Presentation is loading. Please wait.

Presentation is loading. Please wait.

Exploiting and Defense

Published byClyde Lester Modified over 7 years ago

Similar presentations

Presentation on theme: "Exploiting and Defense"— Presentation transcript:

1 Exploiting and Defense
Dobin Rutishauser February 2017

2 Intro Who knew about this module?

3 About Me Dobin Rutishauser
Working as Security Compass Security Penetration Tests Webapp Checks Architecture Reviews & lots more Interested in Hacking Security since I was little (1999+)

4 I got a bit overboard when I was little

5 Compass

6 Compass is hiring (always)

7 Vorlesung

8 Vorlesung Websites: https://exploit.courses
Online exploit development website JavaScript Based Uses Hacking-Lab accounts Solve challenges online (or local on your box) Write exploits Debug stuff Half-online challenges website Uses HLCD (Kali-based Linux Distribution) VPN-Based

9 Vorlesung Slack (optional) Und Quizlet (optional): Chat++
Und Quizlet (optional): Quizes

10 Siiiiii abr ähhhhh EBP isch doch 32 bit? Vorlesung Fragen erwünscht
Aufstrecken / schnippen / Reinreden Interkation (wie kurs) Siiiiii abr ähhhhh EBP isch doch 32 bit?

11 Motivation for Exploiting & Defense

12 Looking behind the curtain
Content Looking behind the curtain

13 Motivation For the hacker: For the computer enthusiast:
Develop exploits Debugging of C/C++ code Being 31337 For the computer enthusiast: How do functions work? How does the memory allocator work? Whats the difference between userspace and kernelspace? How does computer work? Ask people what they want

14 Motivation For the Sysadmin For the future CISO:
Judge security level of operating systems And applications Harden/protect servers And clients For the future CISO: Assess CVSS score for vulnerabilities Assess security mitigations Better risk analysis Ask people what they want

15 Motivation

16 Content of the next 7 Friday afternoons

17 You want to learn: Content What memory corruptions are
What buffer overflows are What exploits are How exploits are being created To exploit a local application To exploit a remote application Learn about anti-exploiting technologies To circumvent all common anti-exploiting technologies for Linux And some for Windows Use After Free Hack browsers Hack facebook “for a friend”

18 You will actually learn:
Content You will actually learn: Intel x86 Architecture CPU Registers Linux Userspace memory layout, stacks, heap Syscalls Sockets Networking Programming Languages Assembler C Python Bash (Ruby)

19 Plan

20 Plan 24.02.2017 Theory: Challenges: 0x01 Intro (this)
0x02 Intro Technical 0x10 Intel Architecture 0x11 Memory Layout Challenges: 0 Introduction to memory layout – basic 1 Introduction to memory layout - advanced

21 Plan 03.03.2017 Theory: Challenges: 0x12 C Array and Pointers
0x30 ASM Intro 0x31 Shellcode 0x32 Function Call Convention 0x33 Debugging Challenges: Challenge 8 Challenge 9 Challenge 3 Challenge 7 Challenge 50

22 Plan 10.04.2017 Theory: Challenges: 0x41 Buffer Overflow 0x42 Exploit
0x44 Remote Exploit Challenges: Challenge11 Challenge12

23 Plan 17.04.2017 Theory: Challenges: 0x51 Exploit Mitigation
0x52 Defeat Exploit Mitigation 0x53 Exploit Mitigation – PIE 0x54 Defeat Exploit Mitigation ROP Challenges: Challenge14 Challenge15

24 Plan 24.04.2017 Theory: Challenges: 0x72 Linux Hardening
Defeat Exploit Mitigation – Heap Intro Defeat Exploit Mitigation – Heap Attacks Challenges: Challenge31

25 Plan 31.04.2017 Theory: Challenges: Windows Exploiting Secure Coding
Fuzzing Challenges:

26 Plan Theory: Puffer Case Studies Questions Challenges:

27 Defeat Exploit Mitigations
Content Intel Architecture Buffer Overflow Memory Layout C Arrays BoF Exploit Assembler Remote Exploit Shellcode Exploit Mitigations Function Calls Defeat Exploit Mitigations Debugging

28 Heap Overflows Stack Canary Brute Force Exploit Mitigations ASLR
ASCII Armor Arbitrary Write Overflow Local Vars Stack Canary Heap Overflows Brute Force Exploit Mitigations Partial RIP Overwrite ASLR NOP Slide PIE Info Disclosure DEP Ret 2 PLT ROP

29 Windows Exploiting Secure Coding Fuzzing Linux Hardening
And: Windows Exploiting Secure Coding Fuzzing Linux Hardening Browser Security Case Studies

30 Exam Oral What is (mainly) relevant for the oral exam?
How does memory corruption work? How does an exploit work? What exploit mitigations exist? How can these exploit mitigations be circumvented?

