Hijacking Arbitrary.NET Application Control Flow. Topher Timzen
|
|
- Horatio Barry Lynch
- 8 years ago
- Views:
Transcription
1 Hijacking Arbitrary.NET Application Control Flow Topher Timzen
2 #whoami Topher Timzen Security Researcher, Intel Security TopherTimzen.com
3 Overview.NET? Runtime Attacks Modify Control Flow Machine Code Editing Managed Heap
4 Why are we Here? Tools Released Use.NET to attack Using Objects on the Heap
5 CLR Attacks Controlling the Common Language Runtime Accessing raw objects on Managed Heap Manipulate AppDomains Controlling all Loaded Code Controlling Just-In-Time Compilation
6 Attack With ASM Manipulate Resources Attack methods at ASM level Hybrid C# -> ASM -> C# call chains Alter application control flow
7 Runtime.NET Process CLR (2.0/4.0) & AppDomains Assemblies (.EXE and.dll(s)) Objects Properties Fields Instance Methods Classes Methods Logic
8 The Tools Gray Frost & Gray Storm
9 Gray Frost
10 Gray Frost Payload delivery system C++.NET CLR Bootstrapper Creates or injects 4.0 runtime Capability to pivot into 2.0 runtime Contains raw payload
11 Gray Frost Payload delivery system C++.NET CLR Bootstrapper Creates or injects 4.0 runtime Capability to pivot into 2.0 runtime Contains raw payload 2 Rounds GrayFrostCpp GrayFrostCSharp C# Payload
12 Round 1.NET Process
13 Round 1 GrayFrostCpp Mscoree
14 GrayFrostCpp Round 1
15 Round 1 GrayFrostCpp GrayFrostCSharp
16 Round 2.NET Process
17 Round 2.NET Process GrayFrostCSharp
18 Round 2.NET Process GrayFrostCSharp payload void main()
19 Round 2.NET Process Payload
20 Pivoting Between Runtimes.NET Process
21 Pivoting Between Runtimes GrayFrostCpp Mscoree
22 Pivoting Between Runtimes GrayFrostCpp
23 Pivoting Between Runtimes GrayFrostCpp GrayFrostCSharp
24 Pivoting Between Runtimes GrayFrostCpp GrayFrostCSharp
25 Pivoting Between Runtimes GrayFrostCpp
26 Pivoting Between Runtimes GrayFrostCpp GrayFrostCSharp
27 Gray Storm
28 Gray Storm Reconnaissance and In-memory attack payload Features Attacking the.net JIT Attacking.NET at the ASM level ASM and Metasploit payloads Utilize objects on the Managed Heap
29 Gray Storm Usage
30 Controlling the JIT Method Tables contain address of JIT stub for a class s methods. During JIT the Method Table is referenced We can control the address Lives after Garbage Collection
31 Controlling the JIT
32 Controlling the JIT
33 Controlling the JIT
34 Control Flow Attacks.NET uses far and relative calls 0xE8; Call [imm] (x86) 0xFF 0x15; Call dword segmentregister[imm] (x86) relcall = dstaddress - (currentlocation+ lenofcall)
35 ASM Payloads Address of a method known through Reflection Overwrite method logic with new ASM Steal stack parameters Change events
36 ASM Payloads Change return TRUE to return FALSE Password validation Key & Licensing validation SQL Sanitization Destroy security Mechanisms Overwrite logic Update Mechanisms
37 ASM Payloads
38 ASM Payloads Metasploit Hand Rolled Portable Environment Block (PEB) changes
39 Portable Environment Block
40 Object Hunting in Memory
41 Managed Heap Storage point for.net Objects New reference objects added to heap Garbage Collector removes dead objects
42 Managed Heap Storage point for.net Objects New reference objects added to heap Garbage Collector removes dead objects Let s manipulate it!
