s p o n s o r e d   l i n k s


A Buffer Overflow Study Attacks & Defenses.pdf

September 12, 2008 · Filed Under Hacking Related  · Tags: , ,

The aim of this pdf material is to present how buffer overflows work and may compromise a system or a network security, and to focus on some existing protection solutions. Finally, authors tries to point out the most interesting sets to secure an environment, and compare them on criteria such as efficiency or performance loss.

Contents:

  • Introduction to Buffer Overflows
    • Generalities [ Process memory ~ Global organization ~ Function calls ~ Buffers, and how vulnerable they may be ]
    • Stack overflows [ Principle ~ Illustration ~ Basic example ~ Attack via environment variables ~ Attack using gets ]
    • Heap overflows [ Terminology ~ Unix ~ Windows ~ Motivations and Overview ~ Overwriting pointers ~ Difficulties ~ Interest of the attack ~ Practical study ~ Overwriting function pointers ~ Pointer to function: short reminder ~ Principle ~ Example ~ Trespassing the heap with C + + ~ C++ Background ~ onlinefreeebooks.net ~ Overwriting the VPTR ~ Conclusions ~ Exploiting the malloc library ~ DLMALLOC: structure ~ Corruption of DLMALLOC: principle ]
  • Protection solutions
    • Introduction
    • How does Libsafe work? [ Presentation ~ Why are the functions of the libC unsafe ? ~ What does libsafe provide ? ]
    • The Grsecurity Kernel patch [ Open Wall: non-executable stack ~ PaX: non-executable stack and heap ~ Overview ~ Implementation ~ Escaping non-executable stack protection: return into libC ]
    • Detection: Prelude [ Prelude and Libsafe ~ Shellcode detection with Prelude ~ Principle ~ Implementation ~ A new danger: plymorphic shellcodes ~ Where the danger lies ~ How to discover it ? ]
  • First steps toward security
    • Installations [ Installing Libsafe ~ Patching the Linux Kernel with Grsecurity ~ Compile time protection: installing Stack Shield ~ Intrusion Detection System: installing Prelude ]
    • Protections activation [ Setting up Libsafe ~ LD PRELOAD ~ /etc/ld.so.preload ~ Running Prelude ~ Libsafe alerts ~ Shellcode attack detection ]
  • Tests: protection and performance
    • Protection efficiency [ Exploits ~ Stack overflow ~ Heap overflow ~ Execution ~ Zero protection ~ Libsafe ~ Open Wall Kernel patch ~ PaX Kernel patch ~ Stack Shield ~ Synthesis ]
    • Performance tests [ Process ~ Analysis ~ Miscellaneous notes ]
  • A solution summary
    • Programming safely
    • Libsafe [ Limitations of libsafe ~ Benefits ]
    • The grsecurity patch [ A few drawbacks ~ Efficiency ]
  • Glossary
  • Appendix
  • A Grsecurity installation: Kernel configuration screenshots
  • B Combining PaX and Prelude
  • B.1 Overview
  • B.2 PaX logs analysis
  • C Performance tests figures

This ebook is available FREE at Try 2 Innovate website, we merely collect the information, we are neither affiliated with the author(s), the website and any brand nor responsible for its content and change of content. (Read our disclaimer here or here before you download the document from the website written above by clicking the below link).

Download free A Buffer Overflow Study Attacks & Defenses.pdf (102 pages pdf file, 0.5 MB).

Related posts




You might also be interested in reading:
buffer overflow ebook, buffer overflow attacks ebook, LibSafe limitations, A Buffer Overflow Study Attacks & Defenses pdf, security, corruption, Buffer Overflow pdf download, buffer overflow environment variable tutorial, ebooks buffer overflows
« Prev
Next »

Disclaimer

http://www.onlinefreeebooks.net - provides you collection of links to other websites containing ebooks/manuals/cheatsheets either for computer geeks, technicians, automotive enthusiasts or programmers. We merely take the power of Google Search to find those materials and link to it. NONE OF THOSE MATERIALS ARE HOSTED IN THIS SERVER NOR UPLOADED BY ME IN SOMEONE'S SERVERS.

We are neither affiliated with authors and brands nor responsible for its content and change of content.

Information contained herein is provided "as is" without warranty of any kind, either expressed or implied, including any warranty of merchantability or fitness for a particular purpose. In no event shall ANYONE be held liable for any loss of profit, special, incidental, consequential, or other similar claims.

Comments

Leave a Reply