SlideShare a Scribd company logo

Software(runtime) attacks

Download as PPT, PDF
Amir Neziri
Amir Neziri

The document discusses software attacks that can occur at runtime, including buffer overflows, return-oriented programming, and their potential uses and countermeasures. It provides an overview of common software attacks according to the OWASP Top 10 list and describes buffer overflow attacks and return-oriented programming attacks in detail through examples and diagrams. Potential targets of software attacks mentioned include internet applications, e-voting, banking, and TV decoders.

Spiritual
1 of 47
English for Computer Science II Software(Runtime) Attacks Amir Neziri & Jurlind Budurushi Source: [6]
Where do we use Software Attacks?(1) ,[object Object],5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi
Overview - Software Attacks ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi
Where do we use Software Attacks?(2) ,[object Object],5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi
Where do we use Software Attacks?(3) ,[object Object],5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi
Where do we use Software Attacks?(4) ,[object Object],5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi
Overview of Software(Runtime) Attacks ,[object Object],[object Object],[object Object],[object Object],[object Object],5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi
Content ,[object Object],[object Object],[object Object],[object Object],5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi
We present… ,[object Object],5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi
BO Vulnerabilities: Statistics ,[object Object],5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
The Stack Frame 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
The Stack Frame (cntd.) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi
Vulnerable program ,[object Object],5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
Buffer Overflow ,[object Object],5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi
(1) Program starts 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
(2) The echo() function is called 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
(3) Call instruction pushes return address onto the stack 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
(4) Allocation of saved base pointer and buffer 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
(5) echo() calls gets(buffer) function 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
(6) Adversary transmits malicious code 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
(7) Malicious code contains shellcode, pattern bytes, . . . 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
(8) . . . , and a new return address 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
(9) Before echo() returns to main, SP is updated 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
(10) echo() issues return resulting in execution of shellcode 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
BO - Countermeasures ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi
ROP – The Big Picture 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
ROP – The Big Picture 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi
ROP – The Big Picture 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
ROP – Architectures ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi
ROP – General idea ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi
ROP ,[object Object],5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi
ROP – Waiting for input from user 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
ROP – Attacker overflows the buffer 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
ROP – Input contains ret-addresses and one argument 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
ROP – 1st sequence is executed 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
ROP – „ret“ instruction transfers control 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
ROP – Transfers control from 2nd to 3rd instruction 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
ROP – POP argument from stack 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
ROP – „ret“ has been reached 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
ROP – Transfers control from 3rd to 4th instruction 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
ROP – Transfers control from 1st gadget to the 2nd 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
ROP – Transfers control from 1st sequence to the 2nd 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
ROP - Countermeasures ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi
Live Demo & Discussion ,[object Object],5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi
Questions??? 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi
5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi
References ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi

Recommended

Eloi Sanfelix - Hardware security: Side Channel Attacks [RootedCON 2011]
Eloi Sanfelix - Hardware security: Side Channel Attacks [RootedCON 2011]Eloi Sanfelix - Hardware security: Side Channel Attacks [RootedCON 2011]
Eloi Sanfelix - Hardware security: Side Channel Attacks [RootedCON 2011]
RootedCON
 
Network Attacks
Network AttacksNetwork Attacks
Network Attacks
SecurityTube.Net
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internet
Rohan Bharadwaj
 
Estimation Techniques V1.0
Estimation Techniques V1.0Estimation Techniques V1.0
Estimation Techniques V1.0
Uday K Bhatt
 
Lessons Learned from Porting HelenOS to RISC-V
Lessons Learned from Porting HelenOS to RISC-VLessons Learned from Porting HelenOS to RISC-V
Lessons Learned from Porting HelenOS to RISC-V
Martin Děcký
 
Engineering the Aggregate - Talk at Software Engineering for Intelligent and ...
Engineering the Aggregate - Talk at Software Engineering for Intelligent and ...Engineering the Aggregate - Talk at Software Engineering for Intelligent and ...
Engineering the Aggregate - Talk at Software Engineering for Intelligent and ...
Danilo Pianini
 
