# ECE-422 [![hackmd-github-sync-badge](https://hackmd.io/Z1ZgjJSrQ2S88dIMFga9Yg/badge)](https://hackmd.io/Z1ZgjJSrQ2S88dIMFga9Yg) ## Lecture1: Introduction - 4*2 Homework - 2 person team - Online Exams with books open ## Lecture2: Moral ## Lecture3: Buffer Overflow ### By the end of this chapter you should: - Recall stack, calling convention basics - Be able to demonstrate simple buffer overflow attacks - Be able to build shellcode ### Assembly ![](https://i.imgur.com/JQqvnks.png) ![](https://i.imgur.com/Bz6ap2w.png) ![](https://i.imgur.com/4CiQZIv.png) ### Buffer overflow FTW - Success! Program crashed! - Exploit: any string longer than buffer size - Success! Execute arbitrary code! - Exploit: injected code + address of buffer - Success! Open a shell! - Exploit: nop sled + shellcode + guesses of buffer ### First lesson: avoid unsafe functions - Unsafe functions: - strcpy and friends (str*) - sprintf - gets - Safe versions: - strncpy and friends (strn*) - snprintf - fgets - Does not solve all problem ### First lesson: avoid unsafe functions - Unsafe functions: - strcpy and friends (str*) - sprintf - gets - Safe versions: - strncpy and friends (strn*) - snprintf - fgets - Does not solve all problem ## Lecture 4: Control Flow Hijacking ### Hack detect 1. push $CANARY in stack 2. check the position 3. If the 0(position) is not $CANARY, Congratulations! ### Control Flow Hijacking ![](https://i.imgur.com/evb9faz.png) ![](https://i.imgur.com/h82aiA1.png) (Screenshot from Compiler Principle) 可以注意到,如果替换 function address, 或者说,想办法改变 PC 的值,就可以想干什么干什么,这就是 Control Flow Hijacking #### CounterAttack 1. distinguish code and data - Data should not be executable, Code need not be writable - W^X (write xor execute) #### Return-to-libc Attacks 借刀杀人 ### Return-Oriented Programming (ROP) - Workflow - Dump executable portions of target program - Identify byte sequences ending in 0xC3 (**ret**) - Such a code fragment is called a gadget - Figure out what each gadget does — use a dissembler, e.g., https://onlinedisassembler.com/ - Chain together useful gadgets ![](https://i.imgur.com/enUdoRQ.png) ### -fPIE 地址偏移的安全加固 漏洞: - 一个个实验 (i386) - 狂喷 - ![](https://i.imgur.com/t9cEruc.png) - 浏览器是重灾区 ## Lecture 6: Malware Defenses ### Security By Design Principles - Minimize the Trusted Computing Base (TCB) - Minimize the Attack Surface - Principle of Least Privilege - Principle of Defense in Depth - Fail Secure - Avoid Security by Obscurity - Keep Security Simple ### INTRUSION DETECTION - Signatures - Polymorphic Code - Metamorphic Code - Detecting Metamorphic Viruses - ... - N-Grams: Building the Model by Training ### Chapter 07 – Web Security #### CORS & CSRF & XSS
Last changed by  
nyovelt
495

Read more

CS 591 Sys-Net

Week2: Some interesting paper from ATC/OSDI 2022 - Xudong Sun Automatic Reliability Testing For Cluster Management Controllers Fuzz test DuoAI Ivy vs CoQ What is the advantages of Ivy compared to other verification language like CoQ? Because I have heard of CoQ but Ivy is new to me. RESIN: Memory Leak

10/28/2022
CS-598 HPN

Introduction History Manually 1989 Machenical telephone switch Circuit switching is wasteful Packet Switch 1959

9/9/2022
ST-CS120: Computer Network

OSI Model https://www.forcepoint.com/zh-hans/cyber-edu/osi-model Performance Metrics (性能与指标) Bandwidth (Throughput)

1/5/2022
ST-CS130: Operating Systems

Basic Concepts 操作系统起着分离运行、幻象(抽象层?)、粘合(高级)的作用 Process Program state PC, reg, Execution flag, Stack Address Space

12/29/2021
Read more from nyovelt
Published on HackMD