SlideShare una empresa de Scribd logo

Buffer overflow attacks

Descargar como PPTX, PDF
Joe McCarthy
Joe McCarthy

Stack-based and heap-based buffer overflow attacks, based on Counter Hack Reloaded (by Skoudis & Liston), & other sources.

Tecnología
1 de 36
Network Security:Buffer Overflow Attacks Joe McCarthy
Today’s Agenda What is Network Security? Why should you care? What is a network security attack? What is a buffer overflow attack? Where can you learn more? All in 30 minutes …
What is Network Security? Computer Security The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications) February 2004 http://csrc.nist.gov/publications/fips/fips199/FIPS-PUB-199-final.pdf Network Security Essentials, 4/E William Stallings Prentice Hall, 2011
Why study Network Security? Multi-disciplinary Computer science, mathematics, psychology, sociology, politics, ethics, economics, forensics, … New way of thinking: security mind set Preventing undesirable behavior vs. enabling desirable behavior Personal relevance Keeping your personal data & devices safe Professional relevance
TCSS 431: Network Security Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, 2/E Ed Skoudis Tom Liston Prentice Hall, 2006 Network Security:Private Communication in a Public World, 2/E Charlie Kaufman Radia Perlman Mike Speciner Prentice Hall, 2002
Today’s Agenda 1. Introduction   2. Networking Overview   3. Linux and UNIX Overview   4. Windows NT/000/XP/00 Overview   5. Phase 1: Reconnaissance   6. Phase 2: Scanning   7. Phase 3: Gaining Access Using Application & OS Attacks     Script Kiddie Exploit Trolling     Pragmatism for More Sophisticated Attackers      Buffer Overflow Exploits      Password Attacks      Web Application Attacks      Exploiting Browser Flaws   8. Phase 4: Gaining Access Using Network Attacks   9. Phase 4: Denial-of-Service Attacks 10. Phase 4: Maintaining Access: Trojans, Backdoors& Rootkits 11. Phase 5: Covering Tracks & Hiding 12. Putting It All Together: Anatomy of an Attack 13. The Future, References & Conclusions Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, 2/E Skoudis & Liston Prentice Hall, 2006
Anatomy of an Attack Reconnaissance “casing the joint” Discovery of physical & online sensitive information Names, contact info (phone, email), IP addresses Social engineering, dumpster diving, Google Scanning “trying doorknobs & windows” Search for openings, network topology, OS type(s) Wireless access points, TCP ports, routers, gateways Inventory of target system & possible vulnerabilities Gaining access “breaking in” Application & OS attacks (Chapter 7) Stack-based & Heap-based Buffer Overflow Attacks
Brief review of Main Memory Data Data Heap Stack Code Stack Heap Code user view of memory logical memory space ,[object Object]
A program is a collection of segments such as:
main program,
procedure,
function,
global variables,
common block,
stack,
symbol tablehttp://courses.washington.edu/css430/ppt/Memory.ppt
Stack-based Buffer Overflow Attacks
Stack-based Buffer Overflow Attacks
Stack-based Buffer Overflow Attacks
Stack-based Buffer Overflow Attacks
Stack-based Buffer Overflow Attacks
C library functions considered harmful
C library functions considered harmful Frank Rubin. (March 1987) Communications of the ACM 30 (3): 195–196. Donald Moore, Chuck Musciano, Michael J. Liebhaber, Steven F. Lott and Lee Starr. (May 1987) Communications of the ACM 30 (5): 351–355. http://en.wikipedia.org/wiki/Considered_harmful
Finding stack-based buffer overflow vulnerabilities Examine source code (if available) Use debugger on executableto find exploitable library Apply brute force Inundate application with input data Examine stack traces after crashes But what would you input … & what would you look for?
Sample program #include <stdio.h> void f() { char s[9]; printf( "_________12345678901234567890" ); printf( "Enter s: " ); gets( s ); printf( "You entered: %s", s ); return; } main() { f(); }
Running the program
Running the program
Running the program
Running the program
Running the program 0x49 = “I”, 0x48 = “H”, 0x47 = “G”, 0x46 = “F”
Running the program 0x49 = “I”, 0x48 = “H”, 0x47 = “G”, 0x46 = “F”
Strategy & Structure of a “Sploit” “Fuzzing” Repeated input patterns AAAA… (“A” = 0x41) ABCDEFG… DEF1, DEF2, DEF3, … NOP (No Operation) 0x90 on x86 Also: Add 0 Multiply by 1 Jump to next instruction … NOP sled
Heap-based Buffer Overflow Attacks
Heap-based Buffer Overflow Attacks
Script Kiddies & Exploit Collections Attacks (exploits) are widely available French Security Response Team (FrSIRT) http://www.vupen.com/english/ “Only available to trusted organizations” Packet Storm Security http://packetstormsecurity.org/ Security Focus Bugtraq Archives http://www.securityfocus.com/bid Metasploit Project http://www.metasploit.com Little or no knowledge required