Web Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging ThreatsWeb Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging Threats
Alan Kan
 
iperfTZ: Understanding Network Bottlenecks for TrustZone-based Applications
iperfTZ: Understanding Network Bottlenecks for TrustZone-based ApplicationsiperfTZ: Understanding Network Bottlenecks for TrustZone-based Applications
iperfTZ: Understanding Network Bottlenecks for TrustZone-based Applications
LEGATO project
 

Recommended

Eloi Sanfelix - Hardware security: Side Channel Attacks [RootedCON 2011]
Eloi Sanfelix - Hardware security: Side Channel Attacks [RootedCON 2011]Eloi Sanfelix - Hardware security: Side Channel Attacks [RootedCON 2011]
Eloi Sanfelix - Hardware security: Side Channel Attacks [RootedCON 2011]
RootedCON
 
Network Attacks
Network AttacksNetwork Attacks
Network Attacks
SecurityTube.Net
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internet
Rohan Bharadwaj
 
Estimation Techniques V1.0
Estimation Techniques V1.0Estimation Techniques V1.0
Estimation Techniques V1.0
Uday K Bhatt
 
Lessons Learned from Porting HelenOS to RISC-V
Lessons Learned from Porting HelenOS to RISC-VLessons Learned from Porting HelenOS to RISC-V
Lessons Learned from Porting HelenOS to RISC-V
Martin Děcký
 
Engineering the Aggregate - Talk at Software Engineering for Intelligent and ...
Engineering the Aggregate - Talk at Software Engineering for Intelligent and ...Engineering the Aggregate - Talk at Software Engineering for Intelligent and ...
Engineering the Aggregate - Talk at Software Engineering for Intelligent and ...
Danilo Pianini
 
Web Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging ThreatsWeb Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging Threats
Alan Kan
 
iperfTZ: Understanding Network Bottlenecks for TrustZone-based Applications
iperfTZ: Understanding Network Bottlenecks for TrustZone-based ApplicationsiperfTZ: Understanding Network Bottlenecks for TrustZone-based Applications
iperfTZ: Understanding Network Bottlenecks for TrustZone-based Applications
LEGATO project
 
Deepthi ratnayake
Deepthi ratnayakeDeepthi ratnayake
Deepthi ratnayake
LondonMet PGR Students
 
Computational Fields meet Augmented Reality: Perspectives and Challenges
Computational Fields meet Augmented Reality: Perspectives and ChallengesComputational Fields meet Augmented Reality: Perspectives and Challenges
Computational Fields meet Augmented Reality: Perspectives and Challenges
Danilo Pianini
 
1 Introduction The task of identifying risks in an.docx
1 Introduction The task of identifying risks in an.docx1 Introduction The task of identifying risks in an.docx
1 Introduction The task of identifying risks in an.docx
jeremylockett77
 
Performance Analysis of AODV Protocol on Black-Hole Attack by Ashok Panwar
Performance Analysis of AODV Protocol on Black-Hole Attack by Ashok PanwarPerformance Analysis of AODV Protocol on Black-Hole Attack by Ashok Panwar
Performance Analysis of AODV Protocol on Black-Hole Attack by Ashok Panwar
Ashok Panwar
 
2011/09/13 - Introduction
2011/09/13 - Introduction2011/09/13 - Introduction
2011/09/13 - Introduction
Fernando Brito e Abreu
 
Universal programmability how ai can help
Universal programmability how ai can helpUniversal programmability how ai can help
Universal programmability how ai can help
CS, NcState
 
Android device driver structure introduction
Android device driver structure introductionAndroid device driver structure introduction
Android device driver structure introduction
William Liang
 
Continuous Integration
Continuous IntegrationContinuous Integration
Continuous Integration
Danilo Pianini
 
Collaboration Portal for Researchers
Collaboration Portal for ResearchersCollaboration Portal for Researchers
Collaboration Portal for Researchers
Fatemeh Khast Khoda
 
Security of Web Servers and Web Applications
Security of Web Servers and Web ApplicationsSecurity of Web Servers and Web Applications
Security of Web Servers and Web Applications
Amir Neziri
 
Delivering software - process and infrastructure
Delivering software - process and infrastructureDelivering software - process and infrastructure
Delivering software - process and infrastructure
Rune Sundling
 
Protelis: Practical Aggregate Programming - Symposium on Applied Computing (S...
Protelis: Practical Aggregate Programming - Symposium on Applied Computing (S...Protelis: Practical Aggregate Programming - Symposium on Applied Computing (S...
Protelis: Practical Aggregate Programming - Symposium on Applied Computing (S...
Danilo Pianini
 
