Format String Vulnerabilities Primer (Part 1 The Basics)
|
|
|
||||||||||
Description: <div style="text-align: justify;">In this video series we will cover Format String Vulnerabilities in detail. The prerequisite for this series is Assembly Language and Buffer Overflow basics. If you are not familiar with these topics, please go through the detailed Assembly Language Primer for Hackers and Buffer Overflow Primer for Hackers video series which I have created.<br><br>In this first video of the series, we will understand the basics of format strings and format functions. Format functions such as Printf, Sprintf etc. belong to a class of functions called Variadic functions, which are capable of taking variable number of arguments. These functions rely on the format string passed to them, to decide the number of input arguments and their data types. Format string vulnerabilities happen when this format string passed to these functions is controlled by user input. In this video we will look at a simple case where information leakage happens due to a format string vulnerability being present. In the next video we will look at the program stack to undertstand how arguments are fetched by the format functions and why this makes them vulnerable to attack. <br><br><br></div><br><style type="text/css"> body { background: #FFF; } </style>
This video is part of the following groups:
1. Format String Vulnerabilities Megaprimer ( 4 videos)
Comments (10)
 |
cr1tt3r on Sat 05 Mar 2011 Dear Vivek - you rock my world! I've been looking everywhere to learn about format string vulnerabilities and your videos are honestly the best resource on the net! |
 |
dydxex on Tue 12 Apr 2011 Been looking for something like this for a while! Thanks a lot! |
 |
behrouz on Thu 21 Apr 2011 Dear Vivek ,you changed my world tnx |
 |
3ntropy on Mon 06 Jun 2011 great tutorial |
 |
JayWalker on Fri 17 Jun 2011 Hi Vivek, |
|
Tony on Sun 10 Jul 2011 hi JayWalker.. |
|
airwizard on Sun 11 Sep 2011 very informative thanks alot! :-) |
|
fakyr on Fri 18 Nov 2011 Great tutorial thx! |
|
rmathews on Sat 07 Jan 2012 Dude, when I see these videos I know why they say 'TEACHING is an ART'. Amazing. |
|
Nittu on Mon 16 Apr 2012 nice and clear video |