Re: exploit detection?

[Robert Larsen <robert () the-playground dk>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 2010-12-14 20:13, Littlefield, Tyler wrote:
> Hello all, I would like to start playing with this, though I am
> really not sure where to get started. My goal for now is to just
> help out open source software by finding these and submitting
> information on it so they can be fixed. I know c, some assembly,
> c++ and a few other languages that I think might help, but I'm
> really not sure where you'd get started with something like this. I
> know about buffer overflows, (and I have played with them a bit),
> but with the address randomization, there has to be many other ways
> out there. What is something I can start working with to be able to
> help out somewhere? I really want the experience that would come
> out of this sort of work.
Knowing how to work around security features such as ASLR (address
space layout randomization), stack cookies and DEP (data execution
prevention) would probably be a good start.

For ASLR I think this is the best reference:
http://netsec.cs.northwestern.edu/media/readings/defeating_aslr.pdf

DEP can be defeated using return into libc:
http://www.infosecwriters.com/text_resources/pdf/return-to-libc.pdf

Some stack cookie implementations are rather trivial to exploit. I
don't know if they are actually used. On my Ubuntu machine the stack
cookie is random and contains nulls and other nasty stuff. But not all
buffer overflows are on the stack, and sometimes you don't even have
to overwrite the return pointer. There may exist other stuff on the
stack before the cookie that is interesting to overwrite.

Also, there are other attack vectors, such as SQL injections, file
inclusion attacks, XSS, etc. which may apply more to web based software.

Good luck :-)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk0IiV8ACgkQzDMeisFqGZaSmgCfWb83JieEuE9KJTt4mEcZnIDM
rroAoLgZ708kh5RfUT4u1XWO+dHu7nnN
=WcAe
-----END PGP SIGNATURE-----


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------