Security Basics mailing list archives
Re: exploit detection?
From: Robert Larsen <robert () the-playground dk>
Date: Wed, 15 Dec 2010 10:24:47 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2010-12-14 20:13, Littlefield, Tyler wrote:
Hello all, I would like to start playing with this, though I am really not sure where to get started. My goal for now is to just help out open source software by finding these and submitting information on it so they can be fixed. I know c, some assembly, c++ and a few other languages that I think might help, but I'm really not sure where you'd get started with something like this. I know about buffer overflows, (and I have played with them a bit), but with the address randomization, there has to be many other ways out there. What is something I can start working with to be able to help out somewhere? I really want the experience that would come out of this sort of work.
Knowing how to work around security features such as ASLR (address space layout randomization), stack cookies and DEP (data execution prevention) would probably be a good start. For ASLR I think this is the best reference: http://netsec.cs.northwestern.edu/media/readings/defeating_aslr.pdf DEP can be defeated using return into libc: http://www.infosecwriters.com/text_resources/pdf/return-to-libc.pdf Some stack cookie implementations are rather trivial to exploit. I don't know if they are actually used. On my Ubuntu machine the stack cookie is random and contains nulls and other nasty stuff. But not all buffer overflows are on the stack, and sometimes you don't even have to overwrite the return pointer. There may exist other stuff on the stack before the cookie that is interesting to overwrite. Also, there are other attack vectors, such as SQL injections, file inclusion attacks, XSS, etc. which may apply more to web based software. Good luck :-) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk0IiV8ACgkQzDMeisFqGZaSmgCfWb83JieEuE9KJTt4mEcZnIDM rroAoLgZ708kh5RfUT4u1XWO+dHu7nnN =WcAe -----END PGP SIGNATURE----- ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- exploit detection? Littlefield, Tyler (Dec 14)
- Re: exploit detection? Steven Steveo Gmail (Dec 16)
- Re: exploit detection? Robert Larsen (Dec 16)
- Re: exploit detection? Ivan Jedek (Dec 17)
- Re: exploit detection? Ivan Jedek (Dec 17)