Reverse Engineering Techniques To Find Security Vulnerabilities
|
|
|
||||||||||||
Description:
In this video, Alex Sotirov takes us through the basics of how to go about finding security vulnerabilities in software using reverse engineering. He begins the presentation with a quick demo of the ANI bug he discovered on Vista and XP. He then starts with the very basics of reverse engineering and describes the tools he uses - IDA Pro, BinDiff, PaiMei etc. He then talks about the various protection mechanisms built into Vista - /GS stack cookies, Address Space layout Randomization (ASLR) and Data Execution Prevention (DEP).
In the second part of the talk, he describes how he subverted all these protection mechanisms while finding and exploiting the ANI vulnerability. In the process he also talks about Heap Spraying techniques and how they can be used to exploit vulnerable situations in code. He concludes his talk by educating the audience about secure programming techniques and principles of secure software design. This is a very detailed video and runs for around an hour, but is definitely worth the time and patience. Highly recommended watch.
For those of you who are newbies to reverse engineering, we have created the Assembly language primer (13 videos), Buffer Overflow basics (9 videos) and Format String (in progress) exploitation videos for you to get started. You can also refer to the excellent video posted by Dino Dai Zovi on Windows Exploit Programming for additional material on the subject. Enjoy!
In the second part of the talk, he describes how he subverted all these protection mechanisms while finding and exploiting the ANI vulnerability. In the process he also talks about Heap Spraying techniques and how they can be used to exploit vulnerable situations in code. He concludes his talk by educating the audience about secure programming techniques and principles of secure software design. This is a very detailed video and runs for around an hour, but is definitely worth the time and patience. Highly recommended watch.
For those of you who are newbies to reverse engineering, we have created the Assembly language primer (13 videos), Buffer Overflow basics (9 videos) and Format String (in progress) exploitation videos for you to get started. You can also refer to the excellent video posted by Dino Dai Zovi on Windows Exploit Programming for additional material on the subject. Enjoy!
Comments (1)
 |
hacknix on Thu 26 Jan 2012 I need someone who is capable of hacking* websites & accessing their email database |