43 Structure
44 Structure Example System.Double
45 Object Hunting in Memory Objects are IntPtrs Point to Object Instance on Managed Heap All instantiated objects of the same class share the same Method Table
46 Object Hunting in Memory Objects are IntPtrs Point to Object Instance on Managed Heap All instantiated objects of the same class share the same Method Table Win Reflection Object Hunting
47 Finding Objects at Runtime i. Construct an object and find location of Managed Heap ii. Signature instantiated type iii. Scan Managed Heap for object pointers iv. Convert object pointers to raw objects
48 Finding Objects at Runtime i. Construct an object and find location of Managed Heap ii. Signature instantiated type iii. Scan Managed Heap for object pointers iv. Convert object pointers to raw objects
49 Construct an Object Use Reflection to invoke a constructor Can instantiate any object Being mindful that some constructors can invoke a lot of code If a constructor takes other objects, nullify them
50 Find Location of Managed Heap STACK L 024e9fe8 (Object) H IntPtr IntPtr = 024e9fe8 = 5
51 Find Location of Managed Heap L H STACK 024e9fe8 (Object) IntPtr IntPtr = 024e9fe8 = 5 Managed Heap
52 Find Location of Managed Heap STACK L 024e9fe8 (Object) H IntPtr IntPtr = 024e9fe8 = 5
53 Find Location of Managed Heap STACK L 024e9fe8 (Object) H IntPtr = 024e9fe8
54 Finding Objects at Runtime i. Construct an object and find location of Managed Heap ii. Signature instantiated type iii. Scan Managed Heap for object pointers iv. Convert object pointers to raw objects
55 Signature Instantiated Type Object Instances contain a Method Table pointer to their corresponding type. (x86) 0:009> dd 024e9fe8 024e9fe c Bytes 0-3 are the Method Table (MT) Bytes 4-7 in MT is Instance Size
56 Signature Instantiated Type Object Instances contain a Method Table pointer to their corresponding type. (x64) 0:008> dd e9fe `0286b8e0 ea fe Bytes 0-7 are the Method Table (MT) Bytes 8-11 in MT is Instance Size
57 Finding Objects at Runtime i. Construct an object and find location of Managed Heap ii. Signature instantiated type iii. Scan Managed Heap for object pointers iv. Convert object pointers to raw objects
58 Scan Managed Heap Scan down incrementing by size of object Scan linearly up to top of heap Compare object s Method Table to the reference If they match, get IntPtr address of object
59 Scan Managed Heap Scan down incrementing by size of object Scan linearly up to top of heap Compare object s Method Table to the reference If they match, get IntPtr address of object Use ASM!
60 GrayStorm/objectHunter Using ASM!
61 Finding Objects at Runtime i. Construct an object and find location of Managed Heap ii. Signature instantiated type iii. Scan Managed Heap for object pointers iv. Convert object pointers to raw objects
62 Convert Object ptr -> raw obj L H STACK Refer (System.IntPtr) pointer(024ea00c )
63 Convert Object ptr -> raw obj L H STACK Refer pointer(024ea00c (System.IntPtr) ) pointer(024ea00c )
64 Convert Object ptr -> raw obj L H STACK Refer (GrayStorm.testClass) pointer(024ea00c )
65 Superpowers and Things? Change Keys Change Fields / Properties Call Methods With arguments!
66 Automation
67 Automation GrayFrost can be used with automated payloads
68 Automations == <3
69 Constructing Attack Chains
70 How to construct attack chains Gray Wolf / IL Decompiler Find Methods, Fields & Properties of interest Locate meaningful objects Discover high level control flow Gray Storm Debugging functionality Breakpoint at constructors or methods from Method Pointers Use with WinDbg Utilize DLL Hijacking!
71 Hybrid.NET/ASM Attacks Hybrid C#/ASM code in.net Encrypting.NET payloads and unwinding Encrypting ASM Payloads
72 Payload System C# is easy Can use Gray Frost in any application Low and High level gap is easy
73 .NET Hacking Space Small Few tools Mostly hacking WoW Lots of PowerShell Lots of decompilers and not many attackers!
74 Conclusion Arbitrary.NET applications can be injected and changed New.NET attack possibilities New tools that support automation Get Gray Frost and Storm github.com/graykernel
75 Questions? Contact Get Gray Frost and Storm github.com/graykernel White Papers Hijacking Arbitrary.NET Application Control Flow Acquiring.NET Objects from the Managed Heap
Cross-platform IL code manipulation library for runtime instrumentation of.net applications
Cross-platform IL code manipulation library for runtime instrumentation of.net applications master thesis subject for Markus Gaisbauer (0256634) in cooperation with dynatrace software GmbH July 5, 2007
More informationMonitoring.NET Framework with Verax NMS
Monitoring.NET Framework with Verax NMS Table of contents Abstract... 3 1. Adding.NET Framework to device inventory... 4 2. Adding sensors for.net Framework... 7 3. Adding performance counters for.net
More informationDeep Dive into.net Malwares
Deep Dive into.net Malwares Author: Sudeep Singh Introduction In the recent past, there has been an increase in the usage of.net based malwares. These.NET malwares are often protected using different obfuscators
More informationInterpreters and virtual machines. Interpreters. Interpreters. Why interpreters? Tree-based interpreters. Text-based interpreters
Interpreters and virtual machines Michel Schinz 2007 03 23 Interpreters Interpreters Why interpreters? An interpreter is a program that executes another program, represented as some kind of data-structure.
More informationPuttyRider. With great power comes great responsibility. # Pivoting from Windows to Linux in a penetration test. Adrian Furtunã, PhD adif2k8@gmail.
