Dobin 0x51_ExploitMitigations.pdf
Dobin 0x51_ExploitMitigations.pdf
Dobin 0x51_ExploitMitigations.pdf
19
0.0 (0)
Fichier Détails
| Cartes-fiches | 19 |
|---|---|
| Langue | English |
| Catégorie | Informatique |
| Niveau | Université |
| Crée / Actualisé | 24.06.2019 / 28.06.2020 |
| Attribution de licence | Non précisé |
| Lien de web |
https://card2brain.ch/box/20190624_dobin_0x51exploitmitigations_pdf
|
| Intégrer |
<iframe src="https://card2brain.ch/box/20190624_dobin_0x51exploitmitigations_pdf/embed" width="780" height="150" scrolling="no" frameborder="0"></iframe>
|
What exploit mitigations do you know?
- (ASCII Armor)
- Stack Canary
- ASLR [Address Space Layout Ranfomization]
- PIE
- DEP [Data Exection Prevention]
How can you do to write secure code?
- Use secure libraries
- Perfom Static Analysis of the source code
- Perform Dynamic Analysis of programs
- Perform fuzzing of input vectors
- Have a secure development lifecycle (SDL)
- Manual source code reviews
What two types of protection can be put in place by sysadmins?
- Compile Time Protection
- Runtime Protection
What is required to create an exploit?
- Executable Shellcode
- Aka "Hacker instructions"
- The distance form the buffer to the SIP (Stored Instruction Pointer)
- Offset for the overflow
- The address of shellcode
- in memory of the target process
Name two compile time mitigations.
Compile time mitigations:
- Stack canaries
- PIE
Name some runtime mitigations.
Runtime mitigations:
- ASLR
- DEP
- ASCII Armor
Where is the stack cannary located on the stack?
The stack canary is below the SIP (Stored Instruction Pointer) and the SBP [SFP] (Stored Base Pointer, Stored Frame Pointer)
what does DEP stand for and what does it do?
DEP (Data Execution Prevention)
DEP makes the stack not executable.
