAbu Juha Ahmed Muid
 
Advanced Arm Exploitation
byHimanshu Khokhar Jaat
 
Buffer OverFlow Exploit
bySuresh Krishna
 
What is Remote Buffer Overflow Attack.pdf
byuzair
 
Lecture #15: Buffer Overflow Attack (Non Malicious Attack)
byDr. Ramchandra Mangrulkar
 
antoanthongtin_Lesson 3- Software Security (1).pptx
by23162024
 
1Buttercup On Network-based Detection of Polymorphic B.docx
byaryan532920
 
Buffer overflow attacks
byKapil Nagrale
 
Golf teamlearnerlecture
bykairistiona
 
Reversing malware analysis training part10 exploit development basics
byCysinfo Cyber Security Community
 
An automated approach to fix buffer overflows
byIJECEIAES
 
Module 20 (buffer overflows)
byWail Hassan
 
Exploitation techniques and fuzzing
byPrachi Gulihar
 
What is a buffer overflow Briefly explain this vulnerability.Briefly .pdf
byfashiodofashion
 
Buffer overflow attacks
byJoe McCarthy
 
In-the-Wild 0-day Exploits Maddie Stone (@maddiestone) Google Project Zero
byidanbanani1
 
fjfh mjgkj jkhglkjh jhlkh lhlkkhl kjhjkhjk
byahmed8790
 
Advanced Windows Exploitation
byUTD Computer Security Group
 

Recently uploaded

PDF
LogiNext Media Kit & Company Overview 2025
bypriyajoshi2929
 
PDF
SLIDE PROPARTNER SUMMIT 2025 - ITALY.pdf
bygiuo
 
PDF
LogiNext Media Kit & Company Overview 2025
bysanikaroy72
 
PDF
LogiNext Media Kit & Company Overview 2025
bysmritipatil055
 
PDF
How to find your event photos instantly with a selfie using SnapSeek
bySnapSeek.app
 
PPTX
Applicius Technologies: Full Service Overview for Branding, SEO, Web & App De...
byappliciustech
 
PDF
LogiNext Media Kit & Company Overview 2025
bynidhisharmaq7184
 
PDF
Physiotherapist App Development for Modern Rehabilitation
byV3CUBE TECHNOLABS
 
PDF
Pet Care Service App Development Company
byV3CUBE TECHNOLABS
 
PDF
GDG ON CAMPUS NETAJI SUBHASH ENGINEERING COLLEGE BUILDING INTELLIGENT WEB APP...
bydscnsecorg
 
PDF
Manual Testing Still Matters: 7 Areas Where Humans Beat Automation
byKiwiQA Services
 
DOCX
The Rise of Headless CMS in Modern Web Development.docx
bywork4noahmiller
 
PDF
AI-native development: from Prompt to Platform
byMaxim Salnikov
 
PDF
谷歌留痕技术教程[ 𝙩𝙤𝙥 𝟮𝟯𝟯. 𝙘 𝙤𝙢 ]
by6stynggfo
 
PDF
Smart ways to se AI in your business , presentation
byAI n Dot Net
 
PPTX
Windows File System Monitoring Tool Using C and C++
byAkshay Muley
 
PDF
Visualizing Your Data Lake with Grafana - Amsterdam
byImma Valls Bernaus
 
PDF
Why I Volunteer at FOSDEM and You Should Too
byImma Valls Bernaus
 
PDF
Own Your Domain Before It Owns You - Domain Driven Design for Pragmaticians
byPosedio GmbH
 
PDF
Introducing MySQL HeatWave Migration Assistant
byAlexander Hitrov
 
LogiNext Media Kit & Company Overview 2025
bypriyajoshi2929
 
SLIDE PROPARTNER SUMMIT 2025 - ITALY.pdf
bygiuo
 
LogiNext Media Kit & Company Overview 2025
bysanikaroy72
 
LogiNext Media Kit & Company Overview 2025
bysmritipatil055
 
How to find your event photos instantly with a selfie using SnapSeek
bySnapSeek.app
 
Applicius Technologies: Full Service Overview for Branding, SEO, Web & App De...
byappliciustech
 
LogiNext Media Kit & Company Overview 2025
bynidhisharmaq7184
 
Physiotherapist App Development for Modern Rehabilitation
byV3CUBE TECHNOLABS
 
Pet Care Service App Development Company
byV3CUBE TECHNOLABS
 
GDG ON CAMPUS NETAJI SUBHASH ENGINEERING COLLEGE BUILDING INTELLIGENT WEB APP...
bydscnsecorg
 
Manual Testing Still Matters: 7 Areas Where Humans Beat Automation
byKiwiQA Services
 
The Rise of Headless CMS in Modern Web Development.docx
bywork4noahmiller
 
AI-native development: from Prompt to Platform
byMaxim Salnikov
 
谷歌留痕技术教程[ 𝙩𝙤𝙥 𝟮𝟯𝟯. 𝙘 𝙤𝙢 ]
by6stynggfo
 
Smart ways to se AI in your business , presentation
byAI n Dot Net
 
Windows File System Monitoring Tool Using C and C++
byAkshay Muley
 
Visualizing Your Data Lake with Grafana - Amsterdam
byImma Valls Bernaus
 
Why I Volunteer at FOSDEM and You Should Too
byImma Valls Bernaus
 
Own Your Domain Before It Owns You - Domain Driven Design for Pragmaticians
byPosedio GmbH
 
Introducing MySQL HeatWave Migration Assistant
byAlexander Hitrov
 

Simple Buffer overflow

  • 1.
    Buffer Overflow Bugs AndSimple Example of Exploiting Mehdi Esmaeilpour University of Applied Science and Technology
  • 2.
    2 Contents ● Some Keywords ●Memory Space ● Simple Example of Buffer Overflow Bug ● Simple Example of BOF Exploits ● Useful Resources
  • 3.
    3 Some Keywords ● Bugor Vulnerability ● Exploit ● Patch ● 0day Exploit (zero day exploit) ● Buffer Overflow
  • 4.
    4 Bug or Vulnerability ●A vulnerability is a hole or a weakness in the application, which can be a design flaw or an implementation bug, that allows an attacker to cause harm to the stakeholders of an application
  • 5.
    5 Exploit ● An exploitis a piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic (usually computerized).Such behavior frequently includes things like gaining control of a computer system, allowing privilege escalation, or a denial-of-service (DoS or related DDoS) attack.
  • 6.
    6 Patch ● A patchis a piece of software designed to update a computer program or its supporting data, to fix or improve it.This includes fixing security vulnerabilities and other bugs, with such patches usually called bugfixes or bug fixes, and improving the usability or performance.
  • 7.
    7 0day Exploit orBug ● A zero-day (also known as zero-hour or 0-day or day zero) vulnerability is an undisclosed computer-software vulnerability that hackers can exploit to adversely affect computer programs, data, additional computers or a network
  • 8.
    8 Buffer Overflow ● Incomputer security and programming, a buffer overflow, or buffer overrun, is an anomaly where a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory locations.
  • 9.
  • 10.
  • 11.
  • 12.
    12 Memory Space –Layout of C Program Stack => LIFO %EIP %ESP %EBP common registers
  • 13.
    13 Resources ● https://www.corelan.be ● https://www.exploit-db.com ●http://shell-storm.org/shellcode ● http://www.securitytube-training.com ● https://google.com