Low Level Exploits - Packet Storm

More documents

Recommendations

Info

Return to Heap (Heap Spraying) Heap spraying is an unreliable method of increasing the chances of returning to executable instructions in a buffer overflow attack. Attackers create thousands of data structures in memory which contain mostly null operations (the 0x90 instruction) with the executable machine instructions at the end of the structure. Statistically the chances of returning to a valid location on a "NOP sled" are increased by increasing the size of the data structures. Sometimes the chance can be up to 50%.
Heap Overflows
Page 1 and 2: Low Level Exploits Email: hughpears
Page 3 and 4: Creating Shellcode
Page 5 and 6: Creating Shellcode The ELF file typ
Page 7 and 8: Creating Shellcode Let us write an
Page 9 and 10: Creating Shellcode The output of th
Page 11 and 12: Creating Shellcode Our op-codes sho
Page 13 and 14: Buffer Overflows On the Stack
Page 15 and 16: Buffer Overflows On the Stack Stack
Page 17 and 18: Buffer Overflows On the Stack //exa
Page 19 and 20: Return to Stack
Page 21 and 22: Return to Stack As you can see in t
Page 23 and 24: Format String Vulnerabilities What
Page 25 and 26: Format String Vulnerabilities But t
Page 27 and 28: Format String Vulnerabilities Lets
Page 29 and 30: Return to LibC
Page 31 and 32: Return to LibC (Linux) Now we can s
Page 33 and 34: Return to SEH (Windows) Stack cooki
Page 35: Return to Heap
Page 39 and 40: unlink() Technique by w00w00 When m
Page 41 and 42: unlink() Technique by w00w00 How a
Page 43 and 44: unlink() Technique by w00w00 Heap o
Page 45 and 46: unlink() Technique by w00w00 We can
Page 47 and 48: Integer Overflows
Page 49 and 50: Integer Overflows Signed 16 bit int
Page 51 and 52: Null Pointers
Page 53 and 54: Null Pointers Address space switchi
Page 55 and 56: Null Pointers Disable OS security e
Page 57 and 58: Null Pointers This works for 2 reas
Page 59 and 60: Return Oriented Programming Chains
Page 61 and 62: ROP Chains Scan executable memory r
Page 63 and 64: ROP Chains Using a stack pivot, the
Page 65 and 66: Questions Questions

Low Level Exploits - Packet Storm

Create successful ePaper yourself

Delete template?

Save as template?