SlideShare a Scribd company logo

Exploit techniques and mitigation

Yaniv Shani, profile picture
Yaniv Shani

This document discusses various exploit techniques such as stack overflow, heap overflow, and return oriented programming that leverage application vulnerabilities. It also covers mitigation techniques including stack protection, safeSEH, heap protection, data execution prevention, and address space layout randomization. The document recommends automated malware protection solutions that can protect against zero-day attacks as the most effective approach compared to anti-virus blacklists or sandboxing solutions.

Internet
1 of 18
Downloaded 19 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
Techniques & Mi-ga-on Yaniv Shani
What is Exploit? A piece of so=ware that leverage an applica-on vulnerability to cause unintended applica-on behavior
Exploits Techniques •  Stack overflow •  SEH frame overwrite •  Heap overflow •  Ret2LibC •  Return Oriented Programing •  JIT Spraying •  Bypass the Sandbox Model
Stack overflow Overwrite the the return address on the stack with a pointer to some malicious shell code
SEH Frame overwrite Override the SEH records to jump to the shellcode
Heap overflow •  Overwrite the allocated buffer internal linked list pointers. •  Use the resul=ng pointer exchange to overwrite program counter.
•  Change the return address on the stack to a known func=on in a shared library •  Doesn’t include shellcode Ret2LibC
Return Oriented Programing •  Form Gadgets by combine various instruc-ons. •  Gadget perform high-level ac-on •  i.e VirtualAlloc(), SetProcessDEPPolicy()
JIT Spraying •  Make use of the fact that JIT compiler generated executable code at run=me •  Spraying NOP slides, XOR and shellcode into memory
Bypass the Sandbox Model •  Bypass the security mechanism •  Enable untrusted applica-on an access to underlying system resources.
Mi-ga-on techniques •  Stack Protec-on •  SafeSEH •  Heap Protec-on •  DEP •  ASLR
Stack Protec-on •  Add Canary before stack return pointer •  Check Canary & terminate on mismatch
SafeSEH •  A Link =me op=on that generate a table with all SEH that will be used by the program
Heap Protec-on •  Unlink check •  Entry header cookie •  Pointer encoding •  Randomized meta data and base address
Data Execu-on Preven-on •  Preven=ng applica=on from execu=ng code from non-executable memory region
Address Space Layout Randomiza-on •  Randomly arranging the posi=on of key data area (heap, stack, exec. , library space).
Malware Protec=on Solu=on •  An=-Virus: Black list of file signature. •  Only effec=ve against known threads •  Whitelis=ng and Sandboxing solu=on •  Hard to implement •  Require consistent maintenance •  Stateful applica=on control •  Automated malware protec=on •  Protect from zero day aZack
Thank You

More Related Content

PDF
Low Level Exploits
hughpearse
 
PDF
127 Ch 2: Stack overflows on Linux
Sam Bowne
 
PDF
CNIT 127: Ch 8: Windows overflows (Part 2)
Sam Bowne
 
PDF
CNIT 127: 4: Format string bugs
Sam Bowne
 
PDF
Perl Dist::Surveyor 2011
Tim Bunce
 
PDF
CNIT 127: Ch 8: Windows overflows (Part 1)
Sam Bowne
 
PDF
Introduce to Terraform
Samsung Electronics
 
PDF
Tp install anything
Alessandro Franceschi
 
Low Level Exploits
hughpearse
 
127 Ch 2: Stack overflows on Linux
Sam Bowne
 
CNIT 127: Ch 8: Windows overflows (Part 2)
Sam Bowne
 
CNIT 127: 4: Format string bugs
Sam Bowne
 
Perl Dist::Surveyor 2011
Tim Bunce
 
CNIT 127: Ch 8: Windows overflows (Part 1)
Sam Bowne
 
Introduce to Terraform
Samsung Electronics
 
Tp install anything
Alessandro Franceschi
 

What's hot (20)

