SlideShare ist ein Scribd-Unternehmen logo

Software Attacks Overview

Als PPT, PDF herunterladen
Amir Neziri
Amir Neziri

The document discusses software attacks that can occur at runtime, including buffer overflows, return-oriented programming, and their potential uses and countermeasures. It provides an overview of common software attacks according to the OWASP Top 10 list and describes buffer overflow attacks and return-oriented programming attacks in detail through examples and diagrams. Potential targets of software attacks mentioned include internet applications, e-voting, banking, and TV decoders.

Seele & Geist
1 von 47
English for Computer Science II Software(Runtime) Attacks Amir Neziri & Jurlind Budurushi Source: [6]
Where do we use Software Attacks?(1) ,[object Object],5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi
Overview - Software Attacks ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi
Where do we use Software Attacks?(2) ,[object Object],5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi
Where do we use Software Attacks?(3) ,[object Object],5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi
Where do we use Software Attacks?(4) ,[object Object],5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi
Overview of Software(Runtime) Attacks ,[object Object],[object Object],[object Object],[object Object],[object Object],5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi
Content ,[object Object],[object Object],[object Object],[object Object],5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi
We present… ,[object Object],5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi
BO Vulnerabilities: Statistics ,[object Object],5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
The Stack Frame 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
The Stack Frame (cntd.) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi
Vulnerable program ,[object Object],5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
Buffer Overflow ,[object Object],5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi
(1) Program starts 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
(2) The echo() function is called 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
(3) Call instruction pushes return address onto the stack 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
(4) Allocation of saved base pointer and buffer 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
(5) echo() calls gets(buffer) function 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
(6) Adversary transmits malicious code 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
(7) Malicious code contains shellcode, pattern bytes, . . . 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
(8) . . . , and a new return address 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
(9) Before echo() returns to main, SP is updated 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
(10) echo() issues return resulting in execution of shellcode 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
BO - Countermeasures ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi
ROP – The Big Picture 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
ROP – The Big Picture 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi
ROP – The Big Picture 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
ROP – Architectures ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi
ROP – General idea ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi
ROP ,[object Object],5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi
ROP – Waiting for input from user 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
ROP – Attacker overflows the buffer 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
ROP – Input contains ret-addresses and one argument 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
ROP – 1st sequence is executed 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
ROP – „ret“ instruction transfers control 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
ROP – Transfers control from 2nd to 3rd instruction 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
ROP – POP argument from stack 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
ROP – „ret“ has been reached 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
ROP – Transfers control from 3rd to 4th instruction 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
ROP – Transfers control from 1st gadget to the 2nd 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
ROP – Transfers control from 1st sequence to the 2nd 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
ROP - Countermeasures ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi
Live Demo & Discussion ,[object Object],5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi
Questions??? 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi
5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi
References ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi

Empfohlen

Eloi Sanfelix - Hardware security: Side Channel Attacks [RootedCON 2011]
Eloi Sanfelix - Hardware security: Side Channel Attacks [RootedCON 2011]Eloi Sanfelix - Hardware security: Side Channel Attacks [RootedCON 2011]
Eloi Sanfelix - Hardware security: Side Channel Attacks [RootedCON 2011]RootedCON
 
Network Attacks
Network AttacksNetwork Attacks
Network AttacksSecurityTube.Net
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internetRohan Bharadwaj
 
Estimation Techniques V1.0
Estimation Techniques V1.0Estimation Techniques V1.0
Estimation Techniques V1.0Uday K Bhatt
 
Lessons Learned from Porting HelenOS to RISC-V
Lessons Learned from Porting HelenOS to RISC-VLessons Learned from Porting HelenOS to RISC-V
Lessons Learned from Porting HelenOS to RISC-VMartin Děcký
 
Engineering the Aggregate - Talk at Software Engineering for Intelligent and ...
Engineering the Aggregate - Talk at Software Engineering for Intelligent and ...Engineering the Aggregate - Talk at Software Engineering for Intelligent and ...
Engineering the Aggregate - Talk at Software Engineering for Intelligent and ...Danilo Pianini
 
