Buffer overflow:
Condition where input exceeds the buffer’s capacity so it starts overwriting other information
Buffer overflow consequences:
- Corruption
- Transfer of control
- Memory access violation
- Malicious code execution
Shellcode:
Machine code supplied by an attacker
Stack overflow targets:
- System utility
- Network service Daemon
- Common library code
Shellcode functions:
- Launch remote shell
- Create reverse shell
- Use local exploits to establish a shell
- Flush firewall rules
- Break out of a chroot
Buffer overflow compile-time defenses:
- Modern languages
- Safe coding
- Safety extensions
- Stack protection
Buffer overflow run-time defenses:
- Non-executable memory
- Randomized addresses
- Guard pages
Overflow attacks:
- Stack
- Heap
- Global data
- Format string
- Integer
Replacement stack frame:
Rewriting buffer and frame pointer
Return to system call:
Replacing return address with a function
Approaches to reduce software vulnerabilities:
- Stop them before they occur
- Find them before they’re exploited
- Reduce their impact
Defensive programming:
Making sure software still functions with unexpected input
Injection attack:
Invalid input that influences execution
Cross-site scripting attack:
Input from a user is executed on another user’s browser
Input fuzzing:
Using randomly generated inputs to test abnormal input handling
Race condition:
When multiple processes access shared memory
