PPT-Anatomy of attacks Buffer Overflow attacks

amp Rootkits Warning Do not use hacking tools unless you are sure you have sysadmins permission Company policy firedsuspended Illegal Go to Jail Honor Code Just because you have a set of masterkeys does NOT give you permission to drive anyones car. 8 attacks PINblock formats Attacking PAN with translationverification functions Attacking PIN translation functions Collision attack Conclusion brPage 3br Basic terminology Hardware Security Module HSM Example IBM 4758 depicted below Host device Appl . Attacker’s goal. :. Take over target machine (e.g. web server). Execute arbitrary code on target by . hijacking application control flow. This lecture: three examples.. Buffer overflow attacks. 16. Buffer Overflow. modified from slides of . Lawrie. Brown. Buffer Overflow. a very common attack mechanism. first wide use by the Morris Worm in 1988. prevention techniques known. still of major concern. http://en.wikipedia.org/wiki/Stack_buffer_overflow. What is a stack buffer overflow?. Caused when a program writes more data to a buffer on the stack than what was initially allocated for the buffer. Exploiting Software. Exploiting Software . The exploitation of software is one of the main ways that a users computer can be broken into. . It involves exploiting the software running on the users computer to do something that was not intended by the developer. . The Stakes Have Changed. . Have You?. November 17, 2016. Today’s Speakers. Sean Pike. Program Vice President, Security Products, IDC. Tom Bienkowski. Director, Product Marketing, Arbor Networks. Kevin Whalen. What is an Exploit?. An . exploit. . is any . input. (i.e., a piece of software, an argument string, or sequence of commands) that takes advantage of a bug, glitch or vulnerability in order to cause an attack. Chih. Hung Wang. Reference:. 1. B. Chess and J. West, Secure Programming with Static Analysis, Addison-Wesley, 2007.. 2. R. C. . Seacord. , Secure Coding in C and C , Addison-Wesley, 2006.. 1. Introduction (1). modified from slides of . Lawrie. Brown. Buffer Overflow. a very common attack mechanism. first wide use by the Morris Worm in 1988. prevention techniques known. still of major concern. legacy of buggy code in widely deployed operating systems and applications. modified from slides of . Lawrie. Brown. Buffer Overflow. a very common attack mechanism. first wide use by the Morris Worm in 1988. prevention techniques known. still of major concern. legacy of buggy code in widely deployed operating systems and applications. modified from slides of . Lawrie. Brown. Buffer Overflow. a very common attack mechanism. first wide use by the Morris Worm in 1988. prevention techniques known. still of major concern. legacy of buggy code in widely deployed operating systems and . Compile time vs Run time main( argc , argv , envp ) int argc ; char ** argv ; char ** envp ; { int i ; char *name, buf [32]; name = getname (); printf ("your name is %s\n", name); Network Security Fundamentals 2. Zero day attacks. “zero day”. Web application attacks. Signing up for a class. Hardening the web server. Enhancing the security. May not prevent against web attacks. Dan Fleck. CS469 Security Engineering. Reference: . http://. www.thegeekstuff.com. /2013/06/buffer-overflow/ . Coming up: Buffer Overflows. 1. 1. Buffer Overflows. Buffer overflows occur when some sized portion of memory is overwritten with something bigger..