Dobin 0x51_ExploitMitigations.pdf
Dobin 0x51_ExploitMitigations.pdf
Dobin 0x51_ExploitMitigations.pdf
19
0.0 (0)
Kartei Details
| Karten | 19 |
|---|---|
| Sprache | English |
| Kategorie | Informatik |
| Stufe | Universität |
| Erstellt / Aktualisiert | 24.06.2019 / 28.06.2020 |
| Lizenzierung | Keine Angabe |
| Weblink |
https://card2brain.ch/box/20190624_dobin_0x51exploitmitigations_pdf
|
| Einbinden |
<iframe src="https://card2brain.ch/box/20190624_dobin_0x51exploitmitigations_pdf/embed" width="780" height="150" scrolling="no" frameborder="0"></iframe>
|
What exploit mitigations do you know?
- (ASCII Armor)
- Stack Canary
- ASLR [Address Space Layout Ranfomization]
- PIE
- DEP [Data Exection Prevention]
How can you do to write secure code?
- Use secure libraries
- Perfom Static Analysis of the source code
- Perform Dynamic Analysis of programs
- Perform fuzzing of input vectors
- Have a secure development lifecycle (SDL)
- Manual source code reviews
What two types of protection can be put in place by sysadmins?
- Compile Time Protection
- Runtime Protection
What is required to create an exploit?
- Executable Shellcode
- Aka "Hacker instructions"
- The distance form the buffer to the SIP (Stored Instruction Pointer)
- Offset for the overflow
- The address of shellcode
- in memory of the target process