Recomendados

DDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin BishtDDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin BishtNitin Bisht
 
Buffer overflow
Buffer overflowBuffer overflow
Buffer overflowقصي نسور
 
Buffer overflow explained
Buffer overflow explainedBuffer overflow explained
Buffer overflow explainedTeja Babu
 
Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Amit Tyagi
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacksKapil Nagrale
 
CNIT 127 Ch 5: Introduction to heap overflows
CNIT 127 Ch 5: Introduction to heap overflowsCNIT 127 Ch 5: Introduction to heap overflows
CNIT 127 Ch 5: Introduction to heap overflowsSam Bowne
 
6 buffer overflows
6 buffer overflows6 buffer overflows
6 buffer overflowsdrewz lin
 
Computer Worms
Computer WormsComputer Worms
Computer Wormssadique_ghitm
 

Recomendados

DDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin BishtDDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin BishtNitin Bisht
 
Buffer overflow
Buffer overflowBuffer overflow
Buffer overflowقصي نسور
 
Buffer overflow explained
Buffer overflow explainedBuffer overflow explained
Buffer overflow explainedTeja Babu
 
Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Amit Tyagi
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacksKapil Nagrale
 
CNIT 127 Ch 5: Introduction to heap overflows
CNIT 127 Ch 5: Introduction to heap overflowsCNIT 127 Ch 5: Introduction to heap overflows
CNIT 127 Ch 5: Introduction to heap overflowsSam Bowne
 
6 buffer overflows
6 buffer overflows6 buffer overflows
6 buffer overflowsdrewz lin
 
Computer Worms
Computer WormsComputer Worms
Computer Wormssadique_ghitm
 
System calls
System callsSystem calls
System callsBernard Senam
 
DoS or DDoS attack
DoS or DDoS attackDoS or DDoS attack
DoS or DDoS attackstollen_fusion
 
File inclusion
File inclusionFile inclusion
File inclusionAaftabKhan14
 
Memory management
Memory managementMemory management
Memory managementRajni Sirohi
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONAnoop T
 
Malicious
MaliciousMalicious
MaliciousKhyati Rajput
 
Applet Architecture - Introducing Java Applets
Applet Architecture - Introducing Java AppletsApplet Architecture - Introducing Java Applets
Applet Architecture - Introducing Java Appletsamitksaha
 
Reverse engineering malware
Reverse engineering malwareReverse engineering malware
Reverse engineering malwareCysinfo Cyber Security Community
 
OS Database Security Chapter 6
OS Database Security Chapter 6OS Database Security Chapter 6
OS Database Security Chapter 6AfiqEfendy Zaen
 
Denial of service
Denial of serviceDenial of service
Denial of servicegarishma bhatia
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attackRajKumar Rampelli
 
Chapter 2 program-security
Chapter 2 program-securityChapter 2 program-security
Chapter 2 program-securityVamsee Krishna Kiran
 
Malicious software and software security
Malicious software and software securityMalicious software and software security
Malicious software and software securityG Prachi
 
Command injection
Command injectionCommand injection
Command injectionpenetration Tester
 
Phishing ppt
Phishing pptPhishing ppt
Phishing pptshindept123
 
Program security
Program securityProgram security
Program securityG Prachi
 
Software security
Software securitySoftware security
Software securityRoman Oliynykov
 
