Dobin 0x02_Intro-Technical.pdf

A picture is:

• Data for the computer
• When interpreted correctly, the image is displayed
• When interpreted wrongly, displays garbage / crashes
• When interpreted wrongly in the right way, lets us hack a computer

There is no difference between data and code.

It is possible to create an image which executes code:

• If this is intentional, it's a feature
• If this is not intentional, the picture is an exploit (exploiting a bug/vulnerability)

How:

• M ake the orignal program (code) execute our (the attackers) own code (data) by writing into memory locations at runtime which influence where code is being read from.

Vulnerability types:

• Memory corruption
• Authentication
• Authorization
• Configuration error
• Input validation
• Logic error
• Sensitive data protection
• Session management
• Encoding Error
• Cryptographic Errors
• Permission Problems
• ...

Memory corruption occours in a computer program when the contents of a memory location are unintentionally modified due to programming errors; this is termed violation memory safety. When the corrupted memoryn contents are used later in that program, it lead either to a program crash or th strange and bizarre program behavior.

Simple definition of exploit:

• to get value or use from (something)
• to us (someone or something) in a way that helps you unfairly

Full definition of exploit

• to make productive use of : utilize
  • <exploiting your talents><exploit your opponent's weakness>
• to make use of meanly or unfairly for one's own advantage
  • <exploiting migrant farm workers>

• to exploit (verb): To take advantage of a vulnerability so that the target system reacts in a manner other than which the designer intended.
• the exploit (noun): the tool, set of instructions, or code that is used to take advantage of a vulnerability.

• Local 
• Server-side
• Client-side
• Remote