Make Me an Eclipse View (with less Plumbing): The PTP External Tools Framewor...
Make Me an Eclipse View (with less Plumbing): The PTP External Tools Framewor...Make Me an Eclipse View (with less Plumbing): The PTP External Tools Framewor...
Make Me an Eclipse View (with less Plumbing): The PTP External Tools Framewor...
bethtib
 
Ramadan algorithm
Ramadan algorithmRamadan algorithm
Ramadan algorithm
MahaElbasuony
 
600.412.Lecture05
600.412.Lecture05600.412.Lecture05
600.412.Lecture05
ragibhasan
 
Open Developer Platform: What Is It and Why Should I Care? Maurizio Pillitu
Open Developer Platform: What Is It and Why Should I Care? Maurizio PillituOpen Developer Platform: What Is It and Why Should I Care? Maurizio Pillitu
Open Developer Platform: What Is It and Why Should I Care? Maurizio Pillitu
Symphony Software Foundation
 
Mtech First progress PRESENTATION ON VIDEO SUMMARIZATION
Mtech First progress PRESENTATION ON VIDEO SUMMARIZATIONMtech First progress PRESENTATION ON VIDEO SUMMARIZATION
Mtech First progress PRESENTATION ON VIDEO SUMMARIZATION
NEERAJ BAGHEL
 
MichaelFoxResume20150616
MichaelFoxResume20150616MichaelFoxResume20150616
MichaelFoxResume20150616
Michael Fox
 
[CB21] Were "2020" Subdomains Abused Actually? - Mining the Real Threat Hidde...
[CB21] Were "2020" Subdomains Abused Actually? - Mining the Real Threat Hidde...[CB21] Were "2020" Subdomains Abused Actually? - Mining the Real Threat Hidde...
[CB21] Were "2020" Subdomains Abused Actually? - Mining the Real Threat Hidde...
CODE BLUE
 
Secure Mobile Cloud Service for personal data with web frontend based on HTML5
Secure Mobile Cloud Service for personal data with web frontend based on HTML5Secure Mobile Cloud Service for personal data with web frontend based on HTML5
Secure Mobile Cloud Service for personal data with web frontend based on HTML5
Amir Neziri
 
Quellcode Analyse
Quellcode AnalyseQuellcode Analyse
Quellcode Analyse
Amir Neziri
 
Privacy and identity management for everyone
Privacy and identity management for everyonePrivacy and identity management for everyone
Privacy and identity management for everyone
Amir Neziri
 

More Related Content

Similar to Software(runtime) attacks

Computational Fields meet Augmented Reality: Perspectives and Challenges
Computational Fields meet Augmented Reality: Perspectives and ChallengesComputational Fields meet Augmented Reality: Perspectives and Challenges
Computational Fields meet Augmented Reality: Perspectives and Challenges
Danilo Pianini
 
1 Introduction The task of identifying risks in an.docx
1 Introduction The task of identifying risks in an.docx1 Introduction The task of identifying risks in an.docx
1 Introduction The task of identifying risks in an.docx
jeremylockett77
 
Collaboration Portal for Researchers
Collaboration Portal for ResearchersCollaboration Portal for Researchers
Collaboration Portal for Researchers
Fatemeh Khast Khoda
 
Delivering software - process and infrastructure
Delivering software - process and infrastructureDelivering software - process and infrastructure
Delivering software - process and infrastructure
Rune Sundling
 
Protelis: Practical Aggregate Programming - Symposium on Applied Computing (S...
Protelis: Practical Aggregate Programming - Symposium on Applied Computing (S...Protelis: Practical Aggregate Programming - Symposium on Applied Computing (S...
Protelis: Practical Aggregate Programming - Symposium on Applied Computing (S...
Danilo Pianini
 
Make Me an Eclipse View (with less Plumbing): The PTP External Tools Framewor...
Make Me an Eclipse View (with less Plumbing): The PTP External Tools Framewor...Make Me an Eclipse View (with less Plumbing): The PTP External Tools Framewor...
Make Me an Eclipse View (with less Plumbing): The PTP External Tools Framewor...
bethtib
 