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...Sam Bowne
 
Xss attack
Xss attackXss attack
Xss attackManjushree Mashal
 
Sql injection in cybersecurity
Sql injection in cybersecuritySql injection in cybersecurity
Sql injection in cybersecuritySanad Bhowmik
 
Trends in network security feinstein - informatica64
Trends in network security feinstein - informatica64Trends in network security feinstein - informatica64
Trends in network security feinstein - informatica64Chema Alonso
 
Modern malware and threats
Modern malware and threatsModern malware and threats
Modern malware and threatsMartin Holovský
 

Más contenido relacionado

La actualidad más candente

SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONAnoop T
 
Applet Architecture - Introducing Java Applets
Applet Architecture - Introducing Java AppletsApplet Architecture - Introducing Java Applets
Applet Architecture - Introducing Java Appletsamitksaha
 
OS Database Security Chapter 6
OS Database Security Chapter 6OS Database Security Chapter 6
OS Database Security Chapter 6AfiqEfendy Zaen
 
Malicious software and software security
Malicious software and software securityMalicious software and software security
Malicious software and software securityG Prachi
 
Program security
Program securityProgram security
Program securityG Prachi
 
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...Sam Bowne
 
Sql injection in cybersecurity
Sql injection in cybersecuritySql injection in cybersecurity
Sql injection in cybersecuritySanad Bhowmik
 

La actualidad más candente (20)

System calls
System callsSystem calls
System calls
 
DoS or DDoS attack
DoS or DDoS attackDoS or DDoS attack
DoS or DDoS attack
 
File inclusion
File inclusionFile inclusion
File inclusion
 
Memory management
Memory managementMemory management
Memory management
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
 
Malicious
MaliciousMalicious
Malicious
 
Applet Architecture - Introducing Java Applets
Applet Architecture - Introducing Java AppletsApplet Architecture - Introducing Java Applets
Applet Architecture - Introducing Java Applets
 
Reverse engineering malware
Reverse engineering malwareReverse engineering malware
Reverse engineering malware
 
OS Database Security Chapter 6
OS Database Security Chapter 6OS Database Security Chapter 6
OS Database Security Chapter 6
 
Denial of service
Denial of serviceDenial of service
Denial of service
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attack
 
Chapter 2 program-security
Chapter 2 program-securityChapter 2 program-security
Chapter 2 program-security
 
Malicious software and software security
Malicious software and software securityMalicious software and software security
Malicious software and software security
 
Command injection
Command injectionCommand injection
Command injection
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
 
Program security
Program securityProgram security
Program security
 
Software security
Software securitySoftware security
Software security
 
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
 
Xss attack
Xss attackXss attack
Xss attack
 
Sql injection in cybersecurity
Sql injection in cybersecuritySql injection in cybersecurity
Sql injection in cybersecurity
 

Similar a Buffer overflow attacks

Trends in network security feinstein - informatica64
Trends in network security feinstein - informatica64Trends in network security feinstein - informatica64
Trends in network security feinstein - informatica64Chema Alonso
 
Modern malware and threats
Modern malware and threatsModern malware and threats
Modern malware and threatsMartin Holovský
 
20101017 program analysis_for_security_livshits_lecture03_security
20101017 program analysis_for_security_livshits_lecture03_security20101017 program analysis_for_security_livshits_lecture03_security
20101017 program analysis_for_security_livshits_lecture03_securityComputer Science Club
 
01-intro-thompson.ppt
01-intro-thompson.ppt01-intro-thompson.ppt
01-intro-thompson.pptSadiaMuqaddas
 
Computer and Network Security
Computer and Network SecurityComputer and Network Security
Computer and Network SecurityAsif Raza
 
01-intro-thompson.ppt
01-intro-thompson.ppt01-intro-thompson.ppt
01-intro-thompson.pptROHITCHHOKER3
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network SecurityHarish Chaudhary
 
LIS3353 SP12 Week 9
LIS3353 SP12 Week 9LIS3353 SP12 Week 9
LIS3353 SP12 Week 9Amanda Case
 
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)INSIGHT FORENSIC
 
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)INSIGHT FORENSIC
 
Cyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTCyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTSimone Onofri
 