PuttyRider # Pivoting from Windows to Linux in a penetration test With great power comes great responsibility Adrian Furtunã, PhD adif2k8@gmail.com root@bt:~# Agenda # Idea origin and usage scenario #
More informationJonathan Worthington Scarborough Linux User Group
Jonathan Worthington Scarborough Linux User Group Introduction What does a Virtual Machine do? Hides away the details of the hardware platform and operating system. Defines a common set of instructions.
More informationHow to create/avoid memory leak in Java and.net? Venkat Subramaniam venkats@durasoftcorp.com http://www.durasoftcorp.com
How to create/avoid memory leak in Java and.net? Venkat Subramaniam venkats@durasoftcorp.com http://www.durasoftcorp.com Abstract Java and.net provide run time environment for managed code, and Automatic
More informationFormat string exploitation on windows Using Immunity Debugger / Python. By Abysssec Inc WwW.Abysssec.Com
Format string exploitation on windows Using Immunity Debugger / Python By Abysssec Inc WwW.Abysssec.Com For real beneficiary this post you should have few assembly knowledge and you should know about classic
More informationASL IT SECURITY XTREME XPLOIT DEVELOPMENT
ASL IT SECURITY XTREME XPLOIT DEVELOPMENT V 2.0 A S L I T S e c u r i t y P v t L t d. Page 1 Overview: The most dangerous threat is the one which do not have a CVE. Until now developing reliable exploits
More informationTitle: Bugger The Debugger - Pre Interaction Debugger Code Execution
White Paper Title: Bugger The Debugger Pre Interaction Debugger Code Execution Prepared by: Brett Moore Network Intrusion Specialist, CTO SecurityAssessment.com Date: April 2005 Abstract The use of debuggers
More informationGlossary of Object Oriented Terms
Appendix E Glossary of Object Oriented Terms abstract class: A class primarily intended to define an instance, but can not be instantiated without additional methods. abstract data type: An abstraction
More informationIntroducing the.net Framework 4.0
01_0672331004_ch01.qxp 5/3/10 5:40 PM Page 1 CHAPTER 1 Introducing the.net Framework 4.0 As a Visual Basic 2010 developer, you need to understand the concepts and technology that empower your applications:
More information.NET Overview. David Smith. Today s s Topics. Why am I here? A tool. Microsoft s s Vision for.net
.NET Overview David Smith Microsoft Student Ambassador CS Major Michigan State University Today s s Topics Why I m I m here. Exciting Demo IssueVision What is.net? Why learn.net? Look into the Demo Old
More informationDynamic Web Programming BUILDING WEB APPLICATIONS USING ASP.NET, AJAX AND JAVASCRIPT
Dynamic Web Programming BUILDING WEB APPLICATIONS USING ASP.NET, AJAX AND JAVASCRIPT AGENDA 1. Introduction to Web Applications and ASP.net 1.1 History of Web Development 1.2 Basic ASP.net processing (ASP
More informationSECURITY B-SIDES: ATLANTA STRATEGIC PENETRATION TESTING. Presented by: Dave Kennedy Eric Smith
SECURITY B-SIDES: ATLANTA STRATEGIC PENETRATION TESTING Presented by: Dave Kennedy Eric Smith AGENDA Penetration Testing by the masses Review of current state by most service providers Deficiencies in
More informationHow To Protect Your Source Code From Reverse Engineering
Software Obfuscation To make so confused or opaque as to be difficult to perceive or understand. Why would anyone want to do this to medical device software? Surprisingly, it s not what you might think.
More informationOPERATING SYSTEM SERVICES
OPERATING SYSTEM SERVICES USER INTERFACE Command line interface(cli):uses text commands and a method for entering them Batch interface(bi):commands and directives to control those commands are entered
More informationDeveloping Microsoft SQL Server Databases 20464C; 5 Days
Developing Microsoft SQL Server Databases 20464C; 5 Days Lincoln Land Community College Capital City Training Center 130 West Mason Springfield, IL 62702 217-782-7436 www.llcc.edu/cctc Course Description
More informationMEALS2SHARE Neighborhood Home Cooked Food Sharing Web Application
Grand Valley State University ScholarWorks@GVSU Technical Library School of Computing and Information Systems 2015 MEALS2SHARE Neighborhood Home Cooked Food Sharing Web Application Isha Singh Grand Valley
More informationBSIDES Las Vegas Secret Pentesting Techniques Shhh...
BSIDES Las Vegas Secret Pentesting Techniques Shhh... Dave Kennedy Founder, Principal Security Consultant Email: davek@trustedsec.com https://www.trustedsec.com @TrustedSec Introduc)on As penetration testers,
More informationSandy. The Malicious Exploit Analysis. http://exploit-analysis.com/ Static Analysis and Dynamic exploit analysis. Garage4Hackers
Sandy The Malicious Exploit Analysis. http://exploit-analysis.com/ Static Analysis and Dynamic exploit analysis About Me! I work as a Researcher for a Global Threat Research firm.! Spoke at the few security
More informationMonitoring ASP.Net Servers
Monitoring ASP.Net Servers eg Enterprise v5.6 Restricted Rights Legend The information contained in this document is confidential and subject to change without notice. No part of this document may be reproduced
More informationLast Class: OS and Computer Architecture. Last Class: OS and Computer Architecture
Last Class: OS and Computer Architecture System bus Network card CPU, memory, I/O devices, network card, system bus Lecture 3, page 1 Last Class: OS and Computer Architecture OS Service Protection Interrupts
More informationAutomaton Programming and Inheritance of Automata
Declarative Approach to Implementing Automata Classes in Imperative Programming Languages Artyom Astafurov, Anatoly Shalyto (research supervisor), Fac. of Information Technologies and Programming St. Petersburg
More informationITDUMPS QUESTION & ANSWER. Accurate study guides, High passing rate! IT dumps provides update free of charge in one year!
ITDUMPS QUESTION & ANSWER Accurate study guides, High passing rate! IT dumps provides update free of charge in one year! HTTP://WWW.ITDUMPS.COM Exam : 70-549(C++) Title : PRO:Design & Develop Enterprise
More informationJava Interview Questions and Answers
1. What is the most important feature of Java? Java is a platform independent language. 2. What do you mean by platform independence? Platform independence means that we can write and compile the java
More informationGeneral Introduction
Managed Runtime Technology: General Introduction Xiao-Feng Li (xiaofeng.li@gmail.com) 2012-10-10 Agenda Virtual machines Managed runtime systems EE and MM (JIT and GC) Summary 10/10/2012 Managed Runtime
More information.NET Reverse Engineering. Erez Metula, CISSP Application Security Department Manager Security Software Engineer 2B Secure ErezMetula@2bsecure.co.
.NET Reverse Engineering Erez Metula, CISSP Application Security Department Manager Security Software Engineer 2B Secure ErezMetula@2bsecure.co.il Agenda The problem of reversing & decompilation Server
More informationThe Java Virtual Machine and Mobile Devices. John Buford, Ph.D. buford@alum.mit.edu Oct 2003 Presented to Gordon College CS 311
The Java Virtual Machine and Mobile Devices John Buford, Ph.D. buford@alum.mit.edu Oct 2003 Presented to Gordon College CS 311 Objectives Review virtual machine concept Introduce stack machine architecture
More informationlanguage 1 (source) compiler language 2 (target) Figure 1: Compiling a program
CS 2112 Lecture 27 Interpreters, compilers, and the Java Virtual Machine 1 May 2012 Lecturer: Andrew Myers 1 Interpreters vs. compilers There are two strategies for obtaining runnable code from a program
More informationMSc Computer Science Dissertation
University of Oxford Computing Laboratory MSc Computer Science Dissertation Automatic Generation of Control Flow Hijacking Exploits for Software Vulnerabilities Author: Sean Heelan Supervisor: Dr. Daniel
More information.NET and J2EE Intro to Software Engineering
.NET and J2EE Intro to Software Engineering David Talby This Lecture.NET Platform The Framework CLR and C# J2EE Platform And Web Services Introduction to Software Engineering The Software Crisis Methodologies
More informationSoftware security. Buffer overflow attacks SQL injections. Lecture 11 EIT060 Computer Security
Software security Buffer overflow attacks SQL injections Lecture 11 EIT060 Computer Security Buffer overflow attacks Buffer overrun is another common term Definition A condition at an interface under which
More informationCS412/CS413. Introduction to Compilers Tim Teitelbaum. Lecture 20: Stack Frames 7 March 08
CS412/CS413 Introduction to Compilers Tim Teitelbaum Lecture 20: Stack Frames 7 March 08 CS 412/413 Spring 2008 Introduction to Compilers 1 Where We Are Source code if (b == 0) a = b; Low-level IR code
More informationAutomating Mimicry Attacks Using Static Binary Analysis
Automating Mimicry Attacks Using Static Binary Analysis Christopher Kruegel and Engin Kirda Technical University Vienna chris@auto.tuwien.ac.at, engin@infosys.tuwien.ac.at Darren Mutz, William Robertson,
More informationGarbage Collection: Automatic Memory Management in the Microsoft.NET Framework
Garbage Collection: Automatic Memory Management in the Microsoft.NET Framework Jeffrey Richter This article assumes you re familiar with C and C++ Level of Difficulty 1 2 3 SUMMARY Garbage collection in
More informationJava Application Developer Certificate Program Competencies
Java Application Developer Certificate Program Competencies After completing the following units, you will be able to: Basic Programming Logic Explain the steps involved in the program development cycle
More informationChapter 1. Dr. Chris Irwin Davis Email: cid021000@utdallas.edu Phone: (972) 883-3574 Office: ECSS 4.705. CS-4337 Organization of Programming Languages
Chapter 1 CS-4337 Organization of Programming Languages Dr. Chris Irwin Davis Email: cid021000@utdallas.edu Phone: (972) 883-3574 Office: ECSS 4.705 Chapter 1 Topics Reasons for Studying Concepts of Programming
More informationBypassing Browser Memory Protections in Windows Vista
Bypassing Browser Memory Protections in Windows Vista Mark Dowd & Alexander Sotirov markdowd@au1.ibm.com alex@sotirov.net Setting back browser security by 10 years Part I: Introduction Thesis Introduction
More informationParasitics: The Next Generation. Vitaly Zaytsev Abhishek Karnik Joshua Phillips
Parasitics: The Next Generation. Vitaly Zaytsev Abhishek Karnik Joshua Phillips Agenda Overview W32/Xpaj analysis Overview of a virtual machine Software protection trends W32/Winemmem analysis W32/Induc
More informationAssessing and Managing Security Risks Unique to Java and.net
ISSA Preeminent Trusted Global Information Security Community Connect Assessing and Managing Security Risks Unique to Java and.net By Sebastian Holst This article enumerates specific risks unique to managed
More informationDiving into a Silverlight Exploit and Shellcode - Analysis and Techniques
Diving into a Silverlight Exploit and Shellcode - Analysis and Techniques By Omri Herscovici & Liran Englender January 04, 2015 Preface In recent years, exploit-kits are one of the most common platforms
More informationReturn-oriented programming without returns
Faculty of Computer Science Institute for System Architecture, Operating Systems Group Return-oriented programming without urns S. Checkoway, L. Davi, A. Dmitrienko, A. Sadeghi, H. Shacham, M. Winandy
More information20464C: Developing Microsoft SQL Server Databases
20464C: Developing Microsoft SQL Server Databases Course Details Course Code: Duration: Notes: 20464C 5 days This course syllabus should be used to determine whether the course is appropriate for the students,
More information1/20/2016 INTRODUCTION
INTRODUCTION 1 Programming languages have common concepts that are seen in all languages This course will discuss and illustrate these common concepts: Syntax Names Types Semantics Memory Management We
More informationFATKit: A Framework for the Extraction and Analysis of Digital Forensic Data from Volatile System Memory p.1/11
FATKit: A Framework for the Extraction and Analysis of Digital Forensic Data from Volatile System Memory DFRWS 2006: Work in Progress (WIP) Aug 16, 2006 AAron Walters 4TΦ Research Nick L. Petroni Jr. University
More informationEugene Tsyrklevich. Ozone HIPS: Unbreakable Windows
Eugene Tsyrklevich Eugene Tsyrklevich has an extensive security background ranging from designing and implementing Host Intrusion Prevention Systems to training people in research, corporate, and military
More informationStorage Classes CS 110B - Rule Storage Classes Page 18-1 \handouts\storclas
CS 110B - Rule Storage Classes Page 18-1 Attributes are distinctive features of a variable. Data type, int or double for example, is an attribute. Storage class is another attribute. There are four storage
More informationCrystal Reports.Net 1.1 Patch
Crystal Reports.Net 1.1 Patch Hot Fix: crnet11win_en.zip Language: English Platform: Windows Last updated on: 4/4/2008 FTP Location: ftp://ftp1.businessobjects.com/outgoing/chf/crnet11win_en.zip WARNING:
More informationStatic detection of C++ vtable escape vulnerabilities in binary code
Static detection of C++ vtable escape vulnerabilities in binary code David Dewey Jonathon Giffin School of Computer Science Georgia Institute of Technology ddewey, giffin@gatech.edu Common problem in C++
More informationEmbedded Systems. Review of ANSI C Topics. A Review of ANSI C and Considerations for Embedded C Programming. Basic features of C
Embedded Systems A Review of ANSI C and Considerations for Embedded C Programming Dr. Jeff Jackson Lecture 2-1 Review of ANSI C Topics Basic features of C C fundamentals Basic data types Expressions Selection
More informationC Compiler Targeting the Java Virtual Machine
C Compiler Targeting the Java Virtual Machine Jack Pien Senior Honors Thesis (Advisor: Javed A. Aslam) Dartmouth College Computer Science Technical Report PCS-TR98-334 May 30, 1998 Abstract One of the
More informationSQL Injection Attacks on Steroids:
SQL Injection Attacks on Steroids: An Overview of SA Exploiter By Scott White SecureState LLC 54 Athletes sometimes turn to steroids to become best in their sport. What if computer hackers could do the
More informationDeveloping Microsoft SQL Server Databases
CÔNG TY CỔ PHẦN TRƯỜNG CNTT TÂN ĐỨC TAN DUC INFORMATION TECHNOLOGY SCHOOL JSC LEARN MORE WITH LESS! Course 20464C: Developing Microsoft SQL Server Databases Length: 5 Days Audience: IT Professionals Level:
More informationOperating Systems and Networks
recap Operating Systems and Networks How OS manages multiple tasks Virtual memory Brief Linux demo Lecture 04: Introduction to OS-part 3 Behzad Bordbar 47 48 Contents Dual mode API to wrap system calls
More informationFlexible Policy-Directed Code Safety
To appear in IEEE Security and Privacy, Oakland, CA. May 9-12, 1999. Flexible Policy-Directed Code Safety David Evans evs@sds.lcs.mit.edu Andrew Twyman twyman@sds.lcs.mit.edu MIT Laboratory for Computer
More informationApplication Domains and Contexts and Threads, Oh My!
Application Domains and Contexts and Threads, Oh My! Michael Stiefel co-author Application Development Using C# and.net Why Understand App Domains? By understanding Application Domains you will have an
More informationWeb Application Report
Web Application Report This report includes important security information about your Web Application. Security Report This report was created by IBM Rational AppScan 8.5.0.1 11/14/2012 8:52:13 AM 11/14/2012
More informationCourse 20464: Developing Microsoft SQL Server Databases
Course 20464: Developing Microsoft SQL Server Databases Type:Course Audience(s):IT Professionals Technology:Microsoft SQL Server Level:300 This Revision:C Delivery method: Instructor-led (classroom) Length:5
More informationMemory Allocation. Static Allocation. Dynamic Allocation. Memory Management. Dynamic Allocation. Dynamic Storage Allocation
Dynamic Storage Allocation CS 44 Operating Systems Fall 5 Presented By Vibha Prasad Memory Allocation Static Allocation (fixed in size) Sometimes we create data structures that are fixed and don t need
More informationJava Programming. Binnur Kurt binnur.kurt@ieee.org. Istanbul Technical University Computer Engineering Department. Java Programming. Version 0.0.
Java Programming Binnur Kurt binnur.kurt@ieee.org Istanbul Technical University Computer Engineering Department Java Programming 1 Version 0.0.4 About the Lecturer BSc İTÜ, Computer Engineering Department,
More informationCloud Computing. Up until now
Cloud Computing Lecture 11 Virtualization 2011-2012 Up until now Introduction. Definition of Cloud Computing Grid Computing Content Distribution Networks Map Reduce Cycle-Sharing 1 Process Virtual Machines
More informationASP.NET MVC Secure Coding 4-Day hands on Course. Course Syllabus
ASP.NET MVC Secure Coding 4-Day hands on Course Course Syllabus Course description ASP.NET MVC Secure Coding 4-Day hands on Course Secure programming is the best defense against hackers. This multilayered
More informationDeveloping Microsoft SQL Server Databases (20464) H8N64S
HP Education Services course data sheet Developing Microsoft SQL Server Databases (20464) H8N64S Course Overview In this course, you will be introduced to SQL Server, logical table design, indexing, query
More informationInstrumentation Software Profiling
Instrumentation Software Profiling Software Profiling Instrumentation of a program so that data related to runtime performance (e.g execution time, memory usage) is gathered for one or more pieces of the
More informationCustom Penetration Testing
Custom Penetration Testing Compromising a Vulnerability through Discovery and Custom Exploitation Stephen Sims Advanced Penetration Testing - 2009 SANS 1 Objectives Penetration Testing Precompiled Tools
More informationSystem Structures. Services Interface Structure
System Structures Services Interface Structure Operating system services (1) Operating system services (2) Functions that are helpful to the user User interface Command line interpreter Batch interface
More informationApplication Development,.NET
Application Development,.NET Orsys, with 30 years of experience, is providing high quality, independant State of the Art seminars and hands-on courses corresponding to the needs of IT professionals. Orsys
More informationSecurity & Exploitation
Security & Exploitation Operating Systems Spring 2015 RPISEC - 05/11/2015 OS Security 1 whoami Markus Gaasedelen B.S. Computer Science 15 Security Enthusiast I like to hack things President of RPISEC http://rpis.ec
More informationAPI Monitoring System for Defeating Worms and Exploits in MS-Windows System
API Monitoring System for Defeating Worms and Exploits in MS-Windows System Hung-Min Sun, Yue-Hsun Lin, and Ming-Fung Wu Department of Computer Science National Tsing-Hua University Hsinchu, Taiwan 30013
More informationAn Introduction to.net for the J2EE Programmer
An Introduction to.net for the J2EE Programmer Jeroen Frijters Sumatra Software b.v. jeroen@sumatra.nl http://weblog.ikvm.net/ Jeroen Frijters An Introduction to.net for the J2EE Programmer Page 1 Overview.NET
More informationSAML v1.1 for.net Developer Guide
SAML v1.1 for.net Developer Guide Copyright ComponentSpace Pty Ltd 2004-2016. All rights reserved. www.componentspace.com Contents 1 Introduction... 1 1.1 Features... 1 1.2 Benefits... 1 1.3 Prerequisites...
More information7.1 Our Current Model
Chapter 7 The Stack In this chapter we examine what is arguably the most important abstract data type in computer science, the stack. We will see that the stack ADT and its implementation are very simple.
More informationAdvanced compiler construction. General course information. Teacher & assistant. Course goals. Evaluation. Grading scheme. Michel Schinz 2007 03 16
Advanced compiler construction Michel Schinz 2007 03 16 General course information Teacher & assistant Course goals Teacher: Michel Schinz Michel.Schinz@epfl.ch Assistant: Iulian Dragos INR 321, 368 64
More informationEC-Council CAST CENTER FOR ADVANCED SECURITY TRAINING. CAST 619 Advanced SQLi Attacks and Countermeasures. Make The Difference CAST.
CENTER FOR ADVANCED SECURITY TRAINING 619 Advanced SQLi Attacks and Countermeasures Make The Difference About Center of Advanced Security Training () The rapidly evolving information security landscape
More informationPenetration Testing: Lessons from the Field
Penetration Testing: Lessons from the Field CORE SECURITY TECHNOLOGIES SCS SERVICES May 2009 1 Agenda: About me: Alberto Soliño Director of Security Consulting Services at Core Security One of first five
More informationHacking Techniques & Intrusion Detection. Ali Al-Shemery arabnix [at] gmail
Hacking Techniques & Intrusion Detection Ali Al-Shemery arabnix [at] gmail All materials is licensed under a Creative Commons Share Alike license http://creativecommonsorg/licenses/by-sa/30/ # whoami Ali
More informationSource Code Security Analysis Tool Functional Specification Version 1.0
Special Publication 500-268 Source Code Security Analysis Tool Functional Specification Version 1.0 Paul E. Black Michael Kass Michael Koo Software Diagnostics and Conformance Testing Division Information
More informationMelde- und Analysestelle Informationssicherung MELANI Torpig/Mebroot Reverse Code Engineering (RCE)
Melde- und Analysestelle Informationssicherung MELANI Torpig/Mebroot Reverse Code Engineering (RCE) Andreas Greulich, MELANI Swiss Cyber Storm, 18 April 2009 Agenda Part 1: Introduction (~5 ) Infection
More informationStoring Encrypted Plain Text Files Using Google Android
Storing Encrypted Plain Text Files Using Google Android Abstract Jared Hatfield University of Louisville Google Android is an open source operating system that is available on a wide variety of smart phones
More informationAutomated Virtual Cloud Management: The need of future
Automated Virtual Cloud Management: The need of future Prof. (Ms) Manisha Shinde-Pawar Faculty of Management (Information Technology), Bharati Vidyapeeth Univerisity, Pune, IMRDA, SANGLI Abstract: With
More informationIntroduction. Application Security. Reasons For Reverse Engineering. This lecture. Java Byte Code
Introduction Application Security Tom Chothia Computer Security, Lecture 16 Compiled code is really just data which can be edit and inspected. By examining low level code protections can be removed and
More informationLecture 10: Dynamic Memory Allocation 1: Into the jaws of malloc()
CS61: Systems Programming and Machine Organization Harvard University, Fall 2009 Lecture 10: Dynamic Memory Allocation 1: Into the jaws of malloc() Prof. Matt Welsh October 6, 2009 Topics for today Dynamic
More informationCORE SECURITY. Exploiting Adobe Flash Player in the era of Control Flow Guard. Francisco Falcon (@fdfalcon) Black Hat Europe 2015 November 12-13, 2015
CORE SECURITY Exploiting Adobe Flash Player in the era of Control Flow Guard Francisco Falcon (@fdfalcon) Black Hat Europe 2015 November 12-13, 2015 About me 2 About me Exploit Writer for Core Security.