MichaelFoxResume20150616
MichaelFoxResume20150616MichaelFoxResume20150616
MichaelFoxResume20150616
Michael Fox
 
[CB21] Were "2020" Subdomains Abused Actually? - Mining the Real Threat Hidde...
[CB21] Were "2020" Subdomains Abused Actually? - Mining the Real Threat Hidde...[CB21] Were "2020" Subdomains Abused Actually? - Mining the Real Threat Hidde...
[CB21] Were "2020" Subdomains Abused Actually? - Mining the Real Threat Hidde...
CODE BLUE
 

Similar to Software(runtime) attacks (19)

Deepthi ratnayake
Deepthi ratnayakeDeepthi ratnayake
Deepthi ratnayake
 
Computational Fields meet Augmented Reality: Perspectives and Challenges
Computational Fields meet Augmented Reality: Perspectives and ChallengesComputational Fields meet Augmented Reality: Perspectives and Challenges
Computational Fields meet Augmented Reality: Perspectives and Challenges
 
1 Introduction The task of identifying risks in an.docx
1 Introduction The task of identifying risks in an.docx1 Introduction The task of identifying risks in an.docx
1 Introduction The task of identifying risks in an.docx
 
Performance Analysis of AODV Protocol on Black-Hole Attack by Ashok Panwar
Performance Analysis of AODV Protocol on Black-Hole Attack by Ashok PanwarPerformance Analysis of AODV Protocol on Black-Hole Attack by Ashok Panwar
Performance Analysis of AODV Protocol on Black-Hole Attack by Ashok Panwar
 
2011/09/13 - Introduction
2011/09/13 - Introduction2011/09/13 - Introduction
2011/09/13 - Introduction
 
Universal programmability how ai can help
Universal programmability how ai can helpUniversal programmability how ai can help
Universal programmability how ai can help
 
Android device driver structure introduction
Android device driver structure introductionAndroid device driver structure introduction
Android device driver structure introduction
 
Continuous Integration
Continuous IntegrationContinuous Integration
Continuous Integration
 
Collaboration Portal for Researchers
Collaboration Portal for ResearchersCollaboration Portal for Researchers
Collaboration Portal for Researchers
 
Security of Web Servers and Web Applications
Security of Web Servers and Web ApplicationsSecurity of Web Servers and Web Applications
Security of Web Servers and Web Applications
 
Delivering software - process and infrastructure
Delivering software - process and infrastructureDelivering software - process and infrastructure
Delivering software - process and infrastructure
 
Protelis: Practical Aggregate Programming - Symposium on Applied Computing (S...
Protelis: Practical Aggregate Programming - Symposium on Applied Computing (S...Protelis: Practical Aggregate Programming - Symposium on Applied Computing (S...
Protelis: Practical Aggregate Programming - Symposium on Applied Computing (S...
 
Make Me an Eclipse View (with less Plumbing): The PTP External Tools Framewor...
Make Me an Eclipse View (with less Plumbing): The PTP External Tools Framewor...Make Me an Eclipse View (with less Plumbing): The PTP External Tools Framewor...
Make Me an Eclipse View (with less Plumbing): The PTP External Tools Framewor...
 
Ramadan algorithm
Ramadan algorithmRamadan algorithm
Ramadan algorithm
 
600.412.Lecture05
600.412.Lecture05600.412.Lecture05
600.412.Lecture05
 
Open Developer Platform: What Is It and Why Should I Care? Maurizio Pillitu
Open Developer Platform: What Is It and Why Should I Care? Maurizio PillituOpen Developer Platform: What Is It and Why Should I Care? Maurizio Pillitu
Open Developer Platform: What Is It and Why Should I Care? Maurizio Pillitu
 
Mtech First progress PRESENTATION ON VIDEO SUMMARIZATION
Mtech First progress PRESENTATION ON VIDEO SUMMARIZATIONMtech First progress PRESENTATION ON VIDEO SUMMARIZATION
Mtech First progress PRESENTATION ON VIDEO SUMMARIZATION
 
MichaelFoxResume20150616
MichaelFoxResume20150616MichaelFoxResume20150616
MichaelFoxResume20150616
 
[CB21] Were "2020" Subdomains Abused Actually? - Mining the Real Threat Hidde...
[CB21] Were "2020" Subdomains Abused Actually? - Mining the Real Threat Hidde...[CB21] Were "2020" Subdomains Abused Actually? - Mining the Real Threat Hidde...
[CB21] Were "2020" Subdomains Abused Actually? - Mining the Real Threat Hidde...
 

