• Home

  • Documents

  • Final Exam Review. Common Attack Techniques Stack overflow – Basic version – Advanced versions...
16
Final Exam Review

Final Exam Review. Common Attack Techniques Stack overflow – Basic version – Advanced versions Mitigations – Canary – W^X page – ASLR

Embed Size (px)

Citation preview

Page 1: Final Exam Review. Common Attack Techniques Stack overflow – Basic version – Advanced versions Mitigations – Canary – W^X page – ASLR

Final Exam Review

Page 2: Final Exam Review. Common Attack Techniques Stack overflow – Basic version – Advanced versions Mitigations – Canary – W^X page – ASLR

Common Attack Techniques

• Stack overflow– Basic version– Advanced versions

• Mitigations– Canary– W^X page– ASLR

Page 3: Final Exam Review. Common Attack Techniques Stack overflow – Basic version – Advanced versions Mitigations – Canary – W^X page – ASLR

Quiz

• Which one of the mitigations can be circumvented by the advanced version of stack overflow?

A. Canary B. W^X C. ASLR 1. indirect jump 2. return into libc3. ROP

Page 4: Final Exam Review. Common Attack Techniques Stack overflow – Basic version – Advanced versions Mitigations – Canary – W^X page – ASLR

Basic Cryptography

• Four primitives– Cryptographic hash– Symmetric encryption– Asymmetric encryption– Digital signature

Page 5: Final Exam Review. Common Attack Techniques Stack overflow – Basic version – Advanced versions Mitigations – Canary – W^X page – ASLR

Quiz

• Which property of cryptographic hash ensures that if password hash matches the one stored on the system, the password is the correct one?

• Which property of cryptographic hash ensures that the stored hash does not jeopardize the secrecy of passwords

Page 6: Final Exam Review. Common Attack Techniques Stack overflow – Basic version – Advanced versions Mitigations – Canary – W^X page – ASLR

Authentication

• Password-based authentication– How is authentication state stored– How is verification done– Attacks and mitigation

Page 7: Final Exam Review. Common Attack Techniques Stack overflow – Basic version – Advanced versions Mitigations – Canary – W^X page – ASLR

Quiz

• Adversary obtains authentication state from the system and conduct brute-force attacks. If the authentication state is salted, would the attack be more difficult than if it is not?

Page 8: Final Exam Review. Common Attack Techniques Stack overflow – Basic version – Advanced versions Mitigations – Canary – W^X page – ASLR

Authentication Protocol

• Challenge-response– Why need it?

• Example ones using the various cryptographic primitives– MAC– Encryption– Digital signature

Page 9: Final Exam Review. Common Attack Techniques Stack overflow – Basic version – Advanced versions Mitigations – Canary – W^X page – ASLR

Quiz

• Using symmetric encryption for authentication. Alice sends m to Bob, Bob encrypts m using shared key K and send it back to Alice, Alice decrypts it and send Bob the plaintext. Bob verifies that the plaintext is the same as m.– Can Alice authenticates to Bob using this?

Page 10: Final Exam Review. Common Attack Techniques Stack overflow – Basic version – Advanced versions Mitigations – Canary – W^X page – ASLR

UNIX Protection Basics

• File system protection• Setuid

Page 11: Final Exam Review. Common Attack Techniques Stack overflow – Basic version – Advanced versions Mitigations – Canary – W^X page – ASLR

Quiz

• What is the security problem you can see?

-rwsr-xrwx 1 simon fac 13589 Jul 30 20:08 getscore

Page 12: Final Exam Review. Common Attack Techniques Stack overflow – Basic version – Advanced versions Mitigations – Canary – W^X page – ASLR

Secure Operating System

• Mandatory Access Control– Complete Mediation: all security-sensitive ops– Tamperproof: untrusted processes cannot modify

access enforcement system– Verifiable: small TCB

Page 13: Final Exam Review. Common Attack Techniques Stack overflow – Basic version – Advanced versions Mitigations – Canary – W^X page – ASLR

Concrete OS Examples

• SELinux– Only need to understand the basic protection

concept.– Policy language not required

• Android– Basic security architecture– Security problems

Page 14: Final Exam Review. Common Attack Techniques Stack overflow – Basic version – Advanced versions Mitigations – Canary – W^X page – ASLR

Security Models

• Bell LaPadula (Secrecy)

• Biba (Integrity)

Page 15: Final Exam Review. Common Attack Techniques Stack overflow – Basic version – Advanced versions Mitigations – Canary – W^X page – ASLR

Trusted Infrastructure

• TPM– Root of trust for storage– Root of trust for reporting– Root of trust for measurement*

• Measured boot

Page 16: Final Exam Review. Common Attack Techniques Stack overflow – Basic version – Advanced versions Mitigations – Canary – W^X page – ASLR

DNS Security

• DNS poisoning problem– How the attack is carried out– Consequence of a successful attack

• DNSSEC– Basic concepts– How this will address the insecurity problem of

DNS


NES-Bypass Win7 Kernel Aslr

NES-Bypass Win7 Kernel Aslr

Documents
RockandROPeando: bypass DEP y ASLR vía ROP

RockandROPeando: bypass DEP y ASLR vía ROP

Documents
Defeat Exploit Mitigations - PIE

Defeat Exploit Mitigations - PIE

Documents
Satellite Constellations: Impact, Mitigations, and

Satellite Constellations: Impact, Mitigations, and

Documents
Speculative Execution Side Channel Mitigations

Speculative Execution Side Channel Mitigations

Documents
Canary Greens, Today Canary Greens

Canary Greens, Today Canary Greens

Real Estate
The Joy of Sandbox Mitigations

The Joy of Sandbox Mitigations

Software
Ransomware Threats and Mitigations

Ransomware Threats and Mitigations

Documents
ASLR - Address Space Layout Randomization.pdf

ASLR - Address Space Layout Randomization.pdf

Documents
Flashlite 2.x 3.x Aslr (1)

