Linux Forensics. Newbug Tseng Oct
|
|
- Roxanne McBride
- 6 years ago
- Views:
Transcription
1 Linux Forensics Newbug Tseng Oct
2 Contents Are u ready Go Real World Exploit Attack Detect
3 Are u ready
4 Linux File Permission OWNER GROUP OTHER R R R W SUID on exection 4000 X W SGID on execution 2000 X W Sticky bit 1000 X
5 File Information man 2 stat struct stat { dev_t ino_t mode_t nlink_t uid_t gid_t dev_t off_t blksize_t blkcnt_t time_t time_t time_t }; st_dev; /* device */ st_ino; /* inode */ st_mode; /* protection */ st_nlink; /* number of hard links */ st_uid; /* user ID of owner */ st_gid; /* group ID of owner */ st_rdev; /* device type (if inode device) */ st_size; /* total size, in bytes */ st_blksize; /* blocksize for filesystem I/O */ st_blocks; /* number of blocks allocated */ st_atime; /* time of last access */ st_mtime; /* time of last modification */ st_ctime; /* time of last status change */
6 Go
7 Exploit Exploit: 1. A way of breaking into a system. 2 An exploit takes advantage of a weakness in a system in order to hack it.
8 Memory Layout Memory layout of a linux process
9 Stack Layout Low memory High memory a typical stack region
10 Stack Overflow
11 Stack Overflow (cont.)
12 Stack Overflow (cont.) Before overflow After overflow
13 Assembly Registers 32 bits EAX EBX ECX EDX 16 bits AX BX CX DX Intel-x86 8 bits (high) AH BH CH DH 8 bits (low) AL BL CL DL
14 Assembly (cont.) MOV move a value in a register. mov $0x4, %al mov %eax, %ebx PUSH Put a value in the stack POP Get a value from the stack and store it in a register of in a variable INT interrupt call int $0x80 it gives the control to the kernel
15 Shellcode
16 Shellcode (cont.)
17 Shellcode (cont.)
18 Shellcode (cont.)
19 Shellcode (cont.) Find System call number grep write /usr/include/asm/unistd.h #define NR_write 4 Find System call arguments ssize_t write(int fd, const void *buf, size_t count); eax == write syscall no. ebx == fd ecx == address of buf edx == write length
20 Shellcode (cont.)
21 Shellcode (cont.)
22 Shellcode (cont.)
23 Simple Exploit
24 Simple Exploit (cont.)
25 Simple Exploit (cont.) General Overflow technique: 1. Stack based. 2. Heap based. 3. Format string.
26 Simple Exploit (cont.) By pass technique 1. ret-into-libc. 2. etc
27 Real World Exploit
28 Cdrecord Problem Description: Max Vozeler found that the cdrecord program, which is suid root, fails to drop euid=0 when it exec()s a program specified by the user through the $RSH environment variable. This can be abused by a local attacker to obtain root privileges.
29 Cdrecord (cont.)
30 Samba Problem Description: The problem is that an anonymous user can gain remote root access due to a buffer overflow vulnerability caused by a StrnCpy () into a character array fname using a non-constant length namelen : line 252 of smbd/trans2.c StrnCpy(fname,pname,namelen);
31 Samba (cont.)
32 Samba (cont.)
33 Samba (cont.)
34 Ptrace/kmod Problem Description: When a process requests a feature which is in a module, the kernel spawns a child process, sets its euid and egid to 0 and calls execve("/sbin/modprobe") The problem is that before the euid change the child process can be attached to with ptrace(). Game over, the user can insert any code into a process which will be run with the superuser privileges.
35 Ptrace/kmod (cont.)
36 Ptrace/kmod (cont.)
37 mremap Problem Description A critical security vulnerability has been found in the Linux kernel memory management code inside the mremap(2) system call due to missing function return value check.
38 mremap (cont.)
39 Attack
40 Before Attack Lock on Target / Just attack Collect information Vulnerability ( nessus / nmap etc) Remote Service Attack ( gain shell / DoS )
41 DNS Zone Transfer
42 Whois
43 Nmap
44 Nessus
45 Nessus (cont.)
46 Nessus (cont.)
47 Nessus (cont.)
48 Nessus (cont.)
49 After Local 0wn3d Password save / crack Hidden Yourself Backdoor Find sensitive information Find the way to intranet Find other targets Etc
50 Rip the password
51 Hide Yourself
52 Hide Yourself (cont.)
53 Hide Yourself (cont.)
54 Hide Yourself (cont.)
55 Hide Yourself (cont.) Others: All log in /var/log
56 B4ckd00r Suid Shell
57 B4ckd00r (cont.)
58 B4ckd00r (cont.) Bind Port
59 B4ckd00r (cont.)
60 B4ckd00r (cont.) Reverse connection backdoor
61 B4ckd00r (cont.)
62 B4ckd00r (cont.) Kernel b4ckd00r adore
63 B4ckd00r (cont.)
64 B4ckd00r (cont.)
65 B4ckd00r (cont.)
66 B4ckd00r (cont.)
67 B4ckd00r (cont.) Others ( icmp/telnetd/xinetd/portmap etc. )
68 Sniffer NIC turn to Promiscous Mode
69 Detect
70 DETECT User Indications Failed log-in attempts Log-ins to accounts that have not been used for an extended period of time Log-ins during hours other than non-working hours The presence of new user accounts that were not created by the system administrator su entries or logins from strange places, as well as repeated failed attempts
71 DETECT System Indications Modifications to system software and configuration files Gaps in system accounting that indicate that no activity has occurred for a long period of time Unusually slow system performance System crashes or reboots Short or incomplete logs Logs containing strange timestamps Logs with incorrect permissions or ownership Missing logs Abnormal system performance Unfamiliar processes Unusual graphic displays or text messages.
72 Netstat SYN scan
73 IPLog What is IPLog? iplog is a TCP/IP traffic logger. Currently, it is capable of logging TCP, UDP and ICMP traffic. Needed packages libpcap --
74 IPLog (cont.) Install
75 IPLog (cont.) Nmap SYN scan
76 IPLog (cont.) Nmap FIN scan
77 IPLog (cont.) Nmap Xmas scan
78 IPLog (cont.) Nmap null scan
79 IPLog (cont.) Nessus scan
80 Analyze logfiles ~/.bash_history
81 Analyze logfiles (cont.) /var/log/sudo.log
82 Analyze logfiles (cont.) /var/log/auth.log
83 Analyze logfiles (cont.) /var/log/messages
84 Analyze logfiles (cont.) /var/log/secure
85 Analyze logfiles (cont.) /var/log/xferlog
86 Analyze logfiles (cont.) /var/log/samba/*
87 Analyze Traffic Use tcpdump tcpdump -i eth0 host and port 9999
88 Analyze Traffic (cont.) Use sniffit
89 Detect Sniffer
90 Detect Sniffer (cont.)
91 Find B4ckd00r (cont.) Find Suid R00t backdoor
92 Find B4ckd00r (cont.) Find by timestamp (mtime)
93 Find B4ckd00r (cont.) Find by timestamp (ctime)
94 Find B4ckd00r (cont.) Use string
95 Find B4ckd00r (cont.) Use md5check
96 Find B4ckd00r (cont.) Use /proc
97 Find B4ckd00r (cont.) Use library hook
98 Find B4ckd00r (cont.)
99 Find B4ckd00r (cont.) lsof What is lsof? Lsof is a Unix-specific diagnostic tool. Its name stands for LiSt Open Files, and it does just that. It lists information about any files that are open by processes currently running on the system. It can also list communications open by each process.
100 Find B4ckd00r (cont.) Install
101 Find B4ckd00r (cont.) lsof grep daemon (daemon_active)
102 Find B4ckd00r (cont.) lsof grep daemon (daemon_passive)
103 Find B4ckd00r (cont.) chkrootkit What is chkrootkit? locally checks for signs of a rootkit.
104 Find B4ckd00r (cont.) Install
105 Find B4ckd00r (cont.)
106 Find B4ckd00r (cont.)
107 Find B4ckd00r (cont.)
108 Questions?
109 Reference The art of exploitation The Shellcoder s Handbook Adore lkm backdoor -- Wipe - Page - Tcpdump --
110 Reference (cont.) Cdrecord Vuln Ptrace/kmod Vuln - Samba Vuln - Mremap Vuln - Lsof project --
111 Reference (cont.) Nmap Nessus -- Iplog -- Chkrootkit -- John the Ripper password cracker -
112 Thanks!
Memory Mapped I/O. Michael Jantz. Prasad Kulkarni. EECS 678 Memory Mapped I/O Lab 1
Memory Mapped I/O Michael Jantz Prasad Kulkarni EECS 678 Memory Mapped I/O Lab 1 Introduction This lab discusses various techniques user level programmers can use to control how their process' logical
More informationAdvanced Systems Security: Ordinary Operating Systems
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationFile System (FS) Highlights
CSCI 503: Operating Systems File System (Chapters 16 and 17) Fengguang Song Department of Computer & Information Science IUPUI File System (FS) Highlights File system is the most visible part of OS From
More informationImportant Dates. October 27 th Homework 2 Due. October 29 th Midterm
CSE333 SECTION 5 Important Dates October 27 th Homework 2 Due October 29 th Midterm String API vs. Byte API Recall: Strings are character arrays terminated by \0 The String API (functions that start with
More informationI/O OPERATIONS. UNIX Programming 2014 Fall by Euiseong Seo
I/O OPERATIONS UNIX Programming 2014 Fall by Euiseong Seo Files Files that contain a stream of bytes are called regular files Regular files can be any of followings ASCII text Data Executable code Shell
More informationDesign Choices 2 / 29
File Systems One of the most visible pieces of the OS Contributes significantly to usability (or the lack thereof) 1 / 29 Design Choices 2 / 29 Files and File Systems What s a file? You all know what a
More informationI/O OPERATIONS. UNIX Programming 2014 Fall by Euiseong Seo
I/O OPERATIONS UNIX Programming 2014 Fall by Euiseong Seo Files Files that contain a stream of bytes are called regular files Regular files can be any of followings ASCII text Data Executable code Shell
More informationCS , Spring Sample Exam 3
Andrew login ID: Full Name: CS 15-123, Spring 2010 Sample Exam 3 Mon. April 6, 2009 Instructions: Make sure that your exam is not missing any sheets, then write your full name and Andrew login ID on the
More informationHyo-bong Son Computer Systems Laboratory Sungkyunkwan University
File I/O Hyo-bong Son (proshb@csl.skku.edu) Computer Systems Laboratory Sungkyunkwan University http://csl.skku.edu Unix Files A Unix file is a sequence of m bytes: B 0, B 1,..., B k,..., B m-1 All I/O
More informationThe course that gives CMU its Zip! I/O Nov 15, 2001
15-213 The course that gives CMU its Zip! I/O Nov 15, 2001 Topics Files Unix I/O Standard I/O A typical hardware system CPU chip register file ALU system bus memory bus bus interface I/O bridge main memory
More informationFiles and Directories Filesystems from a user s perspective
Files and Directories Filesystems from a user s perspective Unix Filesystems Seminar Alexander Holupirek Database and Information Systems Group Department of Computer & Information Science University of
More informationOperating System Labs. Yuanbin Wu
Operating System Labs Yuanbin Wu CS@ECNU Operating System Labs Project 3 Oral test Handin your slides Time Project 4 Due: 6 Dec Code Experiment report Operating System Labs Overview of file system File
More informationLecture 23: System-Level I/O
CSCI-UA.0201-001/2 Computer Systems Organization Lecture 23: System-Level I/O Mohamed Zahran (aka Z) mzahran@cs.nyu.edu http://www.mzahran.com Some slides adapted (and slightly modified) from: Clark Barrett
More informationstructs as arguments
Structs A collection of related data items struct record { char name[maxname]; int count; ; /* The semicolon is important! It terminates the declaration. */ struct record rec1; /*allocates space for the
More information17: Filesystem Examples: CD-ROM, MS-DOS, Unix
17: Filesystem Examples: CD-ROM, MS-DOS, Unix Mark Handley CD Filesystems ISO 9660 Rock Ridge Extensions Joliet Extensions 1 ISO 9660: CD-ROM Filesystem CD is divided into logical blocks of 2352 bytes.
More informationFile I/O. Jin-Soo Kim Computer Systems Laboratory Sungkyunkwan University
File I/O Jin-Soo Kim (jinsookim@skku.edu) Computer Systems Laboratory Sungkyunkwan University http://csl.skku.edu Unix Files A Unix file is a sequence of m bytes: B 0, B 1,..., B k,..., B m-1 All I/O devices
More informationAutomated Test Generation in System-Level
Automated Test Generation in System-Level Pros + Can be easy to generate system TCs due to clear interface specification + No false alarm (i.e., no assert violation caused by infeasible execution scenario)
More informationContents. NOTICE & Programming Assignment #1. QnA about last exercise. File IO exercise
File I/O Examples Prof. Jin-Soo Kim(jinsookim@skku.edu) TA - Dong-Yun Lee(dylee@csl.skku.edu) Computer Systems Laboratory Sungkyunkwan University http://csl.skku.edu Contents NOTICE & Programming Assignment
More informationUNIX System Calls. Sys Calls versus Library Func
UNIX System Calls Entry points to the kernel Provide services to the processes One feature that cannot be changed Definitions are in C For most system calls a function with the same name exists in the
More informationSystem Calls. Library Functions Vs. System Calls. Library Functions Vs. System Calls
System Calls Library Functions Vs. System Calls A library function: Ordinary function that resides in a library external to the calling program. A call to a library function is just like any other function
More informationCS 201. Files and I/O. Gerson Robboy Portland State University
CS 201 Files and I/O Gerson Robboy Portland State University A Typical Hardware System CPU chip register file ALU system bus memory bus bus interface I/O bridge main memory USB controller graphics adapter
More informationOperating System Labs. Yuanbin Wu
Operating System Labs Yuanbin Wu CS@ECNU Operating System Labs Project 4 (multi-thread & lock): Due: 10 Dec Code & experiment report 18 Dec. Oral test of project 4, 9:30am Lectures: Q&A Project 5: Due:
More informationFile I/O. Dong-kun Shin Embedded Software Laboratory Sungkyunkwan University Embedded Software Lab.
1 File I/O Dong-kun Shin Embedded Software Laboratory Sungkyunkwan University http://nyx.skku.ac.kr Unix files 2 A Unix file is a sequence of m bytes: B 0, B 1,..., B k,..., B m-1 All I/O devices are represented
More informationMemento: Time Travel for the Web
Old Dominion University ODU Digital Commons Computer Science Presentations Computer Science 11-10-2010 Herbert Van de Sompel Michael L. Nelson Old Dominion University, mnelson@odu.edu Robert Sanderson
More informationContents. Programming Assignment 0 review & NOTICE. File IO & File IO exercise. What will be next project?
File I/O Prof. Jin-Soo Kim(jinsookim@skku.edu) TA - Dong-Yun Lee(dylee@csl.skku.edu) Computer Systems Laboratory Sungkyunkwan University http://csl.skku.edu Contents Programming Assignment 0 review & NOTICE
More informationThesis, antithesis, synthesis
Identity Page 1 Thesis, antithesis, synthesis Thursday, December 01, 2011 4:00 PM Thesis, antithesis, synthesis We began the course by considering the system programmer's point of view. Mid-course, we
More informationChapter 4 - Files and Directories. Information about files and directories Management of files and directories
Chapter 4 - Files and Directories Information about files and directories Management of files and directories File Systems Unix File Systems UFS - original FS FFS - Berkeley ext/ext2/ext3/ext4 - Linux
More informationCNIT 127: Exploit Development. Ch 3: Shellcode. Updated
CNIT 127: Exploit Development Ch 3: Shellcode Updated 1-30-17 Topics Protection rings Syscalls Shellcode nasm Assembler ld GNU Linker objdump to see contents of object files strace System Call Tracer Removing
More informationSystem- Level I/O. Andrew Case. Slides adapted from Jinyang Li, Randy Bryant and Dave O Hallaron
System- Level I/O Andrew Case Slides adapted from Jinyang Li, Randy Bryant and Dave O Hallaron 1 Unix I/O and Files UNIX abstracts many things into files (just a series of bytes) All I/O devices are represented
More informationCS631 - Advanced Programming in the UNIX Environment
CS631 - Advanced Programming in the UNIX Environment Slide 1 CS631 - Advanced Programming in the UNIX Environment Files and Directories Department of Computer Science Stevens Institute of Technology Jan
More informationThis is an example C code used to try out our codes, there several ways to write this but they works out all the same.
...._ _... _.;_/ [_) (_]\_ [ )(_](_. \.net._ "LINUX SHELLCODING REFERENCE" Author: Nexus Email: nexus.hack@gmail.com Website: http://www.playhack.net Introduction ------------- One of the most important
More informationAll the scoring jobs will be done by script
File I/O Prof. Jinkyu Jeong( jinkyu@skku.edu) TA-Seokha Shin(seokha.shin@csl.skku.edu) TA-Jinhong Kim( jinhong.kim@csl.skku.edu) Computer Systems Laboratory Sungkyunkwan University http://csl.skku.edu
More informationSystem-Level I/O. Topics Unix I/O Robust reading and writing Reading file metadata Sharing files I/O redirection Standard I/O
System-Level I/O Topics Unix I/O Robust reading and writing Reading file metadata Sharing files I/O redirection Standard I/O A Typical Hardware System CPU chip register file ALU system bus memory bus bus
More informationFile Systems. q Files and directories q Sharing and protection q File & directory implementation
File Systems q Files and directories q Sharing and protection q File & directory implementation Files and file systems Most computer applications need to Store large amounts of data; larger than their
More informationContents. NOTICE & Programming Assignment 0 review. What will be next project? File IO & File IO exercise
File I/O Prof. Jin-Soo Kim( jinsookim@skku.edu) TA Dong-Yun Lee(dylee@csl.skku.edu) Computer Systems Laboratory Sungkyunkwan University http://csl.skku.edu Contents NOTICE & Programming Assignment 0 review
More informationAll the scoring jobs will be done by script
File I/O Prof. Jin-Soo Kim( jinsookim@skku.edu) TA Sanghoon Han(sanghoon.han@csl.skku.edu) Computer Systems Laboratory Sungkyunkwan University http://csl.skku.edu Announcement (1) All the scoring jobs
More informationFile Systems. Today. Next. Files and directories File & directory implementation Sharing and protection. File system management & examples
File Systems Today Files and directories File & directory implementation Sharing and protection Next File system management & examples Files and file systems Most computer applications need to: Store large
More informationSystem calls and assembler
System calls and assembler Michal Sojka sojkam1@fel.cvut.cz ČVUT, FEL License: CC-BY-SA 4.0 System calls (repetition from lectures) A way for normal applications to invoke operating system (OS) kernel's
More informationHEC POSIX I/O API Extensions Rob Ross Mathematics and Computer Science Division Argonne National Laboratory
HEC POSIX I/O API Extensions Rob Ross Mathematics and Computer Science Division Argonne National Laboratory rross@mcs.anl.gov (Thanks to Gary Grider for providing much of the material for this talk!) POSIX
More informationRicardo Rocha. Department of Computer Science Faculty of Sciences University of Porto
Ricardo Rocha Department of Computer Science Faculty of Sciences University of Porto For more information please consult Advanced Programming in the UNIX Environment, 3rd Edition, W. Richard Stevens and
More informationX86 Review Process Layout, ISA, etc. CS642: Computer Security. Drew Davidson
X86 Review Process Layout, ISA, etc. CS642: Computer Security Drew Davidson davidson@cs.wisc.edu From Last Time ACL-based permissions (UNIX style) Read, Write, execute can be restricted on users and groups
More informationUNIX FILESYSTEM STRUCTURE BASICS By Mark E. Donaldson
THE UNIX FILE SYSTEM Under UNIX we can think of the file system as everything being a file. Thus directories are really nothing more than files containing the names of other files and so on. In addition,
More informationSystem-Level I/O Nov 14, 2002
15-213 The course that gives CMU its Zip! System-Level I/O Nov 14, 2002 Topics Unix I/O Robust reading and writing Reading file metadata Sharing files I/O redirection Standard I/O class24.ppt A Typical
More informationA Typical Hardware System The course that gives CMU its Zip! System-Level I/O Nov 14, 2002
class24.ppt 15-213 The course that gives CMU its Zip! System-Level I/O Nov 14, 2002 Topics Unix I/O Robust reading and writing Reading file metadata Sharing files I/O redirection Standard I/O A Typical
More informationFiles and Directories Filesystems from a user s perspective
Files and Directories Filesystems from a user s perspective Unix Filesystems Seminar Alexander Holupirek Database and Information Systems Group Department of Computer & Information Science University of
More informationCS642: Computer Security
X86 Review Process Layout, ISA, etc. CS642: Computer Security Drew Davidson davidson@cs.wisc.edu From Last Week ACL- based permissions (UNIX style) Read, Write, execute can be restricted on users and groups
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 13: Operating System Security Department of Computer Science and Engineering University at Buffalo 1 Review Previous topics access control authentication session
More informationPenetration Testing with Kali Linux
Penetration Testing with Kali Linux PWK Copyright Offensive Security Ltd. All rights reserved. Page 1 of 11 All rights reserved to Offensive Security No part of this publication, in whole or in part, may
More informationShell Code For Beginners
Shell Code For Beginners Beenu Arora Site: www.beenuarora.com Email: beenudel1986@gmail.com ################################################################ #.. # # _/ \ _ \ _/ # # / \ \\ \ / // \/ /_\
More information39. File and Directories
39. File and Directories Oerating System: Three Easy Pieces AOS@UC 1 Persistent Storage Kee a data intact even if there is a ower loss. w Hard disk drive w Solid-state storage device Two key abstractions
More informationMaster Calcul Scientifique - Mise à niveau en Informatique Written exam : 3 hours
Université de Lille 1 Année Universitaire 2015-2016 Master Calcul Scientifique - Mise à niveau en Informatique Written exam : 3 hours Write your code nicely (indentation, use of explicit names... ), and
More informationSystems Programming/ C and UNIX
Systems Programming/ C and UNIX Alice E. Fischer September 9, 2015 Alice E. Fischer Systems Programming Lecture 3... 1/39 September 9, 2015 1 / 39 Outline 1 Compile and Run 2 Unix Topics System Calls The
More informationAbout unchecked management SMM & UEFI. Vulnerability. Patch. Conclusion. Bruno Pujos. July 16, Bruno Pujos
July 16, 2016 1/45 Whoami RE, vulnerability research LSE 2015 Sogeti since 2/45 1 2 Reverse Exploitation 3 4 3/45 Agenda 1 4/45 Agenda 1 5/45 Unified Extended FIrmware is based on EFI Specification for
More informationBetriebssysteme und Sicherheit Sicherheit. Buffer Overflows
Betriebssysteme und Sicherheit Sicherheit Buffer Overflows Software Vulnerabilities Implementation error Input validation Attacker-supplied input can lead to Corruption Code execution... Even remote exploitation
More informationFile Input and Output (I/O)
File Input and Output (I/O) Brad Karp UCL Computer Science CS 3007 15 th March 2018 (lecture notes derived from material from Phil Gibbons, Dave O Hallaron, and Randy Bryant) 1 Today UNIX I/O Metadata,
More informationLecture 15 Intel Manual, Vol. 1, Chapter 3. Fri, Mar 6, Hampden-Sydney College. The x86 Architecture. Robb T. Koether. Overview of the x86
Lecture 15 Intel Manual, Vol. 1, Chapter 3 Hampden-Sydney College Fri, Mar 6, 2009 Outline 1 2 Overview See the reference IA-32 Intel Software Developer s Manual Volume 1: Basic, Chapter 3. Instructions
More informationFiles and Directories
Files and Directories Stat functions Given pathname, stat function returns structure of information about file fstat function obtains information about the file that is already open lstat same as stat
More informationHackveda Training - Ethical Hacking, Networking & Security
Hackveda Training - Ethical Hacking, Networking & Security Day1: Hacking windows 7 / 8 system and security Part1 a.) Windows Login Password Bypass manually without CD / DVD b.) Windows Login Password Bypass
More informationProtecting Against Unexpected System Calls
Protecting Against Unexpected System Calls C. M. Linn, M. Rajagopalan, S. Baker, C. Collberg, S. K. Debray, J. H. Hartman Department of Computer Science University of Arizona Presented By: Mohamed Hassan
More informationReverse Engineering II: Basics. Gergely Erdélyi Senior Antivirus Researcher
Reverse Engineering II: Basics Gergely Erdélyi Senior Antivirus Researcher Agenda Very basics Intel x86 crash course Basics of C Binary Numbers Binary Numbers 1 Binary Numbers 1 0 1 1 Binary Numbers 1
More informationwhich maintain a name to inode mapping which is convenient for people to use. All le objects are
UNIX Directory Organization UNIX directories are simple (generally ASCII) les which maain a name to inode mapping which is convenient for people to use. All le objects are represented by one or more names
More informationStrategic Infrastructure Security
Strategic Infrastructure Security Course Number: SCPSIS Length: Certification Exam There are no exams currently associated with this course. Course Overview This course picks up right where Tactical Perimeter
More informationFundamentals of Linux Platform Security
Fundamentals of Linux Platform Security Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 Hands-On Network Security Module 1 Reconnaissance Tools Roadmap Review of generally
More informationFundamentals of Linux Platform Security. Hands-On Network Security. Roadmap. Security Training Course. Module 1 Reconnaissance Tools
Fundamentals of Linux Platform Security Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 Hands-On Network Security Module 1 Reconnaissance Tools Roadmap Review of generally
More informationReverse Engineering II: The Basics
Reverse Engineering II: The Basics Gergely Erdélyi Senior Manager, Anti-malware Research Protecting the irreplaceable f-secure.com Binary Numbers 1 0 1 1 - Nibble B 1 0 1 1 1 1 0 1 - Byte B D 1 0 1 1 1
More informationBUFFER OVERFLOW DEFENSES & COUNTERMEASURES
BUFFER OVERFLOW DEFENSES & COUNTERMEASURES CMSC 414 FEB 01 2018 RECALL OUR CHALLENGES How can we make these even more difficult? Putting code into the memory (no zeroes) Finding the return address (guess
More informationMODE (mod) FIELD CODES. mod MEMORY MODE: 8-BIT DISPLACEMENT MEMORY MODE: 16- OR 32- BIT DISPLACEMENT REGISTER MODE
EXERCISE 9. Determine the mod bits from Figure 7-24 and write them in Table 7-7. MODE (mod) FIELD CODES mod 00 01 10 DESCRIPTION MEMORY MODE: NO DISPLACEMENT FOLLOWS MEMORY MODE: 8-BIT DISPLACEMENT MEMORY
More informationOperating Systems. Processes
Operating Systems Processes 1 Process Concept Process a program in execution; process execution progress in sequential fashion Program vs. Process Program is passive entity stored on disk (executable file),
More informationCSC209F Midterm (L0101) Fall 1999 University of Toronto Department of Computer Science
CSC209F Midterm (L0101) Fall 1999 University of Toronto Department of Computer Science Date: October 26, 1999 Time: 1:10 pm Duration: 50 minutes Notes: 1. This is a closed book test, no aids are allowed.
More informationELEC-C7310 Sovellusohjelmointi Lecture 3: Filesystem
ELEC-C7310 Sovellusohjelmointi Lecture 3: Filesystem Risto Järvinen September 21, 2015 Lecture contents Filesystem concept. System call API. Buffered I/O API. Filesystem conventions. Additional stuff.
More informationOPERATING SYSTEMS: Lesson 2: Operating System Services
OPERATING SYSTEMS: Lesson 2: Operating System Services Jesús Carretero Pérez David Expósito Singh José Daniel García Sánchez Francisco Javier García Blas Florin Isaila 1 Goals To understand what an operating
More informationmith College Computer Science CSC231 - Assembly Week #4 Dominique Thiébaut
mith College Computer Science CSC231 - Assembly Week #4 Dominique Thiébaut dthiebaut@smith.edu Homework Solutions Outline Review Hexdump Pentium Data Registers 32-bit, 16-bit and 8-bit quantities (registers
More informationBuffer overflow is still one of the most common vulnerabilities being discovered and exploited in commodity software.
Outline Morris Worm (1998) Infamous attacks Secure Programming Lecture 4: Memory Corruption II (Stack Overflows) David Aspinall, Informatics @ Edinburgh 23rd January 2014 Recap Simple overflow exploit
More informationUMBC. A register, an immediate or a memory address holding the values on. Stores a symbolic name for the memory location that it represents.
Intel Assembly Format of an assembly instruction: LABEL OPCODE OPERANDS COMMENT DATA1 db 00001000b ;Define DATA1 as decimal 8 START: mov eax, ebx ;Copy ebx to eax LABEL: Stores a symbolic name for the
More informationThe x86 Architecture
The x86 Architecture Lecture 24 Intel Manual, Vol. 1, Chapter 3 Robb T. Koether Hampden-Sydney College Fri, Mar 20, 2015 Robb T. Koether (Hampden-Sydney College) The x86 Architecture Fri, Mar 20, 2015
More informationReturn-orientated Programming
Return-orientated Programming or The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86) Hovav Shacham, CCS '07 Return-Oriented oriented Programming programming
More informationIs stack overflow still a problem?
Morris Worm (1998) Code Red (2001) Secure Programming Lecture 4: Memory Corruption II (Stack Overflows) David Aspinall, Informatics @ Edinburgh 31st January 2017 Memory corruption Buffer overflow remains
More informationCSC 405 Computer Security Shellcode
CSC 405 Computer Security Shellcode Alexandros Kapravelos akaprav@ncsu.edu Attack plan Attack code Vulnerable code xor ebx, ebx xor eax, eax mov ebx,edi mov eax,edx sub eax,0x388 Vulnerable code xor ebx,
More informationSyscall Proxying. Simulating Remote Execution. Maximiliano Cáceres.
