Security Flaws 2 Ian Kayne

Slides:



Advertisements
Similar presentations
Smashing the Stack for Fun and Profit
Advertisements

Secure In-VM Monitoring Using Hardware Virtualization Monirul Sharif, Wenke Lee, Weidong Cui, and Andrea Lanzi Presented by Tyler Bletsch.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 10: Buffer Overflow.
RIVERSIDE RESEARCH INSTITUTE Helikaon Linux Debugger: A Stealthy Custom Debugger For Linux Jason Raber, Team Lead - Reverse Engineer.
Countermeasures 0x610~0x Seokmyung Hong.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Disclaimer The Content, Demonstration, Source Code and Programs presented here is "AS IS" without any warranty or conditions.
1 CHAPTER 8 BUFFER OVERFLOW. 2 Introduction One of the more advanced attack techniques is the buffer overflow attack Buffer Overflows occurs when software.
Securing Software Systems Gaurav S. Kc Programming Systems Lab 9 th April, 2003.
Buffer Overflows Ian Kayne For School of Computer Science, University of Birmingham 16 th February 2009.
Reverse Engineering Ian Kayne For School of Computer Science, University of Birmingham 2 nd February 2009.
OllyDbg Debuger.
SRE  Introduction 1 Software Reverse Engineering (SRE)
DIGITAL RIGHT MANAGEMENT Bùi Thành Đ ạ t Nguy ễ n Hoàng Nh ậ t Đông Nguy ễ n Duy C ườ ng
Code Injection and Software Cracking’s Effect on Network Security Group 5 Jason Fritts Utsav Kanani Zener Bayudan ECE 4112 Fall 2007.
Thomas Levy. Agenda 1.Aims: CIAN 2.Common Business Attacks 3.Information Security & Risk Management 4.Access Control 5.Cryptography 6.Physical Security.
Trying to like a boss… REVERSE ENGINEERING. WHAT EVEN IS… REVERSE ENGINEERING?? Reverse engineering is the process of disassembling and analyzing a particular.
An anti-hacking guide.  Hackers are kindred of expert programmers who believe in freedom and spirit of mutual help. They are not malicious. They may.
Application Security Tom Chothia Computer Security, Lecture 14.
Practical Malware Analysis Ch 8: Debugging Rev
Introduction to InfoSec – Recitation 2 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
 Prototype for Course on Web Security ETEC 550.  Huge topic covering both system/network architecture and programming techniques.  Identified lack.
BLENDED ATTACKS EXPLOITS, VULNERABILITIES AND BUFFER-OVERFLOW TECHNIQUES IN COMPUTER VIRUSES By: Eric Chien and Peter Szor Presented by: Jesus Morales.
ZONG Wen Department of Computer Science and Engineering The Chinese University of Hong Kong
Windows PE files Infections and Heuristic Detection Nicolas BRULEZ / Digital River PACSEC '04.
Binary Auditing Geller Bedoya Michael Wozniak. Background  Binary auditing is a technique used to test the security and discover the inner workings of.
EECS 354 Network Security Reverse Engineering. Introduction Preventing Reverse Engineering Reversing High Level Languages Reversing an ELF Executable.
Automatic Diagnosis and Response to Memory Corruption Vulnerabilities Presenter: Jianyong Dai Jun Xu, Peng Ning, Chongkyung Kil, Yan Zhai, Chris Bookhot.
Introduction to InfoSec – Recitation 2 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
Buffer Overflow Proofing of Code Binaries By Ramya Reguramalingam Graduate Student, Computer Science Advisor: Dr. Gopal Gupta.
Reverse Engineering with Hardware Debuggers
Disclaimer The Content, Demonstration, Source Code and Programs presented here is "AS IS" without any warranty or conditions.
Group 9. Exploiting Software The exploitation of software is one of the main ways that a users computer can be broken into. It involves exploiting the.
Lecture 10 Anti-debugger techniques. Anti-debuggers Making reverse-engineering and disassembly painful –Polymorphism –Encryption –Interrupt disabling.
Week-14 (Lecture-1) Malicious software and antivirus: 1. Malware A user can be tricked or forced into downloading malware comes in many forms, Ex. viruses,
Reverse Engineering Contemporary Countermeasures By: Joshua Schwartz.
Polymorphic Virus Analysis Nicolas BRULEZ Senior Virus Researcher Websense Security Labs IMPROVISED TALK MMMKAY?!
Security Protecting information data confidentiality
Exploiting & Defense Day 1 Recap
Shellcode COSC 480 Presentation Alison Buben.
An introduction to Reverse engineering, the tools and assembly
Protecting Memory What is there to protect in memory?
Live Phishing Attack Authentication Activity from a Foreign Address.
Microprocessor Systems Design I
Protecting Memory What is there to protect in memory?
Protecting Memory What is there to protect in memory?
Lesson Objectives Aims You should be able to:
Assembly Language Programming Part 3
A Security Review Process for Existing Software Applications
CSC 495/583 Topics of Software Security Stack Overflows (2)
Malware Incident Response  Dynamic Analysis - 2
Black Box Debugging of Embedded Systems
CMSC 414 Computer and Network Security Lecture 21
Introduction to Operating Systems
Assembly Language Programming I: Introduction
Lecture 9: Buffer Overflow*
Smashing the Stack for Fun and Profit
Risk Management CSCE 489/689 (Software Security) Fall 2018
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2015.
The future of Software Security Dr. Si Chen
Explaining issues with DCremoval( )
Security Principles Ian Kayne
Contact Information Office: 225 Neville Hall Office Hours: Monday and Wednesday 12:00-1:00 and by appointment. Phone:
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2016.
Preventing Privilege Escalation
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2013.
System and Cyber Security
FIGURE Illustration of Stack Buffer Overflow
Outline Introduction Memory protection Buffer overflows
Return-to-libc Attacks
Presentation transcript:

