SlideShare una empresa de Scribd logo

Buffer Overflow by SecArmour

Descargar como PPTX, PDF
Sec Armour
Sec Armour

A buffer overflow occurs when a program or process tries to store more data than it was intended for. Buffer is a sequential section of memory allocated to contain anything from a character string to an array of integers. Writing outside the bounds of a block of allocated memory can corrupt data, crash the program, or cause the execution of malicious code.

Tecnología
1 de 16
SECURITY BEYOND COMPARE
Buffer Overflow  Technique to force execution of malicious code with unauthorized privileges – launch a command shell – search local disk or network for sensitive data – register with command and control network as a zombie  Can be applied both locally and remotely  Attack technique is independent of machine  architecture and operating system  Can be tricky to execute, but extremely effective
Layout Of Stack  Grows from high-end address to low-end address (buffer grows from low-end address to high-end address);  Return Address- When a function returns, the instructions pointed by it will be executed;  Stack Frame pointer(esp)- is used to reference to local variables and function parameters.
Layout of the Virtual Space of a Process The layout of the virtual space of a process in Linux
Example low-end address esp int cal(int a, int b) { int c; c = a + b; return c; } int main () { int d; d = cal(1, 2); printf("%dn", d); return; } c ebp previous ebp retaddr(0x0804822) a(1) b(2) Stack high-end address
Shell code  Shellcode is defined as a set of instructions which is injected and then is executed by an exploited program;  Shellcode is used to directly manipulate registers and the function of a program;  Most of shellcodes use system call to do malicious behaviors;  System calls is a set of functions which allow you to access operating system-specific functions such as getting input, producing output, exiting a process;
How to prevent stack buffer overflow?  Stack Guard  In a stack , a canary word is placed after return address whenever a function is called;  The canary will be checked before the function returns. If value of canary is changed , then it indicates an malicious behavior. Local Variables Lower address Old Base Pointer Canary Value ReturnAddres Arguments Higher address Unix Stack Frame
Cont.  Non-Executable stack;  Return-to-libc exploitation might occur  Randomization.
Buffer Overflow by SecArmour
Buffer Overflow by SecArmour

Recomendados

The Casting Demonstrator. Using the Raspberry Pi for graphics and simulated f...
The Casting Demonstrator. Using the Raspberry Pi for graphics and simulated f...The Casting Demonstrator. Using the Raspberry Pi for graphics and simulated f...
The Casting Demonstrator. Using the Raspberry Pi for graphics and simulated f...
InfinIT - Innovationsnetværket for it
 
0.5mln packets per second with Erlang
0.5mln packets per second with Erlang0.5mln packets per second with Erlang
0.5mln packets per second with Erlang
Maxim Kharchenko
 
Memory reference
Memory referenceMemory reference
Memory reference
rajshreemuthiah
 
System design uml
System design umlSystem design uml
System design uml
keerthisudha
 
Compiler design
Compiler designCompiler design
Compiler design
Shashwat Shriparv
 
Stack & heap
Stack & heap Stack & heap
Stack & heap
Shajahan T S Shah
 
Presentation Virus (salami attack and trojan horse)
Presentation Virus (salami attack and trojan horse)Presentation Virus (salami attack and trojan horse)
Presentation Virus (salami attack and trojan horse)
siti zulaikha
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
tejaspaliya
 

Recomendados

The Casting Demonstrator. Using the Raspberry Pi for graphics and simulated f...
The Casting Demonstrator. Using the Raspberry Pi for graphics and simulated f...The Casting Demonstrator. Using the Raspberry Pi for graphics and simulated f...
The Casting Demonstrator. Using the Raspberry Pi for graphics and simulated f...
InfinIT - Innovationsnetværket for it
 
0.5mln packets per second with Erlang
0.5mln packets per second with Erlang0.5mln packets per second with Erlang
0.5mln packets per second with Erlang
Maxim Kharchenko
 
Memory reference
Memory referenceMemory reference
Memory reference
rajshreemuthiah
 
System design uml
System design umlSystem design uml
System design uml
keerthisudha
 
Compiler design
Compiler designCompiler design
Compiler design
Shashwat Shriparv
 
Stack & heap
Stack & heap Stack & heap
Stack & heap
Shajahan T S Shah
 
Presentation Virus (salami attack and trojan horse)
Presentation Virus (salami attack and trojan horse)Presentation Virus (salami attack and trojan horse)
Presentation Virus (salami attack and trojan horse)
siti zulaikha
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
tejaspaliya
 
Virus
VirusVirus
Virus
Mukul Kumar
 
Virus (Trojan Horse and Salami Attack)
Virus (Trojan Horse and Salami Attack)Virus (Trojan Horse and Salami Attack)
Virus (Trojan Horse and Salami Attack)
Abdulkarim Zakaria
 