The Comprehensive Security Policy In The Trojan War
The Comprehensive Security Policy In The Trojan WarThe Comprehensive Security Policy In The Trojan War
The Comprehensive Security Policy In The Trojan WarMandy Cross
 
Thinking Differently About Security Protection and Prevention
Thinking Differently About Security Protection and PreventionThinking Differently About Security Protection and Prevention
Thinking Differently About Security Protection and PreventionDavid Perkins
 
Reverse Engineering 101
Reverse Engineering 101Reverse Engineering 101
Reverse Engineering 101ysurer
 
AI for Cybersecurity Innovation
AI for Cybersecurity InnovationAI for Cybersecurity Innovation
AI for Cybersecurity InnovationPete Burnap
 
The Lazy Attacker: Defending Against Broad-based Cyber Attacks
The Lazy Attacker: Defending Against Broad-based Cyber AttacksThe Lazy Attacker: Defending Against Broad-based Cyber Attacks
The Lazy Attacker: Defending Against Broad-based Cyber AttacksAlienVault
 

Similar a Buffer overflow attacks (20)

Trends in network security feinstein - informatica64
Trends in network security feinstein - informatica64Trends in network security feinstein - informatica64
Trends in network security feinstein - informatica64
 
Modern malware and threats
Modern malware and threatsModern malware and threats
Modern malware and threats
 
20101017 program analysis_for_security_livshits_lecture03_security
20101017 program analysis_for_security_livshits_lecture03_security20101017 program analysis_for_security_livshits_lecture03_security
20101017 program analysis_for_security_livshits_lecture03_security
 
Super1
Super1Super1
Super1
 
01-intro-thompson.ppt
01-intro-thompson.ppt01-intro-thompson.ppt
01-intro-thompson.ppt
 
Computer and Network Security
Computer and Network SecurityComputer and Network Security
Computer and Network Security
 
01-intro-thompson.ppt
01-intro-thompson.ppt01-intro-thompson.ppt
01-intro-thompson.ppt
 
01-intro-thompson.ppt
01-intro-thompson.ppt01-intro-thompson.ppt
01-intro-thompson.ppt
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security
 
LIS3353 SP12 Week 9
LIS3353 SP12 Week 9LIS3353 SP12 Week 9
LIS3353 SP12 Week 9
 
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
 
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
 
Cyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTCyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APT
 
The Comprehensive Security Policy In The Trojan War
The Comprehensive Security Policy In The Trojan WarThe Comprehensive Security Policy In The Trojan War
The Comprehensive Security Policy In The Trojan War
 
APT - Project
APT - Project APT - Project
APT - Project
 
Buffer Overflows
Buffer OverflowsBuffer Overflows
Buffer Overflows
 
Thinking Differently About Security Protection and Prevention
Thinking Differently About Security Protection and PreventionThinking Differently About Security Protection and Prevention
Thinking Differently About Security Protection and Prevention
 
Reverse Engineering 101
Reverse Engineering 101Reverse Engineering 101
Reverse Engineering 101
 
AI for Cybersecurity Innovation
AI for Cybersecurity InnovationAI for Cybersecurity Innovation
AI for Cybersecurity Innovation
 
The Lazy Attacker: Defending Against Broad-based Cyber Attacks
The Lazy Attacker: Defending Against Broad-based Cyber AttacksThe Lazy Attacker: Defending Against Broad-based Cyber Attacks
The Lazy Attacker: Defending Against Broad-based Cyber Attacks
 

Más de Joe McCarthy

Situated Social Computing 20110622
Situated Social Computing 20110622Situated Social Computing 20110622
Situated Social Computing 20110622Joe McCarthy
 
Alone Together: Human-Robot Interaction
Alone Together: Human-Robot InteractionAlone Together: Human-Robot Interaction
Alone Together: Human-Robot InteractionJoe McCarthy
 
02 introduction to network security
02 introduction to network security02 introduction to network security
02 introduction to network securityJoe McCarthy
 
Toward Hybrid Computing
Toward Hybrid ComputingToward Hybrid Computing
Toward Hybrid ComputingJoe McCarthy
 
