Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Flaws 2 Ian Kayne

Published byFlorence Dean Modified over 5 years ago

Similar presentations

Presentation on theme: "Security Flaws 2 Ian Kayne"— Presentation transcript:

1 Security Flaws 2 Ian Kayne
For School of Computer Science, University of Birmingham 13th November 2007

2 Approach Why are the principles important?
Expect unique systems & software No courses on “Widgets v1.0 security” Expect unusual problems Expect unusual solutions Expect issues outside your comfort zone 2/28/2019

3 Approach Your mission, should you choose to accept it…
95% of the time it’s (relatively) easy Most attackers go for easy score Losing sleep over “script kiddies”? Something’s gone wrong. The other 5% is hard It’s also the 5% that matters Jack of all trades and master of some Learn the principles, investigate the rest 2/28/2019

4 Recap Buffer Overflows Executable stack Unchecked buffer input
Shellcode into buffer Overwrite return address 2/28/2019

5 Buffer Overflow Jump using register
Any register can point at the start of the buffer Inject shellcode to buffer as normal Overwrite return address with address of instructions that jump using the register Near-guaranteed success! data data s h e l l c o d e return address test ecx, ecx jmp eax push EAX 2/28/2019

6 Prevention Non-executable stack (“NX bit”) Address randomisation
Canary bytes data data return address 2/28/2019

7 Review Next topic is complex! Builds on previous principles Questions?
Comments? Review Items? 2/28/2019

8 RCE Reverse (Code) Engineering – “reversing” What is it?
Why is it done? Malware research & defence System interoperability requirements Review and audit of software/security system Why is it useful to security specialists? “Learn the principles” 2/28/2019

9 RCE Required knowledge/skills (x86)
Platform knowledge – stack, registers etc “Some” assembly language C/C++ & as many other languages as possible Operating system (Windows) mechanisms win32api Toolset (debugger, disasm, hex editor…) Mindset (patterns, logic) 2/28/2019

10 RCE Imagine a strong protection mechanism Username License key
Complex validation system Crippled shareware-style functionality 2/28/2019

11 RCE Reversing demonstration 2/28/2019

12 RCE After the demonstration, recap: 1 byte patch Analysed executable
Set breakpoints on likely API calls Traced up the call stack Analysed the code Found the good boy/bad boy “switch” Patched the jump “live” to test Converted RVA to file offset, patched file 1 byte patch 2/28/2019

13 Protection Imagine a strong protection mechanism again
License key system CRC Anti-debugging techniques Encryption 2/28/2019

14 Protection Encryption for software protection Symmetric encryption
Asymmetric encryption Fancy a wager? 2/28/2019

15 Protection Encryption for protection
Data must be decrypted before use Code must be decrypted before execution UPX (packer), Armadillo, Themida… Can be made very hard, but not impossible Remember the jump loop – EB FE Generics – break one, break all Homebrew is risky – “learn the principles” 2/28/2019

16 Protection Some obfuscation techniques:
Encode obvious “beacon” strings Avoid win32api/library functions: bpx MessageboxA Use alternative functions/mechanisms E.g.: SetWindowPos instead of ShowWindow Roll your own api/GUI functions Can’t break on GetWindowText if you don’t use it! Hide code within the executable Self modifying code, PE sections etc 2/28/2019

17 Protection Some anti-debugger techniques
Deliberate exceptions (code in SEH) Self-debugging (can’t “stack” debuggers) Timers and counters Alter DR0 – DR7 hardware debug registers IsDebuggerPresent() Check for/attack known debugger processes, windows, services, drivers… (Starforce) 2/28/2019

18 RCE Why are these low-level technical techniques important?
“Learn the principles” Your first job: consultant to betting company about to release online gambling game The basics: Internet security Server security Data security But… what about the end-user software? 2/28/2019

19 Opinions Morality, legality, viability of protection
Invasive protection: Starforce, SecuROM SonyBMG – Celine Dion, Neil Diamond… Anti-piracy measures protect content creators’ rights and revenues. –or– Anti-piracy measures are ineffective, alienate customers & create legal issues. 2/28/2019

20 Review Thank you! Questions Comments Items to review Further study
2/28/2019

Download ppt "Security Flaws 2 Ian Kayne"

Similar presentations

Smashing the Stack for Fun and Profit

Smashing the Stack for Fun and Profit
Secure In-VM Monitoring Using Hardware Virtualization Monirul Sharif, Wenke Lee, Weidong Cui, and Andrea Lanzi Presented by Tyler Bletsch.

