![vulnerability
http://en.wikipedia.org/wiki/Vulnerability_(computing)
In computer security, a vulnerability is a
weakness which allows an attacker to reduce a
system's information assurance. Vulnerability
is the intersection of three elements: a
system susceptibility or flaw, attacker access
to the flaw, and attacker capability to
exploit the flaw.[1] To exploit a
vulnerability, an attacker must have at least
one applicable tool or technique that can
connect to a system weakness. In this frame,
vulnerability is also known as the attack
surface](https://image.slidesharecdn.com/matfyz-softwaresecurity-150522124803-lva1-app6891/85/Software-Security-From-school-to-reality-and-back-5-320.jpg)
![Exploitation [??? guys]
▪ Hunt vulnerabilities
– Write fuzzers, checkers, support tools …
– Use 0days for their own reasons, cyber weapons,
spying..
▪ Invent / copy methodologies
– Misuse hole in protection mechanism for attack!
– Do 0day business with 3rd party
– Keep their research private](https://image.slidesharecdn.com/matfyz-softwaresecurity-150522124803-lva1-app6891/85/Software-Security-From-school-to-reality-and-back-7-320.jpg)
![Exploitation [good guys]
▪ Hunt vulnerabilities
– Write fuzzers, checkers, support tools …
– Report to vendors & Cooperate on fix
▪ Invent new methodologies
– To uncover weakness of current protection
mechanism
– Cooperate on effective mitigations
– Share research with community for faster
improvement](https://image.slidesharecdn.com/matfyz-softwaresecurity-150522124803-lva1-app6891/85/Software-Security-From-school-to-reality-and-back-9-320.jpg)
![Algorithms [RP, Tvorba efekt. algo.]
▪ Most of times you will not re-implement binary trees,
fibonaci heaps, flow algo …
▪ But Algorithmic thinking helps you to find a way how to
effective solve given problems
▪ It learns you out-of-box thinking
▪ BUT, Can also push you to the corners!
▪ Always keep in mind : PERFORMANCE > SECURITY is very
*very* bad idea
▪ First think about design, later optimize!
https://www.topcoder.com/community/data-science/data-science-tutorials/](https://image.slidesharecdn.com/matfyz-softwaresecurity-150522124803-lva1-app6891/85/Software-Security-From-school-to-reality-and-back-15-320.jpg)
![Design [Programovanie (3)]
▪ OOP is very effective way to build complex systems
▪ Reuse code, modularity, abstraction
▪ Keep clean code, descriptive naming, simple one purpose
functions
▪ Keep focus on language features, and its newest development!
▪ Design patterns can help /show you generalization of problem
▪ But design patterns are *not* solution for everything
▪ Think about design patterns and use them when it is
appropriate
▪ Good design leads to easier maintance, refactoring & review
https://sourcemaking.com/design_patterns http://www.stroustrup.com/C++11FAQ.htm](https://image.slidesharecdn.com/matfyz-softwaresecurity-150522124803-lva1-app6891/85/Software-Security-From-school-to-reality-and-back-16-320.jpg)
![MEMORY & CPU [Principy pocitacov]
▪ Understand memory & cpu
– How are data stored
– Instructions – assembler
▪ X86, arm
▪ Understand “program->compiler->assembly”
– Variables
– Functions
– Loops & calls
https://www.recurse.com/blog/5-learning-c-with-gdb https://www.recurse.com/blog/7-understanding-c-by-learning
http://www.intel.com/content/www/us/en/processors/architectures-software-developer-manuals.html](https://image.slidesharecdn.com/matfyz-softwaresecurity-150522124803-lva1-app6891/85/Software-Security-From-school-to-reality-and-back-17-320.jpg)
![SAT Solvers [FOJA, Algebra]
▪ Magic Blackbox with right answer
– Boolean Satisfiability Problem
▪ Based on Boolean algebra
▪ NP-complete , but some optimalization used
▪ Appropriate & smart formulation of problem (part of
problem), helps in fuzzers and explotation as well
▪ Competition of sat solvers!
http://www.quarkslab.com/dl/StHack2015-Dynamic-Behavior-
Analysis-using-Binary-Instrumentation-Jonathan-Salwan.pdf
https://github.com/0vercl0k/z3-
playground/blob/master/hackingweek-reverse400_z3.py
http://en.wikipedia.org/wiki/Boolean_satisfiability_problem http://www.satcompetition.org/](https://image.slidesharecdn.com/matfyz-softwaresecurity-150522124803-lva1-app6891/85/Software-Security-From-school-to-reality-and-back-18-320.jpg)
Software Security : From school to reality and back!