Technology Education in an Urban Metropolitan University
Technology Education in an Urban Metropolitan UniversityTechnology Education in an Urban Metropolitan University
Technology Education in an Urban Metropolitan UniversityJoe McCarthy
 
Hybrid Design Practices - Technology in Downtown Disney
Hybrid Design Practices - Technology in Downtown DisneyHybrid Design Practices - Technology in Downtown Disney
Hybrid Design Practices - Technology in Downtown DisneyJoe McCarthy
 
UbiComp 2009 Town Hall
UbiComp 2009 Town HallUbiComp 2009 Town Hall
UbiComp 2009 Town HallJoe McCarthy
 
Ubicomp2009 Opening Remarks
Ubicomp2009 Opening RemarksUbicomp2009 Opening Remarks
Ubicomp2009 Opening RemarksJoe McCarthy
 
Situated Community Technology C&T 2009
Situated Community Technology C&T 2009Situated Community Technology C&T 2009
Situated Community Technology C&T 2009Joe McCarthy
 
CoCollage Digital Cities 6
CoCollage Digital Cities 6CoCollage Digital Cities 6
CoCollage Digital Cities 6Joe McCarthy
 
CoCollage UW iSchool 20090515
CoCollage UW iSchool 20090515CoCollage UW iSchool 20090515
CoCollage UW iSchool 20090515Joe McCarthy
 
CoCollage Overview
CoCollage OverviewCoCollage Overview
CoCollage OverviewJoe McCarthy
 
Proactive Displays CSCW2008
Proactive Displays CSCW2008Proactive Displays CSCW2008
Proactive Displays CSCW2008Joe McCarthy
 
UbiComp 2008 Closing
UbiComp 2008 ClosingUbiComp 2008 Closing
UbiComp 2008 ClosingJoe McCarthy
 
Situated Computing U Korea Forum 20080924 Draft
Situated Computing U Korea Forum 20080924 DraftSituated Computing U Korea Forum 20080924 Draft
Situated Computing U Korea Forum 20080924 DraftJoe McCarthy
 
Ubicomp 2008 Opening
Ubicomp 2008 OpeningUbicomp 2008 Opening
Ubicomp 2008 OpeningJoe McCarthy
 
UbiComp2008 Town Hall
UbiComp2008 Town HallUbiComp2008 Town Hall
UbiComp2008 Town HallJoe McCarthy
 
Proactive Displays, UW DUB group, 16 July 2008
Proactive Displays, UW DUB group, 16 July 2008Proactive Displays, UW DUB group, 16 July 2008
Proactive Displays, UW DUB group, 16 July 2008Joe McCarthy
 
Proactive Displays IIIA 20080627
Proactive Displays IIIA 20080627Proactive Displays IIIA 20080627
Proactive Displays IIIA 20080627Joe McCarthy
 

Más de Joe McCarthy (20)

Situated Social Computing 20110622
Situated Social Computing 20110622Situated Social Computing 20110622
Situated Social Computing 20110622
 
Alone Together: Human-Robot Interaction
Alone Together: Human-Robot InteractionAlone Together: Human-Robot Interaction
Alone Together: Human-Robot Interaction
 
02 introduction to network security
02 introduction to network security02 introduction to network security
02 introduction to network security
 
Toward Hybrid Computing
Toward Hybrid ComputingToward Hybrid Computing
Toward Hybrid Computing
 
Technology Education in an Urban Metropolitan University
Technology Education in an Urban Metropolitan UniversityTechnology Education in an Urban Metropolitan University
Technology Education in an Urban Metropolitan University
 
Hybrid Design Practices - Technology in Downtown Disney
Hybrid Design Practices - Technology in Downtown DisneyHybrid Design Practices - Technology in Downtown Disney
Hybrid Design Practices - Technology in Downtown Disney
 
UbiComp 2009 Town Hall
UbiComp 2009 Town HallUbiComp 2009 Town Hall
UbiComp 2009 Town Hall
 
Ubicomp2009 Opening Remarks
Ubicomp2009 Opening RemarksUbicomp2009 Opening Remarks
Ubicomp2009 Opening Remarks
 
