filmov
tv
How to exploit a buffer overflow vulnerability (security@cambridge screencast)
Показать описание
00:00 intro
01:21 spill.c
07:16 gdb spill.c
14:02 disabling buffer overflow protections
16:48 understanding the stack (to be able to smash it accurately)
22:05 stack frames: nested-routines.c
32:31 switching to 32 bits
36:00 examining a memory dump of the stack in gdb
45:00 chal.c
48:40 machine code payload
50:02 some shells drop privileges (we drop this protection too)
51:43 stack frame of bof()
54:23 gdb chal.c
1:07:49 it doesn't work! :-(
1:12:08 let's keep on cheating
1:13:32 whoohoo! we got root! (by cheating)
1:14:54 let's do it without cheating (unknown &buffer)
1:16:05 hello.c
1:18:51 nop sled
1:25:17 the crucial part: computing correct addresses for the nop sled
1:30:54 building an exploit with nop sled
1:36:24 trying the exploit...
1:37:53 ...but doesn't work :-( why?
1:38:32 aha!
1:39:17 what if we don't know the offset?
1:41:23 stack spraying
This tutorial is a complement to the buffer overflow lecture in my undergraduate computer security course at the University of Cambridge.
The buffer overflow lecture:
Other lectures in this series:
Course web page:
Course textbook and exercises:
Virtualbox (required for the SEED labs):
Capture-the-flag security competitions I co-founded:
My home page:
01:21 spill.c
07:16 gdb spill.c
14:02 disabling buffer overflow protections
16:48 understanding the stack (to be able to smash it accurately)
22:05 stack frames: nested-routines.c
32:31 switching to 32 bits
36:00 examining a memory dump of the stack in gdb
45:00 chal.c
48:40 machine code payload
50:02 some shells drop privileges (we drop this protection too)
51:43 stack frame of bof()
54:23 gdb chal.c
1:07:49 it doesn't work! :-(
1:12:08 let's keep on cheating
1:13:32 whoohoo! we got root! (by cheating)
1:14:54 let's do it without cheating (unknown &buffer)
1:16:05 hello.c
1:18:51 nop sled
1:25:17 the crucial part: computing correct addresses for the nop sled
1:30:54 building an exploit with nop sled
1:36:24 trying the exploit...
1:37:53 ...but doesn't work :-( why?
1:38:32 aha!
1:39:17 what if we don't know the offset?
1:41:23 stack spraying
This tutorial is a complement to the buffer overflow lecture in my undergraduate computer security course at the University of Cambridge.
The buffer overflow lecture:
Other lectures in this series:
Course web page:
Course textbook and exercises:
Virtualbox (required for the SEED labs):
Capture-the-flag security competitions I co-founded:
My home page:
0:09:44
How to exploit a buffer overflow vulnerability - Practical
0:08:25
how do hackers exploit buffers that are too small?
0:11:09
How to exploit a buffer overflow vulnerability - Theory
0:17:30
Running a Buffer Overflow Attack - Computerphile
0:05:11
How to exploit a buffer overflow vulnerability | Full Practical
0:25:50
HACKED! How a Buffer Overflow Exploit works, plus Code Red!
0:12:23
First Exploit! Buffer Overflow with Shellcode - bin 0x0E
0:05:58
Buffer Overflow
0:35:39
How to Exploit a Buffer Overflow Vulnerability
0:27:01
Buffer Overflow Exploit: A Step-by-Step Tutorial for Beginners
0:19:41
Writing a Simple Buffer Overflow Exploit
0:05:42
why do hackers love strings?
0:06:43
How to exploit buffer overruns in C/C++
0:16:06
How They Hack: Buffer Overflow & GDB Analysis - James Lyne
0:00:34
Bugs in C are Skill Issues
0:06:15
From Missingno to Heartbleed: Buffer Exploits and Buffer Overflows
0:00:24
Binary Exploitation vs. Web Security
0:05:11
How to exploit Buffer Overflow with ret2libc | Full Practical
0:02:24
What is a Buffer Overflow Attack?
0:37:13
Basics of buffer overflow - Deep dive into exploit writing (exploit development)
0:09:23
Buffer overflow (off by 1) exploit
0:01:00
What is Buffer Overflow Attack ? #cyberattack #shorts
0:12:22
What is a Stack Buffer Overflow? Exploring How To Exploit the Stack
0:01:00
What is a Buffer Overflow? 💻
Комментарии