Flashlite 2.x 3.x Aslr (1)

Documents
BALANCING MITIGATIONS - California Preservation

BALANCING MITIGATIONS - California Preservation

Documents
Refinery Power Outage Mitigations - 2014 · Refinery Power Outage Mitigations - 2014 Hydrocarbon Publishing Company

Refinery Power Outage Mitigations - 2014 · Refinery Power Outage Mitigations - 2014 Hydrocarbon Publishing Company

Documents
A Brief History of Exploitation Techniques & Mitigations ...hick.org/.../misc/exploitation_techniques_and_mitigations_on_windo… · A Brief History of Exploitation Techniques & Mitigations

A Brief History of Exploitation Techniques & Mitigations ...hick.org/.../misc/exploitation_techniques_and_mitigations_on_windo… · A Brief History of Exploitation Techniques & Mitigations

Documents
Attacks and their mitigations

Attacks and their mitigations

Technology
Adding ASLR to jailbroken iPhonespowerofcommunity.net/poc2010/stefan.pdf · Stefan Esser • Adding ASLR to jailbroken iPhones • December 2010 • iPhone Security • in 2010 iPhone

Adding ASLR to jailbroken iPhonespowerofcommunity.net/poc2010/stefan.pdf · Stefan Esser • Adding ASLR to jailbroken iPhones • December 2010 • iPhone Security • in 2010 iPhone

Documents
Antid0te 2.0 – ASLR in iOS

Antid0te 2.0 – ASLR in iOS

Technology
Welfare Reform Mitigations Working Group Report: Next ... · The Welfare Reform Mitigations Working Group Report (the “Evason report”) proposes mitigations that will make a significant

Welfare Reform Mitigations Working Group Report: Next ... · The Welfare Reform Mitigations Working Group Report (the “Evason report”) proposes mitigations that will make a significant

Documents
Abusing Silent Mitigations - Black Hat | Home · Abusing Silent Mitigations ... two new exploit mitigations into their browser with the ... or it might be a stale pointer that is

Abusing Silent Mitigations - Black Hat | Home · Abusing Silent Mitigations ... two new exploit mitigations into their browser with the ... or it might be a stale pointer that is

Documents
Antid0te 2.0 - ASLR in iOSconference.hitb.org/hitbsecconf2011ams/materials/D1T1 - Stefan Es… · • again by jailbreakme.com (full remote jailbreak) • lack of ASLR in iOS recognized

Antid0te 2.0 - ASLR in iOSconference.hitb.org/hitbsecconf2011ams/materials/D1T1 - Stefan Es… · • again by jailbreakme.com (full remote jailbreak) • lack of ASLR in iOS recognized

Documents
Logic Bug Hunting in Chrome on Android - Pwn2Own...Android Mitigations •More and better security mechanisms •Improved rights management, SELinux, TrustZone •ASLR, DEP, PIE, RELRO,

Logic Bug Hunting in Chrome on Android - Pwn2Own...Android Mitigations •More and better security mechanisms •Improved rights management, SELinux, TrustZone •ASLR, DEP, PIE, RELRO,

Documents
Defeating DEP and ASLR in Windows

Defeating DEP and ASLR in Windows

Documents
BABAR Risks and Mitigations

BABAR Risks and Mitigations

Documents
Stack Canaries & ASLR Computer Security CSC 405

Stack Canaries & ASLR Computer Security CSC 405

Documents
An NCC Group Publication€¦ · return-oriented programming (ROP) is. You also need to be aware of the Windows 8 mitigations such as SMEP and Kernel ASLR. Throughout this paper,

An NCC Group Publication€¦ · return-oriented programming (ROP) is. You also need to be aware of the Windows 8 mitigations such as SMEP and Kernel ASLR. Throughout this paper,

Documents
Environmental Impacts (and Mitigations)

Environmental Impacts (and Mitigations)

Documents
DEP/ASLR bypass without ROP/JIT

DEP/ASLR bypass without ROP/JIT

Technology
Breaking PaX ASLR

Breaking PaX ASLR

Documents
Next Level Cheating and Leveling-Up Mitigations - Black … · Next Level Cheating and Leveling Up Mitigations ... •World of Warcraft ... Next Level Cheating and Leveling-Up Mitigations

Next Level Cheating and Leveling-Up Mitigations - Black … · Next Level Cheating and Leveling Up Mitigations ... •World of Warcraft ... Next Level Cheating and Leveling-Up Mitigations

Documents
ASLR Win7 Shellcode Exploit Pekeinfo

ASLR Win7 Shellcode Exploit Pekeinfo

Documents
Canary Wharf Guidecanarywharf.com/wp-content/uploads/2015/12/canary-wharf-guide... · Cabot Place £ Bank Canary Wharf Canary Wharf

Canary Wharf Guidecanarywharf.com/wp-content/uploads/2015/12/canary-wharf-guide... · Cabot Place £ Bank Canary Wharf Canary Wharf

Documents