PPT-Secure Programming 6. Buffer Overflow (Strings and Integers) Part 1

Chih Hung Wang Reference 1 B Chess and J West Secure Programming with Static Analysis AddisonWesley 2007 2 R C Seacord Secure Coding in C and C AddisonWesley 2006 1 Introduction 1. . Chapter 10 Malicious software. Part B. Index. Social Engineering. Malware Payload. Countermeasures of malware. DDoS. Buffer overflow. Social Engineering. Tricking user to assist in the comprise of their own systems or personal information. Buffer Overflow. modified from slides of . Lawrie. Brown. Buffer Overflow. a very common attack mechanism. first wide use by the Morris Worm in 1988. prevention techniques known. still of major concern. http://en.wikipedia.org/wiki/Stack_buffer_overflow. What is a stack buffer overflow?. Caused when a program writes more data to a buffer on the stack than what was initially allocated for the buffer. 15-213: Introduction to Computer Systems. Recitation 6, Oct 1, 2012. Alexander Malyshev (amalyshe). Section A, 10:30a – 11:20p, WeH 4623. Agenda. Buffer overflow. Writing a C program. Makefiles. Revision Control. CS 465. Slides by Kent Seamons and Tim van . der. Horst. Last Updated: . Nov 11, 2011. Buffer Overflow. The most common security vulnerability. Root cause. Unsafe programming languages. What areas of process memory are vulnerable to a buffer overflow?. Gabe Kanzelmeyer. CS 450. 4/14/10. Overview. What is buffer overflow?. How memory is processed and the stack. The threat. Stack overrun attack. Dangers. Prevention. What is buffer overflow?. A buffer (array/string) that holds data. Serious Note. Try a web search for “buffer overflow exploit”.. Check alt.2600, rootshell.com, antionline.com – you can find long lists of . exploits. based on buffer overflow.. Even the original version of . Dr. X. Metasploitable. Not everything is what it looks like. …. You opened a reverse shell with root priviledges. B. ut did you?. Metasploitable. There was a bug. You were root back on the kali VM not the . Soup – . er. mathematics. Adding integers. Option 1 . (SAME SIGN). . Add and take the sign of the bigger number.. Option 2. (DIFFERENT SIGNS). . Subtract and take the sign of the bigger number. modified from slides of . Lawrie. Brown. Buffer Overflow. a very common attack mechanism. first wide use by the Morris Worm in 1988. prevention techniques known. still of major concern. legacy of buggy code in widely deployed operating systems and applications. modified from slides of . Lawrie. Brown. Buffer Overflow. a very common attack mechanism. first wide use by the Morris Worm in 1988. prevention techniques known. still of major concern. legacy of buggy code in widely deployed operating systems and applications. Stack. in the higher parts of memory. Grows down. Used when a . function is called. Data Area. Global variables . not . inizialited. . to zero. BSS [. Block. . Started. by Symbol. ]. Segment. Global variables . Secure . Programming:. Buffer Overflow. Dr. Shahriar . Bijani. Shahed. University. Fall 2016. Slides’ . References. Avinash. . Kak. , . Buffer Overflow Attack. , Computer . & Network Security, Purdue University, . Recitation 6, Oct 1, 2012. Alexander Malyshev (amalyshe). Section A, 10:30a – 11:20p, WeH 4623. Agenda. Buffer overflow. Writing a C program. Makefiles. Revision Control. Buffer Overflow. We have .