More informationSitecore Health. Christopher Wojciech. netzkern AG. christopher.wojciech@netzkern.de. Sitecore User Group Conference 2015
Sitecore Health Christopher Wojciech netzkern AG christopher.wojciech@netzkern.de Sitecore User Group Conference 2015 1 Hi, % Increase in Page Abondonment 40% 30% 20% 10% 0% 2 sec to 4 2 sec to 6 2 sec
More informationEC-Council E C S P.NET. EC-Council. EC-Council Certified Secure Programmer (.NET)
E C S P.NET (.NET) ECSP.NET Course Software defects, bugs, and flaws in the logic of the program are consistently the cause for software vulnerabilities. Analysis by software security professionals has
More informationLanguage Evaluation Criteria. Evaluation Criteria: Readability. Evaluation Criteria: Writability. ICOM 4036 Programming Languages
ICOM 4036 Programming Languages Preliminaries Dr. Amirhossein Chinaei Dept. of Electrical & Computer Engineering UPRM Spring 2010 Language Evaluation Criteria Readability: the ease with which programs
More informationEnterprise Application Security Workshop Series
Enterprise Application Security Workshop Series Phone 877-697-2434 fax 877-697-2434 www.thesagegrp.com Defending JAVA Applications (3 Days) In The Sage Group s Defending JAVA Applications workshop, participants
More informationTechniques for Real-System Characterization of Java Virtual Machine Energy and Power Behavior
Techniques for Real-System Characterization of Java Virtual Machine Energy and Power Behavior Gilberto Contreras Margaret Martonosi Department of Electrical Engineering Princeton University 1 Why Study
More informationMonitoring, Tracing, Debugging (Under Construction)
Monitoring, Tracing, Debugging (Under Construction) I was already tempted to drop this topic from my lecture on operating systems when I found Stephan Siemen's article "Top Speed" in Linux World 10/2003.
More informationJava Garbage Collection Basics
Java Garbage Collection Basics Overview Purpose This tutorial covers the basics of how Garbage Collection works with the Hotspot JVM. Once you have learned how the garbage collector functions, learn how
More informationPenetration Testing Workshop
Penetration Testing Workshop Who are we? Carter Poe Nathan Ritchey Mahdi Shapouri Fred Araujo Outline Ethical hacking What is penetration testing? Planning Reconnaissance Footprinting Network Endpoint
More informationBypassing Memory Protections: The Future of Exploitation
Bypassing Memory Protections: The Future of Exploitation Alexander Sotirov alex@sotirov.net About me Exploit development since 1999 Research into reliable exploitation techniques: Heap Feng Shui in JavaScript
More informationY R O. Memory Forensics: A Volatility Primer M E M. Mariano Graziano. Security Day - Lille1 University January 2015 - Lille, France
emory Forensics: A Volatility Primer ariano Graziano Security Day - Lille1 University January 2015 - Lille, France whoami Ph.D student at urecom (France) sc from Politecnico di Torino (Italy) ain topics:
More informationA Practical Method to Diagnose Memory Leaks in Java Application Alan Yu
A Practical Method to Diagnose Memory Leaks in Java Application Alan Yu 1. Introduction The Java virtual machine s heap stores all objects created by a running Java application. Objects are created by
More informationExperimental Evaluation of Distributed Middleware with a Virtualized Java Environment
Experimental Evaluation of Distributed Middleware with a Virtualized Java Environment Nuno A. Carvalho, João Bordalo, Filipe Campos and José Pereira HASLab / INESC TEC Universidade do Minho MW4SOC 11 December
More informationObjectif. Participant. Prérequis. Remarque. Programme. C# 3.0 Programming in the.net Framework. 1. Introduction to the.
Objectif This six-day instructor-led course provides students with the knowledge and skills to develop applications in the.net 3.5 using the C# 3.0 programming language. C# is one of the most popular programming
More informationAutomatic Object Colocation Based on Read Barriers
Automatic Object Colocation Based on Read Barriers Christian Wimmer and Hanspeter Mössenböck Institute for System Software Christian Doppler Laboratory for Automated Software Engineering Johannes Kepler
More informationSkyRecon Cryptographic Module (SCM)
SkyRecon Cryptographic Module (SCM) FIPS 140-2 Documentation: Security Policy Abstract This document specifies the security policy for the SkyRecon Cryptographic Module (SCM) as described in FIPS PUB 140-2.
More informationBuffer Overflows. Code Security: Buffer Overflows. Buffer Overflows are everywhere. 13 Buffer Overflow 12 Nov 2015
CSCD27 Computer and Network Security Code Security: Buffer Overflows 13 Buffer Overflow CSCD27 Computer and Network Security 1 Buffer Overflows Extremely common bug. First major exploit: 1988 Internet
More information