SBDA âsame bug, different appâ - Security Assessment

More documents

Recommendations

Info

Fuzzing Files • Automated File Fuzzing Tools Extend an existing text string Insert a long text string Modify each byte/word/dword to an arbitrary value Load file in default application • Masses Of Application Crashes Next step is to determine the cause and if the situation is exploitable It is this step that takes the longest • Fuzzy Example Use a standard .chm as the master Show the [length][text string] pairs Lets fuzz it.. Copyright Security-Assessment.com 2005
The Long Import SBDA • Jan, 2005 IDA Pro Import Library Buffer Overflow A long import name in the PE header • Researchers Targetted Debuggers And Disassemblers IDA Pro – format string OllyDbg – long process module OllyDbg – format string PVDasm – long file name W32Dasm – long import library name • Chart The Vector And The Targets Craft some files based on known attack vectors Try to view / analyse the files with all known debuggers and PE analysis tools Findings? Copyright Security-Assessment.com 2005
Page 1 and 2: SBDA “same bug, different app”
Page 3 and 4: SBDA - What It’s Not • Not The
Page 5 and 6: SBDA - The Conception • I Wanted
Page 7 and 8: How Can This Be Applied To Research
Page 9 and 10: The SBDA Advantage • Gives Resear
Page 11 and 12: The AV / Archive SBDA (in reverse)
Page 13 and 14: Packet vs File • Both Are Data Bo
Page 15 and 16: Some Common Test Methods • Fuzzin
Page 17 and 18: SDBA Theory In Practice • Some Ex
Page 19: The Long Value SBDA • Length Valu
Page 23 and 24: The URL Handler SBDA • Mar 09, 20
Page 25 and 26: SBDA To The Test • Quick File Bas
Page 27 and 28: 2 nd Generation Vulnerabilities •
Page 29 and 30: Wrap Up • Same Bug, Different App

SBDA âsame bug, different appâ - Security Assessment

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?

SBDA âsame bug, different appâ - Security Assessment