PDF
CNIT 126 13: Data Encoding
Sam Bowne
 
PDF
[네이버오픈소스세미나] What’s new in Zipkin - Adrian Cole
NAVER Engineering
 
PDF
Preview of Terraform 0.12 + modules.tf - Kiev HUG meetup
Anton Babenko
 
PDF
Internship final report@Treasure Data Inc.
Ryuichi ITO
 
PPTX
Terraform day1
Gourav Varma
 
PDF
0.5mln packets per second with Erlang
Maxim Kharchenko
 
PDF
Smash the Stack: Writing a Buffer Overflow Exploit (Win32)
Elvin Gentiles
 
PDF
EKON 24 ML_community_edition
Max Kleiner
 
PDF
Reverse engineering - Shellcodes techniques
Eran Goldstein
 
PDF
CNIT 126 5: IDA Pro
Sam Bowne
 
ODP
LD_PRELOAD Exploitation - DC9723
Iftach Ian Amit
 
KEY
The Why and How of Scala at Twitter
Alex Payne
 
PDF
Recursion & Erlang, FunctionalConf 14, Bangalore
Bhasker Kode
 
PPTX
Flink history, roadmap and vision
Stephan Ewen
 
PPTX
0.5mln packets per second with Erlang
Maxim Kharchenko
 
PPTX
06 - ELF format, knowing your friend
Alexandre Moneger
 
PDF
Terraform modules and (some of) best practices
Anton Babenko
 
PDF
Make static instrumentation great again, High performance fuzzing for Windows...
Lucas Leong
 
PDF
Going FaaSter, Functions as a Service at Netflix
Yunong Xiao
 
PPT
Buffer Overflows
Sumit Kumar
 
CNIT 126 13: Data Encoding
Sam Bowne
 
[네이버오픈소스세미나] What’s new in Zipkin - Adrian Cole
NAVER Engineering
 
Preview of Terraform 0.12 + modules.tf - Kiev HUG meetup
Anton Babenko
 
Internship final report@Treasure Data Inc.
Ryuichi ITO
 
Terraform day1
Gourav Varma
 
0.5mln packets per second with Erlang
Maxim Kharchenko
 
Smash the Stack: Writing a Buffer Overflow Exploit (Win32)
Elvin Gentiles
 
EKON 24 ML_community_edition
Max Kleiner
 
Reverse engineering - Shellcodes techniques
Eran Goldstein
 
CNIT 126 5: IDA Pro
Sam Bowne
 
LD_PRELOAD Exploitation - DC9723
Iftach Ian Amit
 
The Why and How of Scala at Twitter
Alex Payne
 
Recursion & Erlang, FunctionalConf 14, Bangalore
Bhasker Kode
 
Flink history, roadmap and vision
Stephan Ewen
 
0.5mln packets per second with Erlang
Maxim Kharchenko
 
06 - ELF format, knowing your friend
Alexandre Moneger
 
Terraform modules and (some of) best practices
Anton Babenko
 
Make static instrumentation great again, High performance fuzzing for Windows...
Lucas Leong
 
Going FaaSter, Functions as a Service at Netflix
Yunong Xiao
 
Buffer Overflows
Sumit Kumar
 
Ad

Viewers also liked (20)

PPTX
Reversing & Malware Analysis Training Part 4 - Assembly Programming Basics
securityxploded
 
PDF
Smashing The Stack
Daniele Bellavista
 
PPTX
Introduction to Linux Exploit Development
johndegruyter
 
PPT
Introduction to pointers and memory management in C
Uri Dekel
 
PPT
Debugging Applications with GNU Debugger
Priyank Kapadia
 
PPTX
How Functions Work
Saumil Shah
 
PDF
Insecure coding in C (and C++)
Olve Maudal
 
PDF
Ctf hello,world!
Hacks in Taiwan (HITCON)
 
PDF
Basic of Exploitation
Jongseok Choi
 
PPTX
Secure 360 adversary simulation
Chris Hernandez
 
PDF
DbiFuzz framework #ZeroNights E.0x03 slides
Peter Hlavaty
 
PPT
Reliable Windows Heap Exploits
amiable_indian
 
PDF
Exploit development 101 - Part 1 - Null Singapore
Mohammed A. Imran
 
PPTX
Racing with Droids
Peter Hlavaty
 
PPTX
Power of linked list
Peter Hlavaty
 
PPTX
How2heap
Seonghwan Cho
 
PPTX
Tersine Mühendislik 101
Fatih Erdoğan
 
PDF
Attacking the Webkit heap [Or how to write Safari exploits]
Seguridad Apple
 
PPTX
How Safe is your Link ?
Peter Hlavaty
 
PPTX
You didnt see it’s coming? "Dawn of hardened Windows Kernel"
Peter Hlavaty
 
Reversing & Malware Analysis Training Part 4 - Assembly Programming Basics
securityxploded
 
