Day 1 Part 5: Exploits1: Introduction to Software Exploits

Показать описание

Follow us on Twitter for class news @OpenSecTraining.

Software vulnerabilities are flaws in program logic that can be leveraged by an attacker to execute arbitrary code on a target system. This class will cover both the identification of software vulnerabilities and the techniques attackers use to exploit them. In addition, current techniques that attempt to remediate the threat of software vulnerability exploitation will be discussed.

This will be a lab driven class where specific software vulnerability types in particular environments are discussed and then exploited in a lab setting. Examples of lab components of the class as well as specific topics covered include:
•Shellcode development
•Stack overflow exploitation
•Heap overflow exploitation
•Static source code analysis
•Defeating non-executable stack protection

This class by Corey K. will help students be more aware of the specific details and mechanisms of software exploits we see in the wild. This knowledge will enable the students to better analyze their own software for vulnerabilities in an effort to produce more secure code.

Рекомендации по теме

Комментарии

Well, I would really like to. But if you really did exactly what is shown in the video it should work. Have you tried it in GDB also? If you want to circumvent that problem Patrick Cross already got you could also work on the dumped core.

Technoblade

Have any you guys had a shell of simple_login program by using the payload shell created at basic_vuln step ?.

sangdarkside

Great videos but I'm thoroughly stuck now. I created the malicious code and tested it in harness, a shell was created. I go through make my nop sled change the return address and in gdb everything works a shell is created. However, when I go to just running the program all I get are seg faults. I even created a shell script to quickly change the return address to other parts of the nop sled, still nothing. Any guess as to why my entire nop sled works fine in gdb but fails on execution?

patrickcross

Hey, I tried to make it work, and I just followed the same parts exactly but it didn't work on shellcode_harness leading to segmentation fault, can anyone help regarding this

nourminafrancis

Day 1 Part 5: Exploits1: Introduction to Software Exploits

Day 1 Part 5: Exploits1: Introduction to Software Exploits

OpenSecurityTraining: Introduction To Software Exploits (day 1, part 5)

Day 1 Part 5: Introductory Intel x86: Architecture, Assembly, Applications

Day 1 Part 4: Exploits1: Introduction to Software Exploits

Day 1 Part 6: Exploits1: Introduction to Software Exploits

Day 2 Part 5: Exploits1: Introduction to Software Exploits

Day 1 Part 5: Intro to Software RE (Reverse Engineering)

Day 1 Part 5: Exploits 2: Exploits in the Windows Environment

Day 1 Part 3: Exploits1: Introduction to Software Exploits

Day 1 Part 2: Exploits1: Introduction to Software Exploits

Can I MAX My Stardew Fishing Skill in One In-Game Day?

Day 2 Part 1: Exploits1: Introduction to Software Exploits

Mastering my skills in Saitama Battleground Day 1

Day 1 Part 1: Exploits1: Introduction to Software Exploits

OpenSecurityTraining: Introduction To Software Exploits (day 1, part 6)

Day 2 Part 2: Exploits1: Introduction to Software Exploits

Can I MAX My Stardew Skills in One In-Game Day?

Day 2 Part 3: Exploits1: Introduction to Software Exploits

Day 2 Part 4: Exploits1: Introduction to Software Exploits

OpenSecurityTraining: Introduction To Software Exploits (day 1, part 4)

Day 1 Part 3: Rootkits: What they are, and how to find them

Is It Possible To Beat Stardew Valley Without Earning Gold?

Day 1 Part 6: Rootkits: What they are, and how to find them

Youtube Is Broken - How To Kill A Youtube Video