Syscall Proxying Maximiliano Cáceres maximiliano.caceres@corest.com Caesars Palace, Las Vegas, NV, USA July 31st, 2002 Agenda General Concepts Syscall Proxying A first implementation Optimizing for size
More informationCSci 4061 Introduction to Operating Systems. File Systems: Basics
CSci 4061 Introduction to Operating Systems File Systems: Basics File as Abstraction Naming a File creat/open ( path/name, ); Links: files with multiple names Each name is an alias #include
More informationCNIT 127: Exploit Development. Ch 1: Before you begin. Updated
CNIT 127: Exploit Development Ch 1: Before you begin Updated 1-14-16 Basic Concepts Vulnerability A flaw in a system that allows an attacker to do something the designer did not intend, such as Denial
More informationFunction Call Convention
Function Call Convention Compass Security Schweiz AG Werkstrasse 20 Postfach 2038 CH-8645 Jona Tel +41 55 214 41 60 Fax +41 55 214 41 61 team@csnc.ch www.csnc.ch Content Intel Architecture Memory Layout
More informationHands-on Ethical Hacking: Preventing & Writing Buffer Overflow Exploits
Hands-on Ethical Hacking: Preventing & Writing Buffer Overflow Exploits OWASP AppSec 2013 Rochester OWASP Chapter Lead Ralph Durkee - Durkee Consulting, Inc. info@rd1.net Hands-on Ethical Hacking: Preventing
More informationProgram Security and Vulnerabilities Class 2
Program Security and Vulnerabilities Class 2 CEN-5079: 28.August.2017 1 Secure Programs Programs Operating System Device Drivers Network Software (TCP stack, web servers ) Database Management Systems Integrity
More informationBuffer Overflow Vulnerability
Buffer Overflow Vulnerability 1 Buffer Overflow Vulnerability Copyright c 2006 2014 Wenliang Du, Syracuse University. The development of this document is/was funded by three grants from the US National
More informationCSE 509: Computer Security
CSE 509: Computer Security Date: 2.16.2009 BUFFER OVERFLOWS: input data Server running a daemon Attacker Code The attacker sends data to the daemon process running at the server side and could thus trigger
More informationCSC 271 Software I: Utilities and Internals
CSC 271 Software I: Utilities and Internals Lecture 13 : An Introduction to File I/O in Linux File Descriptors All system calls for I/O operations refer to open files using a file descriptor (a nonnegative
More informationBiography. Background
From Over ow to Shell An Introduction to low-level exploitation Carl Svensson @ KTH, January 2019 1 / 28 Biography MSc in Computer Science, KTH Head of Security, KRY/LIVI CTF: HackingForSoju E-mail: calle.svensson@zeta-two.com
More informationUniversità Ca Foscari Venezia
Stack Overflow Security 1 2018-19 Università Ca Foscari Venezia www.dais.unive.it/~focardi secgroup.dais.unive.it Introduction Buffer overflow is due to careless programming in unsafe languages like C
More informationFiles and Directories
Contents 1. Preface/Introduction 2. Standardization and Implementation 3. File I/O 4. Standard I/O Library 5. Files and Directories 6. System Data Files and Information 7. Environment of a Unix Process
More informationShellbased Wargaming
Shellbased Wargaming Abstract Wargaming is a hands-on way to learn about computer security and common programming mistakes. This document is intended for readers new to the subject and who are interested
More informationAccess. Young W. Lim Sat. Young W. Lim Access Sat 1 / 19
Access Young W. Lim 2017-06-10 Sat Young W. Lim Access 2017-06-10 Sat 1 / 19 Outline 1 Introduction References IA32 Operand Forms Data Movement Instructions Data Movement Examples Young W. Lim Access 2017-06-10
More informationData Security and Privacy. Unix Discretionary Access Control
Data Security and Privacy Unix Discretionary Access Control 1 Readings for This Lecture Wikipedia Filesystem Permissions Other readings UNIX File and Directory Permissions and Modes http://www.hccfl.edu/pollock/aunix1/filepermissions.htm
More informationETHICAL HACKING & COMPUTER FORENSIC SECURITY
ETHICAL HACKING & COMPUTER FORENSIC SECURITY Course Description From forensic computing to network security, the course covers a wide range of subjects. You will learn about web hacking, password cracking,
More informationExperiment 3 3 Basic Input Output
Experiment 3 3 Basic Input Output Introduction The aim of this experiment is to introduce the use of input/output through the DOS interrupt. Objectives: INT Instruction Keyboard access using DOS function
More informationCSC369 Lecture 2. Larry Zhang
CSC369 Lecture 2 Larry Zhang 1 Announcements Lecture slides Midterm timing issue Assignment 1 will be out soon! Start early, and ask questions. We will have bonus for groups that finish early. 2 Assignment
More information20: Exploits and Containment
20: Exploits and Containment Mark Handley Andrea Bittau What is an exploit? Programs contain bugs. These bugs could have security implications (vulnerabilities) An exploit is a tool which exploits a vulnerability
More informationSystem-Level I/O March 31, 2005
15-213 The course that gives CMU its Zip! System-Level I/O March 31, 2005 Topics Unix I/O Robust reading and writing Reading file metadata Sharing files I/O redirection Standard I/O 21-io.ppt Unix I/O
More informationChapter 2: System Structures
Chapter 2: System Structures Chapter 2: System Structures 2.1 Operating-System Services 2.2 User and Operating-System Interface 2.3 System Calls 2.4 Types of System Calls 2.5 System Programs 2.6 Operating-System
More informationFile Systems. CS 450: Operating Systems Sean Wallace Computer Science. Science
File Systems Science Computer Science CS 450: Operating Systems Sean Wallace What is a file? Some logical collection of data Format/interpretation is (typically) of little concern to
More information