[prev in list] [next in list] [prev in thread] [next in thread]
List: security-basics
Subject: Re: exploit detection?
From: Ivan Jedek <ivan.jedek () oracle ! com>
Date: 2010-12-17 15:54:34
Message-ID: 4D0B87BA.9030206 () oracle ! com
[Download RAW message or body]
Robert Larsen wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 2010-12-14 20:13, Littlefield, Tyler wrote:
>
> > Hello all, I would like to start playing with this, though I am
> > really not sure where to get started. My goal for now is to just
> > help out open source software by finding these and submitting
> > information on it so they can be fixed. I know c, some assembly,
> > c++ and a few other languages that I think might help, but I'm
> > really not sure where you'd get started with something like this. I
> > know about buffer overflows, (and I have played with them a bit),
> > but with the address randomization, there has to be many other ways
> > out there. What is something I can start working with to be able to
> > help out somewhere? I really want the experience that would come
> > out of this sort of work.
> >
> >
> Knowing how to work around security features such as ASLR (address
> space layout randomization), stack cookies and DEP (data execution
> prevention) would probably be a good start.
>
> For ASLR I think this is the best reference:
> http://netsec.cs.northwestern.edu/media/readings/defeating_aslr.pdf
>
> DEP can be defeated using return into libc:
> http://www.infosecwriters.com/text_resources/pdf/return-to-libc.pdf
>
> Some stack cookie implementations are rather trivial to exploit. I
> don't know if they are actually used. On my Ubuntu machine the stack
> cookie is random and contains nulls and other nasty stuff. But not all
> buffer overflows are on the stack, and sometimes you don't even have
> to overwrite the return pointer. There may exist other stuff on the
> stack before the cookie that is interesting to overwrite.
>
I suggest also to check the latest techniques in buffer overflow attacks
using ROP.
I recommend reading this paper and presentation here:
http://www.vnsecurity.net/2010/08/ropeme-rop-exploit-made-easy/
> Also, there are other attack vectors, such as SQL injections, file
> inclusion attacks, XSS, etc. which may apply more to web based software.
>
> Good luck :-)
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAk0IiV8ACgkQzDMeisFqGZaSmgCfWb83JieEuE9KJTt4mEcZnIDM
> rroAoLgZ708kh5RfUT4u1XWO+dHu7nnN
> =WcAe
> -----END PGP SIGNATURE-----
>
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL \
> certificate. We look at how SSL works, how it benefits your company and how your \
> customers can tell if a site is secure. You will find out how to test, purchase, \
> install and use a thawte Digital Certificate on your Apache web server. Throughout, \
> best practices for set-up are highlighted to help you ensure efficient ongoing \
> management of your encryption keys and digital certificates.
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------
>
>
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL \
certificate. We look at how SSL works, how it benefits your company and how your \
customers can tell if a site is secure. You will find out how to test, purchase, \
install and use a thawte Digital Certificate on your Apache web server. Throughout, \
best practices for set-up are highlighted to help you ensure efficient ongoing \
management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic