Download as PDF, PPTX
Uploaded byn|u - The Open Security Community
nullcon 2011 - Buffer UnderRun Exploits
The document discusses three types of attacks: buffer overflow attacks, which occur when input data exceeds the allocated buffer size and overwrites other values; cookie prevention techniques; and buffer under run attacks, such as a PHP5 space trimming buffer underflow. It was presented by Saurabh Sharma and Chinmaya Kamal of SETLabs, Infosys.
More Related Content
Similar to nullcon 2011 - Buffer UnderRun Exploits
More from n|u - The Open Security Community
nullcon 2011 - Buffer UnderRun Exploits
- 1. By Saurabh Sharma& Chinmaya Kamal (SETLabs, Infosys) http://null.co.in/ Saurabh & Chinmaya http://nullcon.net/
- 2. ● Buffer overflow attacks ● Cookie prevention ● Buffer Under Run Attacks Saurabh & Chinmaya
- 3. •Buffer overflow attacksare caused when the buffers such as arrays are filled without the proper bound checking. •In some languages like C, bound checking mechanisms are not implemented. When the input data which is used to fill the buffer is greater than the size of the allocated buffer, other values in the stack get overwritten. If the attacker designs this input carefully, he can overwrite the return address with the address of his will. This address may point to some custom code, can be a malicious shell code. These attacks are known as buffer overflow attacks. Saurabh & Chinmaya
- 4.
- 5.
- 6.
- 7.
- 8.
- 9. Demo Saurabh & Chinmaya
- 10. •PHP5 Space TrimmingBuffer Under Flow (Header(), MacOSX) Saurabh & Chinmaya
- 11.
- 12. Thank You Saurabh & Chinmaya