An Introduction of SQL Injection, Buffer Overflow & Wireless Attack
An Introduction of SQL Injection, Buffer Overflow & Wireless AttackAn Introduction of SQL Injection, Buffer Overflow & Wireless Attack
An Introduction of SQL Injection, Buffer Overflow & Wireless Attack
TechSecIT
 
Buffer overflow
Buffer overflowBuffer overflow
Buffer overflow
Evgeni Tsonev
 
Window architecture
Window architecture Window architecture
Window architecture
IGZ Software house
 
Trojan Horse Presentation
Trojan Horse PresentationTrojan Horse Presentation
Trojan Horse Presentation
ikmal91
 
Buffer Overflow - Smashing the Stack
Buffer Overflow - Smashing the StackBuffer Overflow - Smashing the Stack
Buffer Overflow - Smashing the Stack
ironSource
 
Buffer overflow – Smashing The Stack
Buffer overflow – Smashing The StackBuffer overflow – Smashing The Stack
Buffer overflow – Smashing The Stack
Tomer Zait
 
Offensive cyber security: Smashing the stack with Python
Offensive cyber security: Smashing the stack with PythonOffensive cyber security: Smashing the stack with Python
Offensive cyber security: Smashing the stack with Python
Malachi Jones
 
Linux Networking Commands
Linux Networking CommandsLinux Networking Commands
Linux Networking Commands
tmavroidis
 
Code Red Security
Code Red SecurityCode Red Security
Code Red Security
Amr Ali
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacks
Kapil Nagrale
 
Dc 12 Chiueh
Dc 12 ChiuehDc 12 Chiueh
Dc 12 Chiueh
wollard
 
Reversing malware analysis training part4 assembly programming basics
Reversing malware analysis training part4 assembly programming basicsReversing malware analysis training part4 assembly programming basics
Reversing malware analysis training part4 assembly programming basics
Cysinfo Cyber Security Community
 
The Best Programming Practice for Cell/B.E.
The Best Programming Practice for Cell/B.E.The Best Programming Practice for Cell/B.E.
The Best Programming Practice for Cell/B.E.
Slide_N
 
Software Security
Software SecuritySoftware Security
Software Security
Roman Oliynykov
 
Chapter Seven(1)
Chapter Seven(1)Chapter Seven(1)
Chapter Seven(1)
bolovv
 
Buffer Overflow Demo by Saurabh Sharma
Buffer Overflow Demo by Saurabh SharmaBuffer Overflow Demo by Saurabh Sharma
Buffer Overflow Demo by Saurabh Sharma
n|u - The Open Security Community
 
Reversing & malware analysis training part 4 assembly programming basics
Reversing & malware analysis training part 4 assembly programming basics Reversing & malware analysis training part 4 assembly programming basics
Reversing & malware analysis training part 4 assembly programming basics
Abdulrahman Bassam
 
BioMake BOSC 2004
BioMake BOSC 2004BioMake BOSC 2004
BioMake BOSC 2004
Chris Mungall
 
Smash the Stack: Writing a Buffer Overflow Exploit (Win32)
Smash the Stack: Writing a Buffer Overflow Exploit (Win32)Smash the Stack: Writing a Buffer Overflow Exploit (Win32)
Smash the Stack: Writing a Buffer Overflow Exploit (Win32)
Elvin Gentiles
 
Shellcode injection
Shellcode injectionShellcode injection
Shellcode injection
Dhaval Kapil
 

Más contenido relacionado

Destacado

Trojan Horse Presentation
Trojan Horse PresentationTrojan Horse Presentation
Trojan Horse Presentation
ikmal91
 

Destacado (6)

Virus
VirusVirus
Virus
 
Virus (Trojan Horse and Salami Attack)
Virus (Trojan Horse and Salami Attack)Virus (Trojan Horse and Salami Attack)
Virus (Trojan Horse and Salami Attack)
 
An Introduction of SQL Injection, Buffer Overflow & Wireless Attack
An Introduction of SQL Injection, Buffer Overflow & Wireless AttackAn Introduction of SQL Injection, Buffer Overflow & Wireless Attack
An Introduction of SQL Injection, Buffer Overflow & Wireless Attack
 
Buffer overflow
Buffer overflowBuffer overflow
Buffer overflow
 
Window architecture
Window architecture Window architecture
Window architecture
 
Trojan Horse Presentation
Trojan Horse PresentationTrojan Horse Presentation
Trojan Horse Presentation
 

Similar a Buffer Overflow by SecArmour

Offensive cyber security: Smashing the stack with Python
Offensive cyber security: Smashing the stack with PythonOffensive cyber security: Smashing the stack with Python
Offensive cyber security: Smashing the stack with Python
Malachi Jones
 
Dc 12 Chiueh
Dc 12 ChiuehDc 12 Chiueh
Dc 12 Chiueh
wollard
 
Chapter Seven(1)
Chapter Seven(1)Chapter Seven(1)
Chapter Seven(1)
bolovv
 
Reversing & malware analysis training part 4 assembly programming basics
Reversing & malware analysis training part 4 assembly programming basics Reversing & malware analysis training part 4 assembly programming basics
Reversing & malware analysis training part 4 assembly programming basics
Abdulrahman Bassam
 