More from Amir Neziri

Secure Mobile Cloud Service for personal data with web frontend based on HTML5
Secure Mobile Cloud Service for personal data with web frontend based on HTML5Secure Mobile Cloud Service for personal data with web frontend based on HTML5
Secure Mobile Cloud Service for personal data with web frontend based on HTML5
Amir Neziri
 
Quellcode Analyse
Quellcode AnalyseQuellcode Analyse
Quellcode Analyse
Amir Neziri
 
Privacy and identity management for everyone
Privacy and identity management for everyonePrivacy and identity management for everyone
Privacy and identity management for everyone
Amir Neziri
 
Sichere Handy-Ortung zur Unterstützung des Katastrophenmanagements auf Basis ...
Sichere Handy-Ortung zur Unterstützung des Katastrophenmanagements auf Basis ...Sichere Handy-Ortung zur Unterstützung des Katastrophenmanagements auf Basis ...
Sichere Handy-Ortung zur Unterstützung des Katastrophenmanagements auf Basis ...
Amir Neziri
 
Electronic credentials
Electronic credentialsElectronic credentials
Electronic credentials
Amir Neziri
 
Introduction to cryptography
Introduction to cryptographyIntroduction to cryptography
Introduction to cryptography
Amir Neziri
 

More from Amir Neziri (6)

Secure Mobile Cloud Service for personal data with web frontend based on HTML5
Secure Mobile Cloud Service for personal data with web frontend based on HTML5Secure Mobile Cloud Service for personal data with web frontend based on HTML5
Secure Mobile Cloud Service for personal data with web frontend based on HTML5
 
Quellcode Analyse
Quellcode AnalyseQuellcode Analyse
Quellcode Analyse
 
Privacy and identity management for everyone
Privacy and identity management for everyonePrivacy and identity management for everyone
Privacy and identity management for everyone
 
Sichere Handy-Ortung zur Unterstützung des Katastrophenmanagements auf Basis ...
Sichere Handy-Ortung zur Unterstützung des Katastrophenmanagements auf Basis ...Sichere Handy-Ortung zur Unterstützung des Katastrophenmanagements auf Basis ...
Sichere Handy-Ortung zur Unterstützung des Katastrophenmanagements auf Basis ...
 
Electronic credentials
Electronic credentialsElectronic credentials
Electronic credentials
 
Introduction to cryptography
Introduction to cryptographyIntroduction to cryptography
Introduction to cryptography
 

Recently uploaded

Expert kala ilam, Black magic specialist in Germany and Kala ilam expert in I...
Expert kala ilam, Black magic specialist in Germany and Kala ilam expert in I...Expert kala ilam, Black magic specialist in Germany and Kala ilam expert in I...
Expert kala ilam, Black magic specialist in Germany and Kala ilam expert in I...
baharayali
 
The Illuminated Republic: Understanding Adam Weishaupt through his own writin...
The Illuminated Republic: Understanding Adam Weishaupt through his own writin...The Illuminated Republic: Understanding Adam Weishaupt through his own writin...
The Illuminated Republic: Understanding Adam Weishaupt through his own writin...
jfrenchau
 
Expert kala ilam, Black magic specialist in Russia and Kala jadu expert in It...
Expert kala ilam, Black magic specialist in Russia and Kala jadu expert in It...Expert kala ilam, Black magic specialist in Russia and Kala jadu expert in It...
Expert kala ilam, Black magic specialist in Russia and Kala jadu expert in It...
baharayali
 
Expert kala ilam, Kala ilam specialist in Spain and Kala jadu expert in Germa...
Expert kala ilam, Kala ilam specialist in Spain and Kala jadu expert in Germa...Expert kala ilam, Kala ilam specialist in Spain and Kala jadu expert in Germa...
Expert kala ilam, Kala ilam specialist in Spain and Kala jadu expert in Germa...
baharayali
 