Web Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging ThreatsWeb Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging ThreatsAlan Kan
 
iperfTZ: Understanding Network Bottlenecks for TrustZone-based Applications
iperfTZ: Understanding Network Bottlenecks for TrustZone-based ApplicationsiperfTZ: Understanding Network Bottlenecks for TrustZone-based Applications
iperfTZ: Understanding Network Bottlenecks for TrustZone-based ApplicationsLEGATO project
 

Empfohlen

Eloi Sanfelix - Hardware security: Side Channel Attacks [RootedCON 2011]
Eloi Sanfelix - Hardware security: Side Channel Attacks [RootedCON 2011]Eloi Sanfelix - Hardware security: Side Channel Attacks [RootedCON 2011]
Eloi Sanfelix - Hardware security: Side Channel Attacks [RootedCON 2011]RootedCON
 
Network Attacks
Network AttacksNetwork Attacks
Network AttacksSecurityTube.Net
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internetRohan Bharadwaj
 
Estimation Techniques V1.0
Estimation Techniques V1.0Estimation Techniques V1.0
Estimation Techniques V1.0Uday K Bhatt
 
Lessons Learned from Porting HelenOS to RISC-V
Lessons Learned from Porting HelenOS to RISC-VLessons Learned from Porting HelenOS to RISC-V
Lessons Learned from Porting HelenOS to RISC-VMartin Děcký
 
Engineering the Aggregate - Talk at Software Engineering for Intelligent and ...
Engineering the Aggregate - Talk at Software Engineering for Intelligent and ...Engineering the Aggregate - Talk at Software Engineering for Intelligent and ...
Engineering the Aggregate - Talk at Software Engineering for Intelligent and ...Danilo Pianini
 
Web Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging ThreatsWeb Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging ThreatsAlan Kan
 
iperfTZ: Understanding Network Bottlenecks for TrustZone-based Applications
iperfTZ: Understanding Network Bottlenecks for TrustZone-based ApplicationsiperfTZ: Understanding Network Bottlenecks for TrustZone-based Applications
iperfTZ: Understanding Network Bottlenecks for TrustZone-based ApplicationsLEGATO project
 
Deepthi ratnayake
Deepthi ratnayakeDeepthi ratnayake
Deepthi ratnayakeLondonMet PGR Students
 
Computational Fields meet Augmented Reality: Perspectives and Challenges
Computational Fields meet Augmented Reality: Perspectives and ChallengesComputational Fields meet Augmented Reality: Perspectives and Challenges
Computational Fields meet Augmented Reality: Perspectives and ChallengesDanilo Pianini
 
1 Introduction The task of identifying risks in an.docx
1 Introduction The task of identifying risks in an.docx1 Introduction The task of identifying risks in an.docx
1 Introduction The task of identifying risks in an.docxjeremylockett77
 
2011/09/13 - Introduction
2011/09/13 - Introduction2011/09/13 - Introduction
2011/09/13 - IntroductionFernando Brito e Abreu
 
Universal programmability how ai can help
Universal programmability how ai can helpUniversal programmability how ai can help
Universal programmability how ai can helpCS, NcState
 
Android device driver structure introduction
Android device driver structure introductionAndroid device driver structure introduction
Android device driver structure introductionWilliam Liang
 
Continuous Integration
Continuous IntegrationContinuous Integration
Continuous IntegrationDanilo Pianini
 
Collaboration Portal for Researchers
Collaboration Portal for ResearchersCollaboration Portal for Researchers
Collaboration Portal for ResearchersFatemeh Khast Khoda
 
Security of Web Servers and Web Applications
Security of Web Servers and Web ApplicationsSecurity of Web Servers and Web Applications
Security of Web Servers and Web ApplicationsAmir Neziri
 
Delivering software - process and infrastructure
Delivering software - process and infrastructureDelivering software - process and infrastructure
Delivering software - process and infrastructureRune Sundling
 
Protelis: Practical Aggregate Programming - Symposium on Applied Computing (S...
Protelis: Practical Aggregate Programming - Symposium on Applied Computing (S...Protelis: Practical Aggregate Programming - Symposium on Applied Computing (S...
Protelis: Practical Aggregate Programming - Symposium on Applied Computing (S...Danilo Pianini
 
Make Me an Eclipse View (with less Plumbing): The PTP External Tools Framewor...
Make Me an Eclipse View (with less Plumbing): The PTP External Tools Framewor...Make Me an Eclipse View (with less Plumbing): The PTP External Tools Framewor...
Make Me an Eclipse View (with less Plumbing): The PTP External Tools Framewor...bethtib
 
Ramadan algorithm
Ramadan algorithmRamadan algorithm
Ramadan algorithmMahaElbasuony
 
600.412.Lecture05
600.412.Lecture05600.412.Lecture05
600.412.Lecture05ragibhasan
 
Open Developer Platform: What Is It and Why Should I Care? Maurizio Pillitu
Open Developer Platform: What Is It and Why Should I Care? Maurizio PillituOpen Developer Platform: What Is It and Why Should I Care? Maurizio Pillitu
Open Developer Platform: What Is It and Why Should I Care? Maurizio PillituSymphony Software Foundation
 
Mtech First progress PRESENTATION ON VIDEO SUMMARIZATION
Mtech First progress PRESENTATION ON VIDEO SUMMARIZATIONMtech First progress PRESENTATION ON VIDEO SUMMARIZATION
Mtech First progress PRESENTATION ON VIDEO SUMMARIZATIONNEERAJ BAGHEL
 
MichaelFoxResume20150616
MichaelFoxResume20150616MichaelFoxResume20150616
MichaelFoxResume20150616Michael Fox
 
[CB21] Were "2020" Subdomains Abused Actually? - Mining the Real Threat Hidde...
[CB21] Were "2020" Subdomains Abused Actually? - Mining the Real Threat Hidde...[CB21] Were "2020" Subdomains Abused Actually? - Mining the Real Threat Hidde...
[CB21] Were "2020" Subdomains Abused Actually? - Mining the Real Threat Hidde...CODE BLUE
 
Secure Mobile Cloud Service for personal data with web frontend based on HTML5
Secure Mobile Cloud Service for personal data with web frontend based on HTML5Secure Mobile Cloud Service for personal data with web frontend based on HTML5
Secure Mobile Cloud Service for personal data with web frontend based on HTML5Amir Neziri
 
Quellcode Analyse
Quellcode AnalyseQuellcode Analyse
Quellcode AnalyseAmir Neziri
 
Privacy and identity management for everyone
Privacy and identity management for everyonePrivacy and identity management for everyone
Privacy and identity management for everyoneAmir Neziri
 
Sichere Handy-Ortung zur Unterstützung des Katastrophenmanagements auf Basis ...
Sichere Handy-Ortung zur Unterstützung des Katastrophenmanagements auf Basis ...Sichere Handy-Ortung zur Unterstützung des Katastrophenmanagements auf Basis ...
Sichere Handy-Ortung zur Unterstützung des Katastrophenmanagements auf Basis ...Amir Neziri
 

Weitere ähnliche Inhalte

Ähnlich wie Software Attacks Overview

Computational Fields meet Augmented Reality: Perspectives and Challenges
Computational Fields meet Augmented Reality: Perspectives and ChallengesComputational Fields meet Augmented Reality: Perspectives and Challenges
Computational Fields meet Augmented Reality: Perspectives and ChallengesDanilo Pianini
 
1 Introduction The task of identifying risks in an.docx
1 Introduction The task of identifying risks in an.docx1 Introduction The task of identifying risks in an.docx
1 Introduction The task of identifying risks in an.docxjeremylockett77
 
Universal programmability how ai can help
Universal programmability how ai can helpUniversal programmability how ai can help
Universal programmability how ai can helpCS, NcState
 
Android device driver structure introduction
Android device driver structure introductionAndroid device driver structure introduction
Android device driver structure introductionWilliam Liang
 