Secure In-VM Monitoring Using Hardware Virtualization Monirul Sharif, Wenke Lee, Weidong Cui, and Andrea Lanzi Presented by Tyler Bletsch.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 10: Buffer Overflow.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 10: Buffer Overflow.
RIVERSIDE RESEARCH INSTITUTE Helikaon Linux Debugger: A Stealthy Custom Debugger For Linux Jason Raber, Team Lead - Reverse Engineer.

RIVERSIDE RESEARCH INSTITUTE Helikaon Linux Debugger: A Stealthy Custom Debugger For Linux Jason Raber, Team Lead - Reverse Engineer.
Countermeasures 0x610~0x650 2014. 12. 4 Seokmyung Hong.

Countermeasures 0x610~0x Seokmyung Hong.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Www.SecurityXploded.com. Disclaimer The Content, Demonstration, Source Code and Programs presented here is AS IS without any warranty or conditions.

Disclaimer The Content, Demonstration, Source Code and Programs presented here is "AS IS" without any warranty or conditions.
1 CHAPTER 8 BUFFER OVERFLOW. 2 Introduction One of the more advanced attack techniques is the buffer overflow attack Buffer Overflows occurs when software.

1 CHAPTER 8 BUFFER OVERFLOW. 2 Introduction One of the more advanced attack techniques is the buffer overflow attack Buffer Overflows occurs when software.
Securing Software Systems Gaurav S. Kc Programming Systems Lab 9 th April, 2003.

Securing Software Systems Gaurav S. Kc Programming Systems Lab 9 th April, 2003.
Buffer Overflows Ian Kayne For School of Computer Science, University of Birmingham 16 th February 2009.

Buffer Overflows Ian Kayne For School of Computer Science, University of Birmingham 16 th February 2009.
Reverse Engineering Ian Kayne For School of Computer Science, University of Birmingham 2 nd February 2009.

Reverse Engineering Ian Kayne For School of Computer Science, University of Birmingham 2 nd February 2009.
OllyDbg Debuger.

OllyDbg Debuger.
SRE  Introduction 1 Software Reverse Engineering (SRE)

SRE  Introduction 1 Software Reverse Engineering (SRE)
DIGITAL RIGHT MANAGEMENT Bùi Thành Đ ạ t 50700480 Nguy ễ n Hoàng Nh ậ t Đông 50700542 Nguy ễ n Duy C ườ ng 50700287 1.

DIGITAL RIGHT MANAGEMENT Bùi Thành Đ ạ t Nguy ễ n Hoàng Nh ậ t Đông Nguy ễ n Duy C ườ ng
Code Injection and Software Cracking’s Effect on Network Security Group 5 Jason Fritts Utsav Kanani Zener Bayudan ECE 4112 Fall 2007.

Code Injection and Software Cracking’s Effect on Network Security Group 5 Jason Fritts Utsav Kanani Zener Bayudan ECE 4112 Fall 2007.
Thomas Levy. Agenda 1.Aims: CIAN 2.Common Business Attacks 3.Information Security & Risk Management 4.Access Control 5.Cryptography 6.Physical Security.

Thomas Levy. Agenda 1.Aims: CIAN 2.Common Business Attacks 3.Information Security & Risk Management 4.Access Control 5.Cryptography 6.Physical Security.
Trying to like a boss… REVERSE ENGINEERING. WHAT EVEN IS… REVERSE ENGINEERING?? Reverse engineering is the process of disassembling and analyzing a particular.

Trying to like a boss… REVERSE ENGINEERING. WHAT EVEN IS… REVERSE ENGINEERING?? Reverse engineering is the process of disassembling and analyzing a particular.
An anti-hacking guide.  Hackers are kindred of expert programmers who believe in freedom and spirit of mutual help. They are not malicious. They may.

An anti-hacking guide.  Hackers are kindred of expert programmers who believe in freedom and spirit of mutual help. They are not malicious. They may.
Application Security Tom Chothia Computer Security, Lecture 14.

Application Security Tom Chothia Computer Security, Lecture 14.
Practical Malware Analysis Ch 8: Debugging Rev. 10-13-14.

Practical Malware Analysis Ch 8: Debugging Rev

Similar presentations

Ads by Google