Expert kala ilam, Black magic specialist in Indonesia and Kala ilam expert in...
Expert kala ilam, Black magic specialist in Indonesia and Kala ilam expert in...Expert kala ilam, Black magic specialist in Indonesia and Kala ilam expert in...
Expert kala ilam, Black magic specialist in Indonesia and Kala ilam expert in...
baharayali
 

Recently uploaded (20)

The Chakra System in our body - A Portal to Interdimensional Consciousness.pptx
The Chakra System in our body - A Portal to Interdimensional Consciousness.pptxThe Chakra System in our body - A Portal to Interdimensional Consciousness.pptx
The Chakra System in our body - A Portal to Interdimensional Consciousness.pptx
 
Deerfoot Church of Christ Bulletin 6 2 24
Deerfoot Church of Christ Bulletin 6 2 24Deerfoot Church of Christ Bulletin 6 2 24
Deerfoot Church of Christ Bulletin 6 2 24
 
Expert kala ilam, Black magic specialist in Germany and Kala ilam expert in I...
Expert kala ilam, Black magic specialist in Germany and Kala ilam expert in I...Expert kala ilam, Black magic specialist in Germany and Kala ilam expert in I...
Expert kala ilam, Black magic specialist in Germany and Kala ilam expert in I...
 
308 David Displeased the Lord 309 What Will it Take for God to Get Your Atten...
308 David Displeased the Lord 309 What Will it Take for God to Get Your Atten...308 David Displeased the Lord 309 What Will it Take for God to Get Your Atten...
308 David Displeased the Lord 309 What Will it Take for God to Get Your Atten...
 
The Story of 'Chin Kiam Siap' ~ An AI Generated Story ~ English & Chinese.pptx
The Story of 'Chin Kiam Siap' ~ An AI Generated Story ~ English & Chinese.pptxThe Story of 'Chin Kiam Siap' ~ An AI Generated Story ~ English & Chinese.pptx
The Story of 'Chin Kiam Siap' ~ An AI Generated Story ~ English & Chinese.pptx
 
English - The Book of Joshua the Son of Nun.pdf
English - The Book of Joshua the Son of Nun.pdfEnglish - The Book of Joshua the Son of Nun.pdf
English - The Book of Joshua the Son of Nun.pdf
 
The Good News, newsletter for June 2024 is here
The Good News, newsletter for June 2024 is hereThe Good News, newsletter for June 2024 is here
The Good News, newsletter for June 2024 is here
 
The Illuminated Republic: Understanding Adam Weishaupt through his own writin...
The Illuminated Republic: Understanding Adam Weishaupt through his own writin...The Illuminated Republic: Understanding Adam Weishaupt through his own writin...
The Illuminated Republic: Understanding Adam Weishaupt through his own writin...
 
Expert kala ilam, Black magic specialist in Russia and Kala jadu expert in It...
Expert kala ilam, Black magic specialist in Russia and Kala jadu expert in It...Expert kala ilam, Black magic specialist in Russia and Kala jadu expert in It...
Expert kala ilam, Black magic specialist in Russia and Kala jadu expert in It...
 
English - The Book of Numbers the 4th Book of Moses.pdf
English - The Book of Numbers the 4th Book of Moses.pdfEnglish - The Book of Numbers the 4th Book of Moses.pdf
English - The Book of Numbers the 4th Book of Moses.pdf
 
Codex Singularity: Search for the Prisca Sapientia
Codex Singularity: Search for the Prisca SapientiaCodex Singularity: Search for the Prisca Sapientia
Codex Singularity: Search for the Prisca Sapientia
 
Evangelization in the footsteps of Saint Vincent de Paul
Evangelization in the footsteps of Saint Vincent de PaulEvangelization in the footsteps of Saint Vincent de Paul
Evangelization in the footsteps of Saint Vincent de Paul
 
Expert kala ilam, Kala ilam specialist in Spain and Kala jadu expert in Germa...
Expert kala ilam, Kala ilam specialist in Spain and Kala jadu expert in Germa...Expert kala ilam, Kala ilam specialist in Spain and Kala jadu expert in Germa...
Expert kala ilam, Kala ilam specialist in Spain and Kala jadu expert in Germa...
 
