ROP chains

An evolution on basic stack smashing, return oriented programming (or ROP) was first presented by Solar Designer in 1997, as an innovative solution to crafting a complete program by daisy chaining up instructions that already exist within the address space of the program. Because existing legitimate executable instructions are chained together, is an effective way of bypassing non-executable stack (DEP) and code signing mitigations employed by most modern OS’s.
Read more →

Stack Canaries

A popular buffer overflow prevention technique employed by some programs. Used to detect a stack buffer overflow before execution of malicious code can occur, by placing a small integer, the value of which is randomly chosen at program start, in memory just before the stack return pointer. Most buffer overflows overwrite memory from lower to higher memory addresses, so in order to overwrite the return pointer, the canary value must also be overwritten.
Read more →

Smashing the Stack

What’s a buffer overflow, and they can be exploited. Cover some prerequistite knowledge of (Intel x86) assembly and how a Von-Neumann machine works is needed. Attacking the stack is only one category of control flow attack, there are many others including heap allocators, race conditions, root exploits, ELF, networking, viruses, etc. The end game is to gain control of the instruction pointer (IP), and as a result contol flow of the program.
Read more →

When you want to build and experiment with x86 (32-bit) based binaries on an x64 based linux kernel. This is often useful for reverse engineering and exploit proof of concepts, as x86 offers a number of simplicities over x64. On Kali add overall subsystem support with: dpkg –add-architecture i386 Then to get a working development environment: apt update apt install libc-dev-i386-cross gdb-multiarch execstack gdb-peda lib32tinfo6 lib32ncurses6 lib32ncurses-dev gcc-7 You should be good to start compiling for an x86 target.
Read more →

Exploit Development

A fundamental primer on exploit development on both Windows and Linux based OS’s. The classical classes of vulnerablilities: buffer overflow stack overflow heap overflow use after free out of bounds read Integer Overflow and NetBSD Considered concrete example in the NetBSD kernel, based on an incorrect coding style that is exposed to integer overflow during input validation. static int set_cursor(struct tfb_softc *sc, struct wsdisplay_cursor *p) { #define cc (&sc->sc_cursor) u_int v, index = 0, count = 0, icount = 0; uint8_t r[2], g[2], b[2], image[512], mask[512]; int error, s; v = p->which; if (v & WSDISPLAY_CURSOR_DOCMAP) { index = p->cmap.
Read more →