31 Books

Download ppt "Exploiting and Defense"

Similar presentations

Smashing the Stack for Fun and Profit

Smashing the Stack for Fun and Profit
Defenses. Preventing hijacking attacks 1. Fix bugs: – Audit software Automated tools: Coverity, Prefast/Prefix. – Rewrite software in a type safe languange.

Defenses. Preventing hijacking attacks 1. Fix bugs: – Audit software Automated tools: Coverity, Prefast/Prefix. – Rewrite software in a type safe languange.
Paruj Ratanaworabhan, Cornell University Benjamin Livshits, Microsoft Research Benjamin Zorn, Microsoft Research USENIX Security Symposium 2009 A Presentation.

Paruj Ratanaworabhan, Cornell University Benjamin Livshits, Microsoft Research Benjamin Zorn, Microsoft Research USENIX Security Symposium 2009 A Presentation.
Integrity & Malware Dan Fleck CS469 Security Engineering Some of the slides are modified with permission from Quan Jia. Coming up: Integrity – Who Cares?

Integrity & Malware Dan Fleck CS469 Security Engineering Some of the slides are modified with permission from Quan Jia. Coming up: Integrity – Who Cares?
David Brumley Carnegie Mellon University Credit: Some slides from Ed Schwartz.

David Brumley Carnegie Mellon University Credit: Some slides from Ed Schwartz.
Lecture 16 Buffer Overflow modified from slides of Lawrie Brown.

Lecture 16 Buffer Overflow modified from slides of Lawrie Brown.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
Part III Counter measures The best defense is proper bounds checking but there are many C/C++ programmers and some are bound to forget  Are there any.

Part III Counter measures The best defense is proper bounds checking but there are many C/C++ programmers and some are bound to forget  Are there any.
DIEHARDER: SECURING THE HEAP. Previously in DieHard…  Increase Reliability by random positioning of data  Replicated Execution detects invalid memory.

DIEHARDER: SECURING THE HEAP. Previously in DieHard…  Increase Reliability by random positioning of data  Replicated Execution detects invalid memory.
Review: Software Security David Brumley Carnegie Mellon University.

Review: Software Security David Brumley Carnegie Mellon University.
Framing Signals— A Return to Portable Shellcode

Framing Signals— A Return to Portable Shellcode
1 CHAPTER 8 BUFFER OVERFLOW. 2 Introduction One of the more advanced attack techniques is the buffer overflow attack Buffer Overflows occurs when software.

1 CHAPTER 8 BUFFER OVERFLOW. 2 Introduction One of the more advanced attack techniques is the buffer overflow attack Buffer Overflows occurs when software.
Security & Exploitation

Security & Exploitation
Andrea Bittau, Adam Belay, Ali Mashtizadeh, David Maziéres, Dan Boneh

Andrea Bittau, Adam Belay, Ali Mashtizadeh, David Maziéres, Dan Boneh
Defeating public exploit protections (EMET v5.2 and more)

Defeating public exploit protections (EMET v5.2 and more)
EECS 354 Network Security Introduction. Why Learn To Hack Understanding how to break into computer systems allows you to better defend them Learn how.

EECS 354 Network Security Introduction. Why Learn To Hack Understanding how to break into computer systems allows you to better defend them Learn how.
Address Space Layout Permutation

Address Space Layout Permutation
Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-

Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-
The OWASP Top 10 and Buffer Overflow Attacks

The OWASP Top 10 and Buffer Overflow Attacks
Exploiting Buffer Overflows on AIX/PowerPC HP-UX/PA-RISC Solaris/SPARC.

Exploiting Buffer Overflows on AIX/PowerPC HP-UX/PA-RISC Solaris/SPARC.

Similar presentations

Ads by Google