SecurityTubeBeta Watch ... Learn ... Contribute |
 |
 |
 |
 |
 |
  |
|
Windows Exploit Programming Primer
We kick started the exploit code research series on SecurityTube by creating the Assembly language primer (13 videos), Buffer Overflow basics (9 videos) and Format String (in progress) exploitation videos. However, we concentrated on linux OSs in all the videos. We have plans to release a new set of videos on using windows as the attack platform.
In the meantime, we would recommend watching the video series below given by security researcher Dino Dai Zovi on windows based exploitation techniques. Dino proposes a 6 step process to getting a shell:
1. Trigger the Vulnerability
2. Identify usable character sets
3. Identify Offsets of significant elements on the stack
4. Fill in jump and readable / writable addresses
5. Measure usable space for your payload
6. Payload
In the first video below, Dino explains all the above on the blackboard and talks about how process memory is organized on windows. He emphasizes that its much easier to exploit windows as the DLLs are always loaded in predictable locations in process memory. Also, Address Space Layout Randomization (ASLR) which was introduced in Vista randomizes the address space once per boot which allows for easy exploitation using repeated tries before the machine is rebooted again. In the second video, Dino shows a live demo of an exploitation process on windows using the Immunity Debugger.
More details on the class and homework is available on Pentest.cryptocity.net. Many thanks to Dan Guido for making these videos available on Vimeo.
In the meantime, we would recommend watching the video series below given by security researcher Dino Dai Zovi on windows based exploitation techniques. Dino proposes a 6 step process to getting a shell:
1. Trigger the Vulnerability
2. Identify usable character sets
3. Identify Offsets of significant elements on the stack
4. Fill in jump and readable / writable addresses
5. Measure usable space for your payload
6. Payload
In the first video below, Dino explains all the above on the blackboard and talks about how process memory is organized on windows. He emphasizes that its much easier to exploit windows as the DLLs are always loaded in predictable locations in process memory. Also, Address Space Layout Randomization (ASLR) which was introduced in Vista randomizes the address space once per boot which allows for easy exploitation using repeated tries before the machine is rebooted again. In the second video, Dino shows a live demo of an exploitation process on windows using the Immunity Debugger.
More details on the class and homework is available on Pentest.cryptocity.net. Many thanks to Dan Guido for making these videos available on Vimeo.
Related Videos from: Windows Exploit Code Programming
 |  | ||||
You are Viewing this Video Now! | |||||
17094 views | 8547 views |
Author
Vivek Ramachandran is a security evangelist and has been working in computer security related fields for the past 7 years. In 2007, Vivek spoke at world renowned conferences Defcon (WEP Cloaking Exposed) and Toorcon (The Caffe Latte Attack). The discovery of the Caffe Latte Attack was covered by CBS5 news, BBC online, Network World etc news agencies.In 2006, Vivek was announced as one of winners of the Microsoft Security Shootout contest held in India among 65,000 participants. He has also been a recipient of a Team Achievement at Cisco Systems for his work on 802.1x and Port Security modules on the Catalyst 6500 switches. Currently he spends all of his time maintaining Security- Freak.Net , SecurityTube.Net and is the co-founder of Axonize. Vivek, is a Bachelor in Electronics and Communications Engineering from the prestigious Indian Institute of Technology, Guwahati.You can contact him at vivek[at]securitytube.net
©2007 Freak Labs |