Description:
In this video, Alex Sotirov takes us through the basics of how to go about finding security vulnerabilities in software using reverse engineering. He begins the presentation with a quick demo of the ANI bug he discovered on Vista and XP. He then starts with the very basics of reverse engineering and describes the tools he uses -
IDA Pro,
BinDiff,
PaiMei etc. He then talks about the various protection mechanisms built into Vista -
/GS stack cookies,
Address Space layout Randomization (ASLR) and
Data Execution Prevention (DEP).
In the second part of the talk, he describes how he subverted all these protection mechanisms while finding and exploiting the ANI vulnerability. In the process he also talks about Heap Spraying techniques and how they can be used to exploit vulnerable situations in code. He concludes his talk by educating the audience about secure programming techniques and principles of secure software design. This is a very detailed video and runs for around an hour, but is definitely worth the time and patience. Highly recommended watch.
For those of you who are newbies to reverse engineering, we have created the
Assembly language primer (13 videos),
Buffer Overflow basics (9 videos) and
Format String (in progress) exploitation videos for you to get started. You can also refer to the excellent video posted by Dino Dai Zovi on
Windows Exploit Programming for additional material on the subject. Enjoy!
Tags: programming ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
Comments:
I need someone who is capable of hacking* websites & accessing their email database
I don't need scraping,web crawling or extractors
I need this sites HACKED so I gain access to their email DB
I will need to test the result u give me,if it checks out,I am willing to pay up to 3000$
per website and 10-20 websites monthly,which will increase upon delivery of faster & quality
service
Pls note,CONTINUITY is what I am after...I NEED A GOOD PARTNER I CAN WORK WITH FOR A VERY
LONG TIME!. I HAVE AT LEAST 500 WEBSITES ON MY LIST AND IM WILLING TO PAY 3000$ PER WEBSITE
PLEASE SEND ME A MAIL IF U CAN DO THIS ASAP ; omorye007 (at) yahoo (dot) com
Cheers