Reverse Engineering for exploit writers

•

4 recomendaciones•2,268 vistas

amiable_indian

Tecnología Deportes

Nibin Varghese iViZ Security, Kolkata Reverse Engineering for Exploit Writers

Agenda ,[object Object],[object Object],[object Object]

Exploitation Overview ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Reverse Engineering Tools ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

MS08-067 ,[object Object],[object Object],[object Object],[object Object]

Structure of X86 stack frame Stack grows towards lower addresses Local Variables Saved EBP Saved IP Arguments

Classical Overflow Return address overwritten with address of shellcode Local Variables Saved EBP Saved IP Arguments

Reverse engineering the patch ,[object Object]

The Bug ,[object Object],[object Object]

The Bug(contd..) ptr_path computername....AAAAAAAAAAAAAAAAAAAAAAAAA ptr_previous_slash ptr_current_slash ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],..AAAAAAAAAAAAAAAAAAAAAAAAA Lower Address Higher Address

path Return Address of vulnerable_function Saved EBP Netapi32!NetpwPathCanonicalize vulnerable_function( wchar *path ) wcscpy(dst,src) Return Address of wcscpy Saved EBP ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],..AAAAAA ..AAAAAAAAAAA (ptr1 – 1) ptr2 ptr1 ptr_path c.... AAAAAAAAAAA AAAA AAAA AAAA Shell Code

The Bug (contd..) ,[object Object],[object Object],[object Object]

Ready for PoC ,[object Object],[object Object],[object Object],[object Object],[object Object]

Mass Exploitation ,[object Object],[object Object],[object Object],[object Object]

Thank You ,[object Object],[object Object],[object Object]

Más contenido relacionado

Similar a Reverse Engineering for exploit writers

Exploitation Crash CourseUTD Computer Security Group

Apache Spark Structured Streaming + Apache Kafka = ♡Bartosz Konieczny

JavaScript on the GPUJarred Nicholls

Driver Debugging BasicsBala Subra

NOSQL and Cassandrarantav

AvroEric Turcotte

Software SecurityRoman Oliynykov

Riding the Overflow - Then and NowMiroslav Stampar

AllBits presentation - Lower Level SW SecurityAllBits BVBA (freelancer)

Genomic Analysis in ScalaRyan Williams

Search for Vulnerabilities Using Static Code AnalysisAndrey Karpov

Choosing a Templating SystemPerrin Harkins

How to use Parquet as a Sasis for ETL and AnalyticsDataWorks Summit

Buffer OverflowsSumit Kumar

.NET Fest 2018. Maarten Balliauw. Let’s refresh our memory! Memory management...NETFest

Dive into exploit developmentPayampardaz

Self-Aligning Return Address Stack Power PointRisingStar52

Scalable up genomic analysis with ADAMfnothaft

Keeping Spark on Track: Productionizing Spark for ETLDatabricks

Spark r under the hood with Hossein FalakiDatabricks

Similar a Reverse Engineering for exploit writers (20)

Exploitation Crash Course

Apache Spark Structured Streaming + Apache Kafka = ♡

JavaScript on the GPU

Driver Debugging Basics

NOSQL and Cassandra

Avro

Software Security

Riding the Overflow - Then and Now

AllBits presentation - Lower Level SW Security

Genomic Analysis in Scala

Search for Vulnerabilities Using Static Code Analysis

Choosing a Templating System

How to use Parquet as a Sasis for ETL and Analytics

Buffer Overflows

.NET Fest 2018. Maarten Balliauw. Let’s refresh our memory! Memory management...

Dive into exploit development

Self-Aligning Return Address Stack Power Point

Scalable up genomic analysis with ADAM

Keeping Spark on Track: Productionizing Spark for ETL

Spark r under the hood with Hossein Falaki

Más de amiable_indian

Phishing As Tragedy of the Commonsamiable_indian

Cisco IOS Attack & Defense - The State of the Art amiable_indian

Secrets of Top Pentestersamiable_indian

Workshop on Wireless Securityamiable_indian

Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...amiable_indian

Workshop on BackTrack live CDamiable_indian

State of Cyber Law in Indiaamiable_indian

AntiSpam - Understanding the good, the bad and the uglyamiable_indian

Reverse Engineering v/s Secure Codingamiable_indian

Network Vulnerability Assessments: Lessons Learnedamiable_indian

Economic offenses through Credit Card Frauds Dissectedamiable_indian

Immune IT: Moving from Security to Immunityamiable_indian

Reverse Engineering for exploit writersamiable_indian

Hacking Client Side Insecuritiesamiable_indian

Web Exploit Finder Presentationamiable_indian

Network Security Data Visualizationamiable_indian

Enhancing Computer Security via End-to-End Communication Visualization amiable_indian

Top Network Vulnerabilities Over Timeamiable_indian

What are the Business Security Metrics? amiable_indian

No Substitute for Ongoing Data, Quantification, Visualization, and Story-Tellingamiable_indian

Más de amiable_indian (20)

Phishing As Tragedy of the Commons

Cisco IOS Attack & Defense - The State of the Art

Secrets of Top Pentesters

Workshop on Wireless Security

Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...

Workshop on BackTrack live CD

State of Cyber Law in India

AntiSpam - Understanding the good, the bad and the ugly

Reverse Engineering v/s Secure Coding

Network Vulnerability Assessments: Lessons Learned

Economic offenses through Credit Card Frauds Dissected

Immune IT: Moving from Security to Immunity

Reverse Engineering for exploit writers

Hacking Client Side Insecurities

Web Exploit Finder Presentation

Network Security Data Visualization

Enhancing Computer Security via End-to-End Communication Visualization

Top Network Vulnerabilities Over Time

What are the Business Security Metrics?

No Substitute for Ongoing Data, Quantification, Visualization, and Story-Telling

Último

Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3

Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro

Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan

What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett

Advanced Computer Architecture – An IntroductionDilum Bandara

Take control of your SAP testing with UiPath Test SuiteDianaGray10

DevEX - reference for building teams, processes, and platformsSergiu Bodiu

From Family Reminiscence to Scholarly Archive .Alan Dix

Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3

"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays

TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc

The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3

TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey

Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity

How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe

DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell

New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada

Training state-of-the-art general text embeddingZilliz

What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina

Time Series Foundation Models - current state and future directionsNathaniel Shimoni