PPT-Stack buffer overflow

Stack frame layout include lt stringh gt void foo char bar char c12 strcpy c bar no bound int main int argc char argv foo argv. . Attacker’s goal. :. Take over target machine (e.g. web server). Execute arbitrary code on target by . hijacking application control flow. This lecture: three examples.. Buffer overflow attacks. . Chapter 10 Malicious software. Part B. Index. Social Engineering. Malware Payload. Countermeasures of malware. DDoS. Buffer overflow. Social Engineering. Tricking user to assist in the comprise of their own systems or personal information. (based on Ch. 10 and 11 . of Stallings and Brown) . Last time: Buffer Overflows. a very common attack mechanism. first widely used by the Morris . Worm. in 1988. still . of major . concern. legacy of buggy code in widely deployed operating systems and applications. CS 465. Slides by Kent Seamons and Tim van . der. Horst. Last Updated: . Nov 11, 2011. Buffer Overflow. The most common security vulnerability. Root cause. Unsafe programming languages. What areas of process memory are vulnerable to a buffer overflow?. What is an Exploit?. An . exploit. . is any . input. (i.e., a piece of software, an argument string, or sequence of commands) that takes advantage of a bug, glitch or vulnerability in order to cause an attack. (based on Ch. 10 and 11 . of Stallings and Brown) . Last time: Buffer Overflows. a very common attack mechanism. first widely used by the Morris . Worm. in 1988. still . of major . concern. legacy of buggy code in widely deployed operating systems and applications. Basic . Memory Corruption. . Attacks. Original slides were created by Prof. Dan . Boneh. Memory corruption attacks. . Attacker’s goal. :. Take over target machine (e.g. web server). Execute arbitrary code on target by . Memory Corruption . Attacks. Original slides were created by Prof. Dan . Boneh. Memory corruption attacks. . Attacker’s goal. :. Take over target machine (e.g. web server). Execute arbitrary code on target by . Chih. Hung Wang. Reference:. 1. B. Chess and J. West, Secure Programming with Static Analysis, Addison-Wesley, 2007.. 2. R. C. . Seacord. , Secure Coding in C and C , Addison-Wesley, 2006.. 1. Introduction (1). modified from slides of . Lawrie. Brown. Buffer Overflow. a very common attack mechanism. first wide use by the Morris Worm in 1988. prevention techniques known. still of major concern. legacy of buggy code in widely deployed operating systems and applications. modified from slides of . Lawrie. Brown. Buffer Overflow. a very common attack mechanism. first wide use by the Morris Worm in 1988. prevention techniques known. still of major concern. legacy of buggy code in widely deployed operating systems and . Compile time vs Run time main( argc , argv , envp ) int argc ; char ** argv ; char ** envp ; { int i ; char *name, buf [32]; name = getname (); printf ("your name is %s\n", name); Secure . Programming:. Buffer Overflow. Dr. Shahriar . Bijani. Shahed. University. Fall 2016. Slides’ . References. Avinash. . Kak. , . Buffer Overflow Attack. , Computer . & Network Security, Purdue University, . Dan Fleck. CS469 Security Engineering. Reference: . http://. www.thegeekstuff.com. /2013/06/buffer-overflow/ . Coming up: Buffer Overflows. 1. 1. Buffer Overflows. Buffer overflows occur when some sized portion of memory is overwritten with something bigger..