- 1. Software Security From school to reality and back!
- 2. #outline * terminology * hacker-hats * From school * tools * competitions * progress * references
- 3. Programing ? * Program : Transformation of question / task to math-logic problem * Code : Smart calculator based on sequences of reads and writes * Performance how smart you build logic of your calculator
- 4. hacker http://en.wikipedia.org/wiki/Hacker Hacker (term), is a term used in computing that can describe several types of persons 1. Hacker (computer security) someone who seeks and exploits weaknesses in a computer system or computer network 2. Hacker (hobbyist), who makes innovative customizations or combinations of retail electronic and computer equipment 3. Hacker (programmer subculture), who combines excellence, playfulness, cleverness and exploration in performed activities
- 5. vulnerability http://en.wikipedia.org/wiki/Vulnerability_(computing) In computer security, a vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw.[1] To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness. In this frame, vulnerability is also known as the attack surface
- 6. exploitation http://en.wikipedia.org/wiki/Exploit_(computer_security) An exploit (from the English verb to exploit, meaning "using something to one’s own advantage") is a piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug or vulnerability in order to cause *UNINTENDED OR UNANTICIPATED BEHAVIOR* to occur on computer software, hardware, or something electronic (usually computerized). Such behavior frequently includes things like gaining control of a computer system, allowing privilege escalation, or a denial-of-service attack.
- 7. Exploitation [??? guys] ▪ Hunt vulnerabilities – Write fuzzers, checkers, support tools … – Use 0days for their own reasons, cyber weapons, spying.. ▪ Invent / copy methodologies – Misuse hole in protection mechanism for attack! – Do 0day business with 3rd party – Keep their research private
- 8. What ??? do
- 9. Exploitation [good guys] ▪ Hunt vulnerabilities – Write fuzzers, checkers, support tools … – Report to vendors & Cooperate on fix ▪ Invent new methodologies – To uncover weakness of current protection mechanism – Cooperate on effective mitigations – Share research with community for faster improvement
- 10. What good guys do
- 12. Attack chain • Social engineering • Vulnerability Attack vector : • Killing 0days proactive solution! Prevent to automatic install malware • Cure after- effects Dissecting malware If proactive fails Targeted attack here won already!
- 13. Aftermath Low hanging fruits Poping calcs Good luck …
- 14. ... It is all about bugs ... ▪ We are humans and making mistakes ▪ Many bugs in code, especially in large codebase ▪ OS introduce many defensive mechanism for effective mitigating techniques for exploiting bugs ▪ What every programmer should know – Algorithms – Designs problems & principles – CPU & Memory (& at least basic understanding of your compiler) – vulnerability classes – mitigation techniques – auditing tools
- 15. Algorithms [RP, Tvorba efekt. algo.] ▪ Most of times you will not re-implement binary trees, fibonaci heaps, flow algo … ▪ But Algorithmic thinking helps you to find a way how to effective solve given problems ▪ It learns you out-of-box thinking ▪ BUT, Can also push you to the corners! ▪ Always keep in mind : PERFORMANCE > SECURITY is very *very* bad idea ▪ First think about design, later optimize! https://www.topcoder.com/community/data-science/data-science-tutorials/
- 16. Design [Programovanie (3)] ▪ OOP is very effective way to build complex systems ▪ Reuse code, modularity, abstraction ▪ Keep clean code, descriptive naming, simple one purpose functions ▪ Keep focus on language features, and its newest development! ▪ Design patterns can help /show you generalization of problem ▪ But design patterns are *not* solution for everything ▪ Think about design patterns and use them when it is appropriate ▪ Good design leads to easier maintance, refactoring & review https://sourcemaking.com/design_patterns http://www.stroustrup.com/C++11FAQ.htm