CoCollage C&T2009
CoCollage C&T2009CoCollage C&T2009
CoCollage C&T2009
 
Situated Community Technology C&T 2009
Situated Community Technology C&T 2009Situated Community Technology C&T 2009
Situated Community Technology C&T 2009
 
CoCollage Digital Cities 6
CoCollage Digital Cities 6CoCollage Digital Cities 6
CoCollage Digital Cities 6
 
CoCollage UW iSchool 20090515
CoCollage UW iSchool 20090515CoCollage UW iSchool 20090515
CoCollage UW iSchool 20090515
 
CoCollage Overview
CoCollage OverviewCoCollage Overview
CoCollage Overview
 
Proactive Displays CSCW2008
Proactive Displays CSCW2008Proactive Displays CSCW2008
Proactive Displays CSCW2008
 
UbiComp 2008 Closing
UbiComp 2008 ClosingUbiComp 2008 Closing
UbiComp 2008 Closing
 
Situated Computing U Korea Forum 20080924 Draft
Situated Computing U Korea Forum 20080924 DraftSituated Computing U Korea Forum 20080924 Draft
Situated Computing U Korea Forum 20080924 Draft
 
Ubicomp 2008 Opening
Ubicomp 2008 OpeningUbicomp 2008 Opening
Ubicomp 2008 Opening
 
UbiComp2008 Town Hall
UbiComp2008 Town HallUbiComp2008 Town Hall
UbiComp2008 Town Hall
 
Proactive Displays, UW DUB group, 16 July 2008
Proactive Displays, UW DUB group, 16 July 2008Proactive Displays, UW DUB group, 16 July 2008
Proactive Displays, UW DUB group, 16 July 2008
 
Proactive Displays IIIA 20080627
Proactive Displays IIIA 20080627Proactive Displays IIIA 20080627
Proactive Displays IIIA 20080627
 

Último

Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbuapidays
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 

Último (20)

Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 

Buffer overflow attacks

  • 1. Network Security:Buffer Overflow Attacks Joe McCarthy
  • 2. Today’s Agenda What is Network Security? Why should you care? What is a network security attack? What is a buffer overflow attack? Where can you learn more? All in 30 minutes …
  • 3. What is Network Security? Computer Security The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications) February 2004 http://csrc.nist.gov/publications/fips/fips199/FIPS-PUB-199-final.pdf Network Security Essentials, 4/E William Stallings Prentice Hall, 2011
  • 4. Why study Network Security? Multi-disciplinary Computer science, mathematics, psychology, sociology, politics, ethics, economics, forensics, … New way of thinking: security mind set Preventing undesirable behavior vs. enabling desirable behavior Personal relevance Keeping your personal data & devices safe Professional relevance
  • 5. TCSS 431: Network Security Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, 2/E Ed Skoudis Tom Liston Prentice Hall, 2006 Network Security:Private Communication in a Public World, 2/E Charlie Kaufman Radia Perlman Mike Speciner Prentice Hall, 2002
  • 6. Today’s Agenda 1. Introduction   2. Networking Overview   3. Linux and UNIX Overview   4. Windows NT/000/XP/00 Overview   5. Phase 1: Reconnaissance   6. Phase 2: Scanning   7. Phase 3: Gaining Access Using Application & OS Attacks     Script Kiddie Exploit Trolling     Pragmatism for More Sophisticated Attackers      Buffer Overflow Exploits      Password Attacks      Web Application Attacks      Exploiting Browser Flaws   8. Phase 4: Gaining Access Using Network Attacks   9. Phase 4: Denial-of-Service Attacks 10. Phase 4: Maintaining Access: Trojans, Backdoors& Rootkits 11. Phase 5: Covering Tracks & Hiding 12. Putting It All Together: Anatomy of an Attack 13. The Future, References & Conclusions Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, 2/E Skoudis & Liston Prentice Hall, 2006
  • 7. Anatomy of an Attack Reconnaissance “casing the joint” Discovery of physical & online sensitive information Names, contact info (phone, email), IP addresses Social engineering, dumpster diving, Google Scanning “trying doorknobs & windows” Search for openings, network topology, OS type(s) Wireless access points, TCP ports, routers, gateways Inventory of target system & possible vulnerabilities Gaining access “breaking in” Application & OS attacks (Chapter 7) Stack-based & Heap-based Buffer Overflow Attacks
  • 8.
  • 9.
  • 10. A program is a collection of segments such as:
  • 23. C library functions considered harmful
  • 24. C library functions considered harmful Frank Rubin. (March 1987) Communications of the ACM 30 (3): 195–196. Donald Moore, Chuck Musciano, Michael J. Liebhaber, Steven F. Lott and Lee Starr. (May 1987) Communications of the ACM 30 (5): 351–355. http://en.wikipedia.org/wiki/Considered_harmful
  • 25. Finding stack-based buffer overflow vulnerabilities Examine source code (if available) Use debugger on executableto find exploitable library Apply brute force Inundate application with input data Examine stack traces after crashes But what would you input … & what would you look for?
  • 26. Sample program #include <stdio.h> void f() { char s[9]; printf( "_________12345678901234567890" ); printf( "Enter s: " ); gets( s ); printf( "You entered: %s", s ); return; } main() { f(); }
  • 31. Running the program 0x49 = “I”, 0x48 = “H”, 0x47 = “G”, 0x46 = “F”
  • 32. Running the program 0x49 = “I”, 0x48 = “H”, 0x47 = “G”, 0x46 = “F”
  • 33. Strategy & Structure of a “Sploit” “Fuzzing” Repeated input patterns AAAA… (“A” = 0x41) ABCDEFG… DEF1, DEF2, DEF3, … NOP (No Operation) 0x90 on x86 Also: Add 0 Multiply by 1 Jump to next instruction … NOP sled
  • 36. Script Kiddies & Exploit Collections Attacks (exploits) are widely available French Security Response Team (FrSIRT) http://www.vupen.com/english/ “Only available to trusted organizations” Packet Storm Security http://packetstormsecurity.org/ Security Focus Bugtraq Archives http://www.securityfocus.com/bid Metasploit Project http://www.metasploit.com Little or no knowledge required
  • 38. Sample Payloads Bind shell to current port Bind shell to arbitrary port Reverse shell Windows VNC Server DLL Reverse VNC DLL Inject Inject DLL into running application Create local admin user The Meterpreter (Metasploit Interpreter)
  • 41. Pros & Cons of Exploit Frameworks
  • 42. Pros & Cons of Exploit Frameworks Advantages for Attackers Reduced time Increased quality Advantages for Defenders Increased accuracy of security assessments Vulnerability scans yield many false positives (30-50%) Scan, then sploit to find “real” problems Verify IDS / IPS functionality Malfunctions, misconfiguration, pre-emptive attacks Improving management awareness “Please don’t steal this file!”
  • 43. Defenses against Buffer Overflow Attacks Safer programming StackGuard, Stack Shield Security reviews ITS4 (“It’s the Software, Stupid - Security Scanner”) RATS (Rough Auditing Tool for Security) Flawfinder
  • 44. For more information “Smashing the Stack for Fun and Profit” Aleph One, aleph1@underground.org http://www.phrack.org/issues.html?id=14&issue=49 Common Vulnerabilities & Exposures http://cve.mitre.org/cve/ Total CVEs: 45,149 Stack-based overflow vulnerabilities 1200+: IE, Safari, Firefox, Opera, RealPlayer, QuickTime, WMP, WinAmp, DB2, Excel, Access, Word, PowerPoint, OpenOffice, Eudora, Acrobat, Reader, JDK, JRE, Norton, McAfee, eTrust, RAZR Heap-based overflow vulnerabilities 900+: IE, Opera, Firefox, Thunderbird, Apache, VB, ColdFusion, Skype, PHP, Oracle, PostgreSQL, AIM, Windows Live Messenger, WordPerfect, Outlook Express, PageMaker, PowerPoint, Excel, Netscape, McAfee, DirectX, Shockwave, Subversion, QuickTime, Norton, Sophos, Kaspersky, RSA SecurID, PuTTY, iTunes, RealPlayer, WinAmp, OpenOffice, JRE, Facebook Photo Uploader ActiveX, Blackberry