Smashing The Stack
Daniele Bellavista
 
Introduction to Linux Exploit Development
johndegruyter
 
Introduction to pointers and memory management in C
Uri Dekel
 
Debugging Applications with GNU Debugger
Priyank Kapadia
 
How Functions Work
Saumil Shah
 
Insecure coding in C (and C++)
Olve Maudal
 
Ctf hello,world!
Hacks in Taiwan (HITCON)
 
Basic of Exploitation
Jongseok Choi
 
Secure 360 adversary simulation
Chris Hernandez
 
DbiFuzz framework #ZeroNights E.0x03 slides
Peter Hlavaty
 
Reliable Windows Heap Exploits
amiable_indian
 
Exploit development 101 - Part 1 - Null Singapore
Mohammed A. Imran
 
Racing with Droids
Peter Hlavaty
 
Power of linked list
Peter Hlavaty
 
How2heap
Seonghwan Cho
 
Tersine Mühendislik 101
Fatih Erdoğan
 
Attacking the Webkit heap [Or how to write Safari exploits]
Seguridad Apple
 
How Safe is your Link ?
Peter Hlavaty
 
You didnt see it’s coming? "Dawn of hardened Windows Kernel"
Peter Hlavaty
 
Ad

Similar to Exploit techniques and mitigation (20)

PPTX
Building a REST API Microservice for the DevNet API Scavenger Hunt
Ashley Roach
 
PDF
How to Reverse Engineer Web Applications
Jarrod Overson
 
PPTX
Refactoring tools for Perl code
Dagfinn Reiersøl
 
PDF
To ∞ (~65K) and beyond! - Sebastiano Gottardo - Codemotion Milan 2016
Codemotion
 
PDF
Reactive Cocoa Lightning Talk
M. Robert Spryn
 
PDF
Sitecore development approach evolution – destination helix
Peter Nazarov
 
PPTX
Hyperloglog Lightning Talk
Simon Prickett
 
PDF
Cracking the code review at SpringIO 2024
Paco van Beckhoven
 
PDF
Intro to CakePHP
Walther Lalk
 
PPTX
Testing Rapidly Changing Applications With Self-Testing Object-Oriented Selen...
seleniumconf
 
PDF
Writing Code to Work Against any Salesforce Object
Salesforce Developers
 
PDF
Apigility-powered API's on IBM i
chukShirley
 
PDF
Tool Up Your LAMP Stack
Lorna Mitchell
 
PDF
Tool up your lamp stack
AgileOnTheBeach
 
PPTX
44CON 2014 - Pentesting NoSQL DB's Using NoSQL Exploitation Framework, Franci...
44CON
 
PDF
Jenkins vs. AWS CodePipeline (AWS User Group Berlin)
Steffen Gebert
 
PPTX
Java Core | JavaFX 2.0: Great User Interfaces in Java | Simon Ritter
JAX London
 
PPT
Code igniter overview
umesh patil
 
PDF
Cocoapods in action
Han Qin
 
PPTX
CT Software Developers Meetup: Using Docker and Vagrant Within A GitHub Pull ...
E. Camden Fisher
 
Building a REST API Microservice for the DevNet API Scavenger Hunt
Ashley Roach
 
How to Reverse Engineer Web Applications
Jarrod Overson
 
Refactoring tools for Perl code
Dagfinn Reiersøl
 
To ∞ (~65K) and beyond! - Sebastiano Gottardo - Codemotion Milan 2016
Codemotion
 
Reactive Cocoa Lightning Talk
M. Robert Spryn
 
Sitecore development approach evolution – destination helix
Peter Nazarov
 
Hyperloglog Lightning Talk
Simon Prickett
 
Cracking the code review at SpringIO 2024
Paco van Beckhoven
 
Intro to CakePHP
Walther Lalk
 
Testing Rapidly Changing Applications With Self-Testing Object-Oriented Selen...
seleniumconf
 
Writing Code to Work Against any Salesforce Object
Salesforce Developers
 
Apigility-powered API's on IBM i
chukShirley
 
Tool Up Your LAMP Stack
Lorna Mitchell
 
Tool up your lamp stack
AgileOnTheBeach
 
44CON 2014 - Pentesting NoSQL DB's Using NoSQL Exploitation Framework, Franci...
44CON
 
Jenkins vs. AWS CodePipeline (AWS User Group Berlin)
Steffen Gebert
 
Java Core | JavaFX 2.0: Great User Interfaces in Java | Simon Ritter
JAX London
 
Code igniter overview
umesh patil
 
Cocoapods in action
Han Qin
 
CT Software Developers Meetup: Using Docker and Vagrant Within A GitHub Pull ...
E. Camden Fisher
 

