Tags » ASLR

20160906

1. 시스템 보안 개론
* SEH overwriting은 canary를 우회할 수 있다.

* gets(buf) 함수는 입력으로 들어오는 스트링의 크기를 확인하지 않는다는 문제가 있다. 입력 크기를 확인해서 문제를 해결할 수 있음. 117 more words

1) Memo

What Did I Just Do? Breaking Down The Shellcode Example.

Last post we got some shellcode to execute in the notesearch program from HTAE.  I basically followed what Jon Erickson did with some minor modifications to make the exploit work on the Debian-32 machine that I’ve been using.  949 more words

Hacking

Digging in the Heap

The Heap

The heap is another area of memory that a program in execution uses.  We have discussed it before and we know that it’s different from the stack because we may allocate it and free it during programming.  861 more words

Hacking The Art Of Exploitation

Stack Overflow Continued.

This time we are going to look at what happens when ASLR is left in place, and when we move to a 64 bit Debian distro. 1,904 more words

Hacking The Art Of Exploitation

VideoLAN Releases VLC Version 2.2.4

In early June the open source media player VLC created by the VideoLAN non-profit organization was updated to version 2.2.4.

This update is available for Linux, Apple Mac OS X and Windows. 127 more words

Security Advice

Tor coders harden the onion against surveillance

A nonet of security researchers are on the warpath to protect the Tor Browser from interfering busybodies.

Tor, short for The Onion Router, is a system that aims to help you be anonymous online by disguising where you are, and where you are heading. 1,099 more words

Featured

Evolution of Stack Based Buffer Overflows

On the 2nd November, 1988 the Morris Worm was the first blended threat affecting multiple systems on the Internet.  One of the things the worm did was to exploit a buffer overflow against the fingerd daemon due to the usage of gets() library function. 2,308 more words

Intrusion Analysis