Continuous Integration
Continuous IntegrationContinuous Integration
Continuous IntegrationDanilo Pianini
 
Collaboration Portal for Researchers
Collaboration Portal for ResearchersCollaboration Portal for Researchers
Collaboration Portal for ResearchersFatemeh Khast Khoda
 
Security of Web Servers and Web Applications
Security of Web Servers and Web ApplicationsSecurity of Web Servers and Web Applications
Security of Web Servers and Web ApplicationsAmir Neziri
 
Delivering software - process and infrastructure
Delivering software - process and infrastructureDelivering software - process and infrastructure
Delivering software - process and infrastructureRune Sundling
 
Protelis: Practical Aggregate Programming - Symposium on Applied Computing (S...
Protelis: Practical Aggregate Programming - Symposium on Applied Computing (S...Protelis: Practical Aggregate Programming - Symposium on Applied Computing (S...
Protelis: Practical Aggregate Programming - Symposium on Applied Computing (S...Danilo Pianini
 
Make Me an Eclipse View (with less Plumbing): The PTP External Tools Framewor...
Make Me an Eclipse View (with less Plumbing): The PTP External Tools Framewor...Make Me an Eclipse View (with less Plumbing): The PTP External Tools Framewor...
Make Me an Eclipse View (with less Plumbing): The PTP External Tools Framewor...bethtib
 
600.412.Lecture05
600.412.Lecture05600.412.Lecture05
600.412.Lecture05ragibhasan
 
Open Developer Platform: What Is It and Why Should I Care? Maurizio Pillitu
Open Developer Platform: What Is It and Why Should I Care? Maurizio PillituOpen Developer Platform: What Is It and Why Should I Care? Maurizio Pillitu
Open Developer Platform: What Is It and Why Should I Care? Maurizio PillituSymphony Software Foundation
 
Mtech First progress PRESENTATION ON VIDEO SUMMARIZATION
Mtech First progress PRESENTATION ON VIDEO SUMMARIZATIONMtech First progress PRESENTATION ON VIDEO SUMMARIZATION
Mtech First progress PRESENTATION ON VIDEO SUMMARIZATIONNEERAJ BAGHEL
 
MichaelFoxResume20150616
MichaelFoxResume20150616MichaelFoxResume20150616
MichaelFoxResume20150616Michael Fox
 
[CB21] Were "2020" Subdomains Abused Actually? - Mining the Real Threat Hidde...
[CB21] Were "2020" Subdomains Abused Actually? - Mining the Real Threat Hidde...[CB21] Were "2020" Subdomains Abused Actually? - Mining the Real Threat Hidde...
[CB21] Were "2020" Subdomains Abused Actually? - Mining the Real Threat Hidde...CODE BLUE
 

Ähnlich wie Software Attacks Overview (18)

Deepthi ratnayake
Deepthi ratnayakeDeepthi ratnayake
Deepthi ratnayake
 
Computational Fields meet Augmented Reality: Perspectives and Challenges
Computational Fields meet Augmented Reality: Perspectives and ChallengesComputational Fields meet Augmented Reality: Perspectives and Challenges
Computational Fields meet Augmented Reality: Perspectives and Challenges
 
1 Introduction The task of identifying risks in an.docx
1 Introduction The task of identifying risks in an.docx1 Introduction The task of identifying risks in an.docx
1 Introduction The task of identifying risks in an.docx
 
2011/09/13 - Introduction
2011/09/13 - Introduction2011/09/13 - Introduction
2011/09/13 - Introduction
 
Universal programmability how ai can help
Universal programmability how ai can helpUniversal programmability how ai can help
Universal programmability how ai can help
 
Android device driver structure introduction
Android device driver structure introductionAndroid device driver structure introduction
Android device driver structure introduction
 
Continuous Integration
Continuous IntegrationContinuous Integration
Continuous Integration
 
Collaboration Portal for Researchers
Collaboration Portal for ResearchersCollaboration Portal for Researchers
Collaboration Portal for Researchers
 
