SBDA âsame bug, different appâ - Security Assessment

More documents

Recommendations

Info

SBDA – An Introduction • Same Bug, Different App The theory that an attack vector affecting one application may also affect another • An Exploit Is Made Up Of Parts Payload - Code to give the desired exploit result Vector - Method used to transfer data to the target Target - The target application PAYLOAD SHELLCODE VECTOR CHUNKED POST TARGET ASP.DLL • So What Does That Mean Modification of the Target variable can lead to rapid discovery of vulnerabilities exploited through the same Vector Copyright Security-Assessment.com 2005
SBDA – What It’s Not • Not The Same Source Code Error We are not talking about the same bug caused by the same problem in the source code • Not Just Buffer Overflows SBDA is a theoretical concept that affects all types of vulnerabilities • Not Just Running The Same Exploit SBDA is the use of a known attack vector, not the payload • It’s Not Law The SBDA concept and theory stemmed from my annoyance at the use of the same attack vector time and time again. It is my view on the topic, and may be completely misguided Copyright Security-Assessment.com 2005
Page 1: SBDA “same bug, different app”
Page 5 and 6: SBDA - The Conception • I Wanted
Page 7 and 8: How Can This Be Applied To Research
Page 9 and 10: The SBDA Advantage • Gives Resear
Page 11 and 12: The AV / Archive SBDA (in reverse)
Page 13 and 14: Packet vs File • Both Are Data Bo
Page 15 and 16: Some Common Test Methods • Fuzzin
Page 17 and 18: SDBA Theory In Practice • Some Ex
Page 19 and 20: The Long Value SBDA • Length Valu
Page 21 and 22: The Long Import SBDA • Jan, 2005
Page 23 and 24: The URL Handler SBDA • Mar 09, 20
Page 25 and 26: SBDA To The Test • Quick File Bas
Page 27 and 28: 2 nd Generation Vulnerabilities •
Page 29 and 30: Wrap Up • Same Bug, Different App

SBDA âsame bug, different appâ - Security Assessment

Create successful ePaper yourself

Delete template?

Save as template?

SBDA âsame bug, different appâ - Security Assessment