HackMD
ECE-422
Image Not Showing
Possible Reasons
Learn More →
Lecture1: Introduction
- 4*2 Homework
- 2 person team
- Online Exams with books open
Lecture2: Moral
Lecture3: Buffer Overflow
By the end of this chapter you should:
- Recall stack, calling convention basics
- Be able to demonstrate simple buffer overflow attacks
- Be able to build shellcode
Assembly
Image Not Showing
Possible Reasons
- The image file may be corrupted
- The server hosting the image is unavailable
- The image path is incorrect
- The image format is not supported
Image Not Showing
Possible Reasons
- The image file may be corrupted
- The server hosting the image is unavailable
- The image path is incorrect
- The image format is not supported
Image Not Showing
Possible Reasons
- The image file may be corrupted
- The server hosting the image is unavailable
- The image path is incorrect
- The image format is not supported
Buffer overflow FTW
- Success! Program crashed!
- Exploit: any string longer than buffer size
- Success! Execute arbitrary code!
- Exploit: injected code + address of buffer
- Success! Open a shell!
- Exploit: nop sled + shellcode + guesses of buffer
First lesson: avoid unsafe functions
- Unsafe functions:
- strcpy and friends (str*)
- sprintf
- gets
- Safe versions:
- strncpy and friends (strn*)
- snprintf
- fgets
- Does not solve all problem
First lesson: avoid unsafe functions
- Unsafe functions:
- strcpy and friends (str*)
- sprintf
- gets
- Safe versions:
- strncpy and friends (strn*)
- snprintf
- fgets
- Does not solve all problem
Lecture 4: Control Flow Hijacking
Hack detect
- push $CANARY in stack
- check the position
- If the 0(position) is not $CANARY, Congratulations!
Control Flow Hijacking
Image Not Showing
Possible Reasons
- The image file may be corrupted
- The server hosting the image is unavailable
- The image path is incorrect
- The image format is not supported
Image Not Showing
Possible Reasons
- The image file may be corrupted
- The server hosting the image is unavailable
- The image path is incorrect
- The image format is not supported
(Screenshot from Compiler Principle)
可以注意到,如果替换 function address, 或者说,想办法改变 PC 的值,就可以想干什么干什么,这就是 Control Flow Hijacking
CounterAttack
- distinguish code and data - Data should not be executable, Code need not be writable
- W^X (write xor execute)
Return-to-libc Attacks
借刀杀人
Return-Oriented Programming (ROP)
- Workflow
- Dump executable portions of target program
- Identify byte sequences ending in 0xC3 (ret)
- Such a code fragment is called a gadget
- Figure out what each gadget does — use a dissembler, e.g., https://onlinedisassembler.com/
- Chain together useful gadgets
Image Not Showing
Possible Reasons
- The image file may be corrupted
- The server hosting the image is unavailable
- The image path is incorrect
- The image format is not supported
-fPIE
地址偏移的安全加固
漏洞:
- 一个个实验 (i386)
- 狂喷
- Image Not Showing Possible Reasons
- The image file may be corrupted
- The server hosting the image is unavailable
- The image path is incorrect
- The image format is not supported
- 浏览器是重灾区
Lecture 6: Malware Defenses
Security By Design Principles
- Minimize the Trusted Computing Base (TCB)
- Minimize the Attack Surface
- Principle of Least Privilege
- Principle of Defense in Depth
- Fail Secure
- Avoid Security by Obscurity
- Keep Security Simple
INTRUSION DETECTION
- Signatures
- Polymorphic Code
- Metamorphic Code
- Detecting Metamorphic Viruses
- …
- N-Grams: Building the Model by Training