Low Level Exploits
Low Level ExploitsLow Level Exploits
Low Level Exploits
hughpearse
 
Exploits
ExploitsExploits
Exploits
Ken Sai
 

Similar a Buffer Overflow by SecArmour (20)

Buffer Overflow - Smashing the Stack
Buffer Overflow - Smashing the StackBuffer Overflow - Smashing the Stack
Buffer Overflow - Smashing the Stack
 
Buffer overflow – Smashing The Stack
Buffer overflow – Smashing The StackBuffer overflow – Smashing The Stack
Buffer overflow – Smashing The Stack
 
Offensive cyber security: Smashing the stack with Python
Offensive cyber security: Smashing the stack with PythonOffensive cyber security: Smashing the stack with Python
Offensive cyber security: Smashing the stack with Python
 
Linux Networking Commands
Linux Networking CommandsLinux Networking Commands
Linux Networking Commands
 
Code Red Security
Code Red SecurityCode Red Security
Code Red Security
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacks
 
Dc 12 Chiueh
Dc 12 ChiuehDc 12 Chiueh
Dc 12 Chiueh
 
Reversing malware analysis training part4 assembly programming basics
Reversing malware analysis training part4 assembly programming basicsReversing malware analysis training part4 assembly programming basics
Reversing malware analysis training part4 assembly programming basics
 
The Best Programming Practice for Cell/B.E.
The Best Programming Practice for Cell/B.E.The Best Programming Practice for Cell/B.E.
The Best Programming Practice for Cell/B.E.
 
Software Security
Software SecuritySoftware Security
Software Security
 
Chapter Seven(1)
Chapter Seven(1)Chapter Seven(1)
Chapter Seven(1)
 
Buffer Overflow Demo by Saurabh Sharma
Buffer Overflow Demo by Saurabh SharmaBuffer Overflow Demo by Saurabh Sharma
Buffer Overflow Demo by Saurabh Sharma
 
Reversing & malware analysis training part 4 assembly programming basics
Reversing & malware analysis training part 4 assembly programming basics Reversing & malware analysis training part 4 assembly programming basics
Reversing & malware analysis training part 4 assembly programming basics
 
BioMake BOSC 2004
BioMake BOSC 2004BioMake BOSC 2004
BioMake BOSC 2004
 
Smash the Stack: Writing a Buffer Overflow Exploit (Win32)
Smash the Stack: Writing a Buffer Overflow Exploit (Win32)Smash the Stack: Writing a Buffer Overflow Exploit (Win32)
Smash the Stack: Writing a Buffer Overflow Exploit (Win32)
 
Shellcode injection
Shellcode injectionShellcode injection
Shellcode injection
 
Low Level Exploits
Low Level ExploitsLow Level Exploits
Low Level Exploits
 
Exploits
ExploitsExploits
Exploits
 
Buffer overflow attack
Buffer overflow attackBuffer overflow attack
Buffer overflow attack
 
Local Exploits
Local ExploitsLocal Exploits
Local Exploits
 

Último

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 

Último (20)

Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 

Buffer Overflow by SecArmour

  • 2.
  • 3. Buffer Overflow  Technique to force execution of malicious code with unauthorized privileges – launch a command shell – search local disk or network for sensitive data – register with command and control network as a zombie  Can be applied both locally and remotely  Attack technique is independent of machine  architecture and operating system  Can be tricky to execute, but extremely effective
  • 4. Layout Of Stack  Grows from high-end address to low-end address (buffer grows from low-end address to high-end address);  Return Address- When a function returns, the instructions pointed by it will be executed;  Stack Frame pointer(esp)- is used to reference to local variables and function parameters.
  • 5. Layout of the Virtual Space of a Process The layout of the virtual space of a process in Linux
  • 6. Example low-end address esp int cal(int a, int b) { int c; c = a + b; return c; } int main () { int d; d = cal(1, 2); printf("%dn", d); return; } c ebp previous ebp retaddr(0x0804822) a(1) b(2) Stack high-end address
  • 7.
  • 8.
  • 9.
  • 10. Shell code  Shellcode is defined as a set of instructions which is injected and then is executed by an exploited program;  Shellcode is used to directly manipulate registers and the function of a program;  Most of shellcodes use system call to do malicious behaviors;  System calls is a set of functions which allow you to access operating system-specific functions such as getting input, producing output, exiting a process;
  • 11.
  • 12.
  • 13. How to prevent stack buffer overflow?  Stack Guard  In a stack , a canary word is placed after return address whenever a function is called;  The canary will be checked before the function returns. If value of canary is changed , then it indicates an malicious behavior. Local Variables Lower address Old Base Pointer Canary Value ReturnAddres Arguments Higher address Unix Stack Frame
  • 14. Cont.  Non-Executable stack;  Return-to-libc exploitation might occur  Randomization.