PPT-Control Hijacking Basic Control Hijacking Attacks

Control hijacking attacks Attackers goal Take over target machine eg web server Execute arbitrary code on target by hijacking application control flow Examples Buffer overflow and integer overflow attacks. vulnerable to hijacking attempts. Hijackers may target these vehicles not for the cargo they contain, but for perpetrating various types of terrorist activities. These vehicles may be targeted beca What Your Company Can Do Personnel Checks 1. Require all personnel, including vendors, contractors, maintenance and clerical personnel who have access to cargo areas provide a detailed employment app Sponsored by INTRODUCTIONThe continued growth of the Internet and online advertising has created an appealing medium through which fraudsters distribute malware and perpetrate a wide range of maliciou (65 of 1982) THE ANTI-HIJACKING ACT, 1982TABLEOFCONTENTSSECTIONSPAGES1.Short titles, extent, application and commencement....1302.Definitions..........1303.High Jacking.........1304.Punishment for Hig . Attacker’s goal. :. Take over target machine (e.g. web server). Execute arbitrary code on target by . hijacking application control flow. This lecture: three examples.. Buffer overflow attacks. Iranian Hostage Crisis. 1979-1981. US Embassy Bombing in Beirut. 1983. Caskets of 17 Americans lost in Beirut. Before. After. Marine Barracks Bombing. 1983. Kidnapping of CIA Chief William Buckley. 1984. Author: Neelay S. Shah Senior Software Security Consultant Foundstone Professional Services Rudolph Araujo Technical Director Foundstone Professional Services 2 www.foundstone.com | 1.877.91.FOUND So DO'S Always travel with the car doors locked. Keep all windows closed or, at most, not open more than would allow a hand to fit through. Leave enough room between your car and the one in front to avo Tongqing Qiu. +. , . Lusheng. . Ji. *. , Dan Pei. *. Jia. Wang. *. , Jun (Jim) . Xu. +. , Hitesh . Ballani. ++. + College of Computing, Georgia Tech. * AT&T Lab – Research. ++ Department of Computer Science, Cornell University . . Zhiqi Zhang , Baochen Lu , Peng . L. iao , Chaoge Liu , Xiang Cui . - . Computer . Science and Automation Engineering (CSAE), 2011 IEEE . International Conference . Speaker : Yi-Ting Tsai. Date : 102.11.7. Aviv Zohar. School Computer Science and Engineering. The Hebrew University of Jerusalem . Based on joint work with . Maria . Apostolaki. and . Laurent . Vanbever. Blue: 2. Red: 1. Digital Payments. Recap: control hijacking attacks. Stack smashing. : overwrite return address or function pointer. Heap spraying. : reliably exploit a heap overflow. Use after free. : attacker writes to freed control structure, . Aviv Zohar. School Computer Science and Engineering. The Hebrew University of Jerusalem . Based on joint work with . Maria . Apostolaki. and . Laurent . Vanbever. Blue: 2. Red: 1. Digital Payments. Roger Grimes. Data-Driven Defense Evangelist, KnowBe4, Inc.. rogerg@knowbe4.com. Roger A. Grimes. Data-Driven Defense Evangelist. KnowBe4, Inc.. 30-years plus in computer security. Expertise in host and network security, .