Buffer Overflows
Zur Navigation springen
Zur Suche springen
Veranstaltung | |
---|---|
Titel | Buffer Overflows |
Untertitel | |
Termin | |
Ort | |
Thema | |
Vortragende(r) | |
Referent(inn)en: | Sven, Carsten Grohmann und Caldrin |
Links | |
C3D2 Webseite | |
Thema | siehe unten |
Folien |
Gliederung
- Speicherlayout
- Klassische stackbasierte Angriffe
- Framepointer overwrite
- BSS-Overflow
- Heap-Overflow
Link-Sammlung (Allgemein)
Audit-Tools
- Splint (C)
- RATS Rough Auditing Tool for Security (C, C++, PHP, Perl & Python)
- Flawfinder (C/C++)
- ITS4 (C/C++)
- PScan (C)
- ElectricFence - malloc() debugger
- CodeWizard (commercial)
Exploit-Programmierung
- Smashing the Stack for fun and Profit
- w00w00 on Heap Overflows
- How to write remote exploits
- Non-Stack Overflows on Windows
- Defeating Microsoft Windows 2003 Stack Protection
- Variations in Exploit methods between Linux and Windows
- Exploitation of UNICODE Buffer Overflows
- Windows 2000 Format String Vulnerabilities
- Buffer Overflows on SPARC Architecture
- Buffer Overflows for Beginner
- Frame Pointer Overwrite
- Exploiting Non-adjacent Memory Spaces
- Howto remotely and automatically exploit a format bug
- Advanced Doug Lea's malloc exploits
- Bypassing Stackguard and Stackshield
- Exploiting Format String Vulnerabilities
- Once upon a free()...
- The advanced return-into-lib(c) exploits
- Buffer overflow exploit in the alpha linux
- Howto write Buffer Overflows
Protection
- Static Analysis
- A first step towards automated detection of buffer overrun vulnerabilities
- Cleanness Checking of String Manipulations in C Programs via Integer Analysis
- Statically detecting likely buffer overflow vulnerabilities
- Detecting heap smashing attacks through fault containment wrappers
- Accurate Buffer Overflow Detection via Abstract Payload Execution
- A Comparison of Publicly Available Tools for Static Intrusion Prevention
- CSSV: Towards a Realistic Tool for Statically Detecting All Buffer Overflows in C
- Protecting C Programs from Attacks via Invalid Pointer Dereferences
- A Binary Rewriting Defense Against Stack-based Buffer Overflow Attacks
- Static Analysis of Executables to Detect Malicious Patterns
- Address Obfuscation: An Approach to Combat Buffer Overflows, Format-String Attacks, and More
- Compiler Patches
- Adding run-time checking to the portable c compiler
- Protecting from stack smashing attacks
- Bounds Checking for C
- StackGuard: Automatic adaptive detection and prevention of buffer overflowattacks
- Stack Shield: A "stack smashing" technique protection tool for linux
- Rad: A compiletime solution to buffer overflow attacks
- GCC extension for protecting applications from stack-smashing attacks
- Protecting pointers from buffer overflow vulnerabilities
- C Library Patches
- Kernel / OS Patches
Shellcode
- Polymorphic Shellcode Engine
- The Art of Writing Shellcode
- Designing Shellcode Demystified
- Building IA32 'Unicode-Proof' Shellcodes