Recently uploaded (20)

PDF
Cloud-Scale Log Monitoring _ Datadog.pdf
MuhammadDhomanhuriMa
 
PDF
Paper PDF World Game (s) Great Redesign.pdf
Steven McGee
 
PPTX
introduction about ICD -10 & ICD-11 ppt.pptx
naveenithkrishnan
 
PDF
Automated vs Manual WooCommerce to Shopify Migration_ Pros & Cons.pdf
CartCoders
 
PPTX
presentation_pfe-universite-molay-seltan.pptx
yahyamohibme
 
PPT
Design_with_Watersergyerge45hrbgre4top (1).ppt
DiogoRibeiro730590
 
PPT
tcp ip networks nd ip layering assotred slides
pakadamfdp
 
PPTX
522797556-Unit-2-Temperature-measurement-1-1.pptx
msar8888
 
PPTX
Introuction about WHO-FIC in ICD-10.pptx
naveenithkrishnan
 
PPTX
Module 1 - Cyber Law and Ethics 101.pptx
anantyakhrisna1
 
PDF
How to Ensure Data Integrity During Shopify Migration_ Best Practices for Sec...
CartCoders
 
PPTX
Job_Card_System_Styled_lorem_ipsum_.pptx
Jeffkigen
 
DOCX
Unit-3 cyber security network security of internet system
shivangisharma636228
 
PPTX
E -tech empowerment technologies PowerPoint
kylebalatero12
 
PDF
RPKI Status Update, presented by Makito Lay at IDNOG 10
APNIC
 
PDF
Slides PDF The World Game (s) Eco Economic Epochs.pdf
Steven McGee
 
PDF
WebRTC in SignalWire - troubleshooting media negotiation
Giacomo Vacca
 
PDF
💰 𝐔𝐊𝐓𝐈 𝐊𝐄𝐌𝐄𝐍𝐀𝐍𝐆𝐀𝐍 𝐊𝐈𝐏𝐄𝐑𝟒𝐃 𝐇𝐀𝐑𝐈 𝐈𝐍𝐈 𝟐𝟎𝟐𝟓 💰
GRAB
 
PPTX
INTERNET------BASICS-------UPDATED PPT PRESENTATION
poonam62133
 
PPTX
Introduction to Information and Communication Technology
AkmadArzieAyao1
 
Cloud-Scale Log Monitoring _ Datadog.pdf
MuhammadDhomanhuriMa
 
Paper PDF World Game (s) Great Redesign.pdf
Steven McGee
 
introduction about ICD -10 & ICD-11 ppt.pptx
naveenithkrishnan
 
Automated vs Manual WooCommerce to Shopify Migration_ Pros & Cons.pdf
CartCoders
 
presentation_pfe-universite-molay-seltan.pptx
yahyamohibme
 
Design_with_Watersergyerge45hrbgre4top (1).ppt
DiogoRibeiro730590
 
tcp ip networks nd ip layering assotred slides
pakadamfdp
 
522797556-Unit-2-Temperature-measurement-1-1.pptx
msar8888
 
Introuction about WHO-FIC in ICD-10.pptx
naveenithkrishnan
 
Module 1 - Cyber Law and Ethics 101.pptx
anantyakhrisna1
 
How to Ensure Data Integrity During Shopify Migration_ Best Practices for Sec...
CartCoders
 
Job_Card_System_Styled_lorem_ipsum_.pptx
Jeffkigen
 
Unit-3 cyber security network security of internet system
shivangisharma636228
 
E -tech empowerment technologies PowerPoint
kylebalatero12
 
RPKI Status Update, presented by Makito Lay at IDNOG 10
APNIC
 
Slides PDF The World Game (s) Eco Economic Epochs.pdf
Steven McGee
 
WebRTC in SignalWire - troubleshooting media negotiation
Giacomo Vacca
 
💰 𝐔𝐊𝐓𝐈 𝐊𝐄𝐌𝐄𝐍𝐀𝐍𝐆𝐀𝐍 𝐊𝐈𝐏𝐄𝐑𝟒𝐃 𝐇𝐀𝐑𝐈 𝐈𝐍𝐈 𝟐𝟎𝟐𝟓 💰
GRAB
 
INTERNET------BASICS-------UPDATED PPT PRESENTATION
poonam62133
 
Introduction to Information and Communication Technology
AkmadArzieAyao1
 

Exploit techniques and mitigation