- 17. MEMORY & CPU [Principy pocitacov] ▪ Understand memory & cpu – How are data stored – Instructions – assembler ▪ X86, arm ▪ Understand “program->compiler->assembly” – Variables – Functions – Loops & calls https://www.recurse.com/blog/5-learning-c-with-gdb https://www.recurse.com/blog/7-understanding-c-by-learning http://www.intel.com/content/www/us/en/processors/architectures-software-developer-manuals.html
- 18. SAT Solvers [FOJA, Algebra] ▪ Magic Blackbox with right answer – Boolean Satisfiability Problem ▪ Based on Boolean algebra ▪ NP-complete , but some optimalization used ▪ Appropriate & smart formulation of problem (part of problem), helps in fuzzers and explotation as well ▪ Competition of sat solvers! http://www.quarkslab.com/dl/StHack2015-Dynamic-Behavior- Analysis-using-Binary-Instrumentation-Jonathan-Salwan.pdf https://github.com/0vercl0k/z3- playground/blob/master/hackingweek-reverse400_z3.py http://en.wikipedia.org/wiki/Boolean_satisfiability_problem http://www.satcompetition.org/
- 19. bugs & bugs http://www.sublimetext.com/ http://en.wikipedia.org/wiki/Buffer_overflow
- 20. CODE : Bubble sort ? http://www.vim.org/ https://inguma.eu/projects/bokken
- 21. VULNERABILITY Bubble sort ! As signed numbers can represent NEGATIVE numbers, they lose a range of positive numbers that can only be represented with unsigned numbers of the same size (in bits) because roughly half the possible values are non-positive values (so if an 8- bit is signed, positive unsigned values 128 to 255 are gone while -128 to 127 are present). Unsigned variables can dedicate all the possible values to the positive number range.https://www.visualstudio.com/ en-us/products/visual-studio- community-vs.aspx
- 23. Some of hardening Stack canaries Memory allocation randomiza tion Memory object separation DEP i want exec Those are data
- 24. How to Start … tools, competitions …
- 25. IDE (+ plugins!) programming environment • Visual Studio 2013 (community edition) • Vim • Sublime
- 26. REVERSE ENGENEERING • bokken • windbg • gdb (lldb)
- 27. Virtual machine + emulators • Virtual Box • Bochsd • Qemu
- 28. Additional tools (win) • ConEmu (far manager) • Hiew • cygwin
- 29. Additional tools • Z3 • Capstone • Git • Process explorer
- 32. Final words … advices, references …
- 33. SELF – learning For ever and ever best approach *DO SPORT* Keep balanced body and mind essential for creative ideas ;) HARDwork Push 110% to everything in your life (learning, sport, work, study, …)
- 34. #whoami * Peter Hlavaty - @zer0mem * GJH (2004-2008) * Matfyz (2008-2010) * ESET (2010-2014) * KEEN (2014-…) * Conferences (…) * Lectures (…) * Pwn Events (...) Feel free to ContacT me I will try to help (with some delay +- :)
- 35. tweets ▪ @aionescu ▪ @Ivanlef0u ▪ @K33nTeam ▪ @binitamshah ▪ @taviso ▪ @team509 ▪ @mdowd ▪ @d_olex ▪ @grsecurity ▪ @kernelpool ▪ @gynvael ▪ @j00ru ▪ @lcamtuf ▪ @0verl0ck ▪ @matrosov ▪ @vxradius ▪ @trimosx ▪ @solardiz
- 36. References - tools editor: http://www.vim.org/ https://www.visualstudio.com/en-us/ products/visual-studio-community-vs.aspx http://www.sublimetext.com/ re : https://inguma.eu/projects/bokken http://www.radare.org/r/ http://www.capstone-engine.org/ http://www.windbg.org/ https://msdn.microsoft.com/en- us/library/windows/hardware/ff551063(v=vs.85) .aspx http://www.gnu.org/software/gdb/ http://lldb.llvm.org/ virtual : https://www.virtualbox.org/ http://bochs.sourceforge.net/ http://wiki.qemu.org/Main_Page tools: http://www.farmanager.com/ http://www.hiew.ru/ http://conemu.github.io/ https://www.cygwin.com/ https://github.com/Z3Prover/z3 http://rise4fun.com/z3/tutorial http://www.capstone-engine.org/ https://github.com/ https://technet.microsoft.com/sk- sk/sysinternals/bb896653