Security of Web Servers and Web Applications
Security of Web Servers and Web ApplicationsSecurity of Web Servers and Web Applications
Security of Web Servers and Web Applications
 
Delivering software - process and infrastructure
Delivering software - process and infrastructureDelivering software - process and infrastructure
Delivering software - process and infrastructure
 
Protelis: Practical Aggregate Programming - Symposium on Applied Computing (S...
Protelis: Practical Aggregate Programming - Symposium on Applied Computing (S...Protelis: Practical Aggregate Programming - Symposium on Applied Computing (S...
Protelis: Practical Aggregate Programming - Symposium on Applied Computing (S...
 
Make Me an Eclipse View (with less Plumbing): The PTP External Tools Framewor...
Make Me an Eclipse View (with less Plumbing): The PTP External Tools Framewor...Make Me an Eclipse View (with less Plumbing): The PTP External Tools Framewor...
Make Me an Eclipse View (with less Plumbing): The PTP External Tools Framewor...
 
Ramadan algorithm
Ramadan algorithmRamadan algorithm
Ramadan algorithm
 
600.412.Lecture05
600.412.Lecture05600.412.Lecture05
600.412.Lecture05
 
Open Developer Platform: What Is It and Why Should I Care? Maurizio Pillitu
Open Developer Platform: What Is It and Why Should I Care? Maurizio PillituOpen Developer Platform: What Is It and Why Should I Care? Maurizio Pillitu
Open Developer Platform: What Is It and Why Should I Care? Maurizio Pillitu
 
Mtech First progress PRESENTATION ON VIDEO SUMMARIZATION
Mtech First progress PRESENTATION ON VIDEO SUMMARIZATIONMtech First progress PRESENTATION ON VIDEO SUMMARIZATION
Mtech First progress PRESENTATION ON VIDEO SUMMARIZATION
 
MichaelFoxResume20150616
MichaelFoxResume20150616MichaelFoxResume20150616
MichaelFoxResume20150616
 
[CB21] Were "2020" Subdomains Abused Actually? - Mining the Real Threat Hidde...
[CB21] Were "2020" Subdomains Abused Actually? - Mining the Real Threat Hidde...[CB21] Were "2020" Subdomains Abused Actually? - Mining the Real Threat Hidde...
[CB21] Were "2020" Subdomains Abused Actually? - Mining the Real Threat Hidde...
 

Mehr von Amir Neziri

Secure Mobile Cloud Service for personal data with web frontend based on HTML5
Secure Mobile Cloud Service for personal data with web frontend based on HTML5Secure Mobile Cloud Service for personal data with web frontend based on HTML5
Secure Mobile Cloud Service for personal data with web frontend based on HTML5Amir Neziri
 
Quellcode Analyse
Quellcode AnalyseQuellcode Analyse
Quellcode AnalyseAmir Neziri
 
Privacy and identity management for everyone
Privacy and identity management for everyonePrivacy and identity management for everyone
Privacy and identity management for everyoneAmir Neziri
 
Sichere Handy-Ortung zur Unterstützung des Katastrophenmanagements auf Basis ...
Sichere Handy-Ortung zur Unterstützung des Katastrophenmanagements auf Basis ...Sichere Handy-Ortung zur Unterstützung des Katastrophenmanagements auf Basis ...
Sichere Handy-Ortung zur Unterstützung des Katastrophenmanagements auf Basis ...Amir Neziri
 
Electronic credentials
Electronic credentialsElectronic credentials
Electronic credentialsAmir Neziri
 
Introduction to cryptography
Introduction to cryptographyIntroduction to cryptography
Introduction to cryptographyAmir Neziri
 

Mehr von Amir Neziri (6)

Secure Mobile Cloud Service for personal data with web frontend based on HTML5
Secure Mobile Cloud Service for personal data with web frontend based on HTML5Secure Mobile Cloud Service for personal data with web frontend based on HTML5
Secure Mobile Cloud Service for personal data with web frontend based on HTML5
 
Quellcode Analyse
Quellcode AnalyseQuellcode Analyse
Quellcode Analyse
 
Privacy and identity management for everyone
Privacy and identity management for everyonePrivacy and identity management for everyone
Privacy and identity management for everyone
 
Sichere Handy-Ortung zur Unterstützung des Katastrophenmanagements auf Basis ...
Sichere Handy-Ortung zur Unterstützung des Katastrophenmanagements auf Basis ...Sichere Handy-Ortung zur Unterstützung des Katastrophenmanagements auf Basis ...
Sichere Handy-Ortung zur Unterstützung des Katastrophenmanagements auf Basis ...
 
