Difference between revisions of "Riding the Overflow - Then and Now"

(Created page with " ''by Miroslav Stampar ;Exploiting software vulnerability after finding one one has dramatically become harder, but still not impossible. Times of "Smashing the Stack for F...")
 
 
(One intermediate revision by one user not shown)
Line 2: Line 2:
  
  
''by Miroslav Stampar
+
''by [[Miroslav Stampar]]
  
;Exploiting software vulnerability after finding one one has dramatically become harder, but still not impossible. Times of "Smashing the Stack for Fun and Profit" look like a distant past. Rules have changed in the last decade with introduction of security mechanisms such as: Address Space Layout Randomization (ASLR), Data Execution Prevention (DEP), NX (No eXecute)/XD (eXecute Disable)/XN (eXecute Never) bit(s), Stack Canaries, Structured Exception Handler Overwrite Protection (SEHOP), etc. In this talk popular security mechanisms will be presented together with respective counter-methods (if any) used by hackers to bypass them. Also, a small demonstration should be done accompanying the presentation.
+
;Exploiting software vulnerability after finding one one has dramatically become harder, but still not impossible. Times of "Smashing the Stack for Fun and Profit" look like a distant past. Rules have changed in the last decade with introduction of security mechanisms such as - Address Space Layout Randomization (ASLR), Data Execution Prevention (DEP), NX (No eXecute)/XD (eXecute Disable)/XN (eXecute Never) bit(s), Stack Canaries, Structured Exception Handler Overwrite Protection (SEHOP), etc. In this talk popular security mechanisms will be presented together with respective counter-methods (if any) used by hackers to bypass them. Also, a small demonstration should be done accompanying the presentation.

Latest revision as of 16:05, 4 August 2014


by Miroslav Stampar

Exploiting software vulnerability after finding one one has dramatically become harder, but still not impossible. Times of "Smashing the Stack for Fun and Profit" look like a distant past. Rules have changed in the last decade with introduction of security mechanisms such as - Address Space Layout Randomization (ASLR), Data Execution Prevention (DEP), NX (No eXecute)/XD (eXecute Disable)/XN (eXecute Never) bit(s), Stack Canaries, Structured Exception Handler Overwrite Protection (SEHOP), etc. In this talk popular security mechanisms will be presented together with respective counter-methods (if any) used by hackers to bypass them. Also, a small demonstration should be done accompanying the presentation.
Retrieved from "https://2k14.balccon.org/index.php?title=Riding_the_Overflow_-_Then_and_Now&oldid=658"