Breaking the Curse: Techniques for Successful Black Magic Removal
Breaking the Curse: Techniques for Successful Black Magic RemovalBreaking the Curse: Techniques for Successful Black Magic Removal
Breaking the Curse: Techniques for Successful Black Magic Removal
 
TALABALESHWARA TEMPLE AND KODAVA AIN MANE.pdf
TALABALESHWARA TEMPLE AND KODAVA AIN MANE.pdfTALABALESHWARA TEMPLE AND KODAVA AIN MANE.pdf
TALABALESHWARA TEMPLE AND KODAVA AIN MANE.pdf
 
Catechism_05_Blessed Trinity based on Compendium CCC.pptx
Catechism_05_Blessed Trinity based on Compendium CCC.pptxCatechism_05_Blessed Trinity based on Compendium CCC.pptx
Catechism_05_Blessed Trinity based on Compendium CCC.pptx
 
What Should be the Christian View of Anime?
What Should be the Christian View of Anime?What Should be the Christian View of Anime?
What Should be the Christian View of Anime?
 
The PBHP DYC ~ Reflections on The Dhamma (English).pptx
The PBHP DYC ~ Reflections on The Dhamma (English).pptxThe PBHP DYC ~ Reflections on The Dhamma (English).pptx
The PBHP DYC ~ Reflections on The Dhamma (English).pptx
 
7 Key Steps for Business Growth Strategist.pptx
7 Key Steps for Business Growth Strategist.pptx7 Key Steps for Business Growth Strategist.pptx
7 Key Steps for Business Growth Strategist.pptx
 
Expert kala ilam, Black magic specialist in Indonesia and Kala ilam expert in...
Expert kala ilam, Black magic specialist in Indonesia and Kala ilam expert in...Expert kala ilam, Black magic specialist in Indonesia and Kala ilam expert in...
Expert kala ilam, Black magic specialist in Indonesia and Kala ilam expert in...
 

Software(runtime) attacks

  • 1. English for Computer Science II Software(Runtime) Attacks Amir Neziri & Jurlind Budurushi Source: [6]
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11. The Stack Frame 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
  • 12.
  • 13.
  • 14.
  • 15. (1) Program starts 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
  • 16. (2) The echo() function is called 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
  • 17. (3) Call instruction pushes return address onto the stack 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
  • 18. (4) Allocation of saved base pointer and buffer 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
  • 19. (5) echo() calls gets(buffer) function 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
  • 20. (6) Adversary transmits malicious code 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
  • 21. (7) Malicious code contains shellcode, pattern bytes, . . . 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
  • 22. (8) . . . , and a new return address 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
  • 23. (9) Before echo() returns to main, SP is updated 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
  • 24. (10) echo() issues return resulting in execution of shellcode 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
  • 25.
  • 26. ROP – The Big Picture 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
  • 27. ROP – The Big Picture 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi
  • 28. ROP – The Big Picture 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
  • 29.
  • 30.
  • 31.
  • 32. ROP – Waiting for input from user 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
  • 33. ROP – Attacker overflows the buffer 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
  • 34. ROP – Input contains ret-addresses and one argument 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
  • 35. ROP – 1st sequence is executed 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
  • 36. ROP – „ret“ instruction transfers control 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
  • 37. ROP – Transfers control from 2nd to 3rd instruction 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
  • 38. ROP – POP argument from stack 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
  • 39. ROP – „ret“ has been reached 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
  • 40. ROP – Transfers control from 3rd to 4th instruction 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
  • 41. ROP – Transfers control from 1st gadget to the 2nd 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
  • 42. ROP – Transfers control from 1st sequence to the 2nd 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
  • 43.
  • 44.
  • 45. Questions??? 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi
  • 46. 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi
  • 47.

Editor's Notes

  1. 2/3/2011 | | Hello to everyone and welcome to our presentation. The topic of our presentation is “Software Attacks”
  2. https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project 2/3/2011 | |
  3. Stealing Votes with ROP: http://www.youtube.com/watch?v=lsfG3KPrD1I 2/3/2011 | |
  4. How many people do have a pay TV ???? 2/3/2011 | |
  5. Push elements onto the stack (SP is decremented) Pop elements o the stack (SP is incremented) 2/3/2011 | |
  6. Cann you see the problem ??? 2/3/2011 | |
  7. 2/3/2011 | |
  8. 2/3/2011 | |
  9. 2/3/2011 | |