Security Flaws 2 Ian Kayne For School of Computer Science, University of Birmingham 13th November 2007

Approach Why are the principles important? Expect unique systems & software No courses on “Widgets v1.0 security” Expect unusual problems Expect unusual solutions Expect issues outside your comfort zone 2/28/2019

Approach Your mission, should you choose to accept it… 95% of the time it’s (relatively) easy Most attackers go for easy score Losing sleep over “script kiddies”? Something’s gone wrong. The other 5% is hard It’s also the 5% that matters Jack of all trades and master of some Learn the principles, investigate the rest 2/28/2019

Recap Buffer Overflows Executable stack Unchecked buffer input Shellcode into buffer Overwrite return address 2/28/2019

Buffer Overflow Jump using register Any register can point at the start of the buffer Inject shellcode to buffer as normal Overwrite return address with address of instructions that jump using the register Near-guaranteed success! data data s h e l l c o d e return address test ecx, ecx jmp eax push 12345678 EAX 2/28/2019

Prevention Non-executable stack (“NX bit”) Address randomisation Canary bytes data data return address 2/28/2019

Review Next topic is complex! Builds on previous principles Questions? Comments? Review Items? 2/28/2019

RCE Reverse (Code) Engineering – “reversing” What is it? Why is it done? Malware research & defence System interoperability requirements Review and audit of software/security system Why is it useful to security specialists? “Learn the principles” 2/28/2019

RCE Required knowledge/skills (x86) Platform knowledge – stack, registers etc “Some” assembly language C/C++ & as many other languages as possible Operating system (Windows) mechanisms win32api Toolset (debugger, disasm, hex editor…) Mindset (patterns, logic) 2/28/2019

RCE Imagine a strong protection mechanism Username License key Complex validation system Crippled shareware-style functionality 2/28/2019

RCE Reversing demonstration 2/28/2019

RCE After the demonstration, recap: 1 byte patch Analysed executable Set breakpoints on likely API calls Traced up the call stack Analysed the code Found the good boy/bad boy “switch” Patched the jump “live” to test Converted RVA to file offset, patched file 1 byte patch 2/28/2019

Protection Imagine a strong protection mechanism again License key system CRC Anti-debugging techniques Encryption 2/28/2019

Protection Encryption for software protection Symmetric encryption Asymmetric encryption Fancy a wager? 2/28/2019

Protection Encryption for protection Data must be decrypted before use Code must be decrypted before execution UPX (packer), Armadillo, Themida… Can be made very hard, but not impossible Remember the jump loop – EB FE Generics – break one, break all Homebrew is risky – “learn the principles” 2/28/2019

Protection Some obfuscation techniques: Encode obvious “beacon” strings Avoid win32api/library functions: bpx MessageboxA Use alternative functions/mechanisms E.g.: SetWindowPos instead of ShowWindow Roll your own api/GUI functions Can’t break on GetWindowText if you don’t use it! Hide code within the executable Self modifying code, PE sections etc 2/28/2019

Protection Some anti-debugger techniques Deliberate exceptions (code in SEH) Self-debugging (can’t “stack” debuggers) Timers and counters Alter DR0 – DR7 hardware debug registers IsDebuggerPresent() Check for/attack known debugger processes, windows, services, drivers… (Starforce) http://www.securityfocus.com/infocus/1893 2/28/2019

RCE Why are these low-level technical techniques important? “Learn the principles” Your first job: consultant to betting company about to release online gambling game The basics: Internet security Server security Data security But… what about the end-user software? 2/28/2019

Opinions Morality, legality, viability of protection Invasive protection: Starforce, SecuROM SonyBMG – Celine Dion, Neil Diamond… Anti-piracy measures protect content creators’ rights and revenues. –or– Anti-piracy measures are ineffective, alienate customers & create legal issues. 2/28/2019

Review Thank you! Questions Comments Items to review Further study 2/28/2019

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.