Wednesday, April 12, 2006 11:43 PM bart

Creating cute buffer overruns and fighting them by /GS - MSDN Security Evenings

I'm in the middle of preparing the MSDN Security Evening sessions over here in Belgium, which will be just fantastic (hope to see you there). Currently I'm messing around with buffer overruns, one of my favorite topics on the field of security. Instead of just doing the silly "call another function using strcpy stuff", I'm creating a slightly more complex attack that's really inserting malicious assembler code to the stack. A good resource to aid in this kind of attack creation is http://www.metasploit.com which has a lot of useful payloads to construct this kind of demos.

I'm not going to post any code over here, neither am I going to explain how to construct an attack. If you want to see it in action, come to one of my sessions and see how a faulty strcpy can open the door for an attacker to add a local administrator on the machine or to shutdown the machine using some malicious input. The good news is that the Visual C++ 2003 and 2005 compiler makes this kind of attack much harder to do thanks to the /GS flag.

Del.icio.us | Digg It | Technorati | Blinklist | Furl | reddit | DotNetKicks

Filed under:

Comments

No Comments