Electronic credentials
Electronic credentialsElectronic credentials
Electronic credentials
 
Introduction to cryptography
Introduction to cryptographyIntroduction to cryptography
Introduction to cryptography
 

Kürzlich hochgeladen

Dubai Call Girls Skinny Mandy O525547819 Call Girls Dubai
Dubai Call Girls Skinny Mandy O525547819 Call Girls DubaiDubai Call Girls Skinny Mandy O525547819 Call Girls Dubai
Dubai Call Girls Skinny Mandy O525547819 Call Girls Dubaikojalkojal131
 
原版1:1复刻莫纳什大学毕业证Monash毕业证留信学历认证
原版1:1复刻莫纳什大学毕业证Monash毕业证留信学历认证原版1:1复刻莫纳什大学毕业证Monash毕业证留信学历认证
原版1:1复刻莫纳什大学毕业证Monash毕业证留信学历认证jdkhjh
 
Topmost Kala ilam expert in UK Or Black magic specialist in UK Or Black magic...
Topmost Kala ilam expert in UK Or Black magic specialist in UK Or Black magic...Topmost Kala ilam expert in UK Or Black magic specialist in UK Or Black magic...
Topmost Kala ilam expert in UK Or Black magic specialist in UK Or Black magic...baharayali
 
Amil baba in uk amil baba in Australia amil baba in canada
Amil baba in uk amil baba in Australia amil baba in canadaAmil baba in uk amil baba in Australia amil baba in canada
Amil baba in uk amil baba in Australia amil baba in canadaamil baba kala jadu
 
Asli amil baba near you 100%kala ilm ka mahir
Asli amil baba near you 100%kala ilm ka mahirAsli amil baba near you 100%kala ilm ka mahir
Asli amil baba near you 100%kala ilm ka mahirAmil Baba Mangal Maseeh
 
Seerah un nabi Muhammad Quiz Part-1.pdf
Seerah un nabi Muhammad Quiz Part-1.pdfSeerah un nabi Muhammad Quiz Part-1.pdf
Seerah un nabi Muhammad Quiz Part-1.pdfAnsariB1
 
Amil baba kala jadu expert asli ilm ka malik
Amil baba kala jadu expert asli ilm ka malikAmil baba kala jadu expert asli ilm ka malik
Amil baba kala jadu expert asli ilm ka malikamil baba kala jadu
 
Study of the Psalms Chapter 1 verse 1 by wanderean
Study of the Psalms Chapter 1 verse 1 by wandereanStudy of the Psalms Chapter 1 verse 1 by wanderean
Study of the Psalms Chapter 1 verse 1 by wandereanmaricelcanoynuay
 
The King 'Great Goodness' Part 1 Mahasilava Jataka (Eng. & Chi.).pptx
The King 'Great Goodness' Part 1 Mahasilava Jataka (Eng. & Chi.).pptxThe King 'Great Goodness' Part 1 Mahasilava Jataka (Eng. & Chi.).pptx
The King 'Great Goodness' Part 1 Mahasilava Jataka (Eng. & Chi.).pptxOH TEIK BIN
 
Monthly Khazina-e-Ruhaniyaat April’2024 (Vol.14, Issue 12)
Monthly Khazina-e-Ruhaniyaat April’2024 (Vol.14, Issue 12)Monthly Khazina-e-Ruhaniyaat April’2024 (Vol.14, Issue 12)
Monthly Khazina-e-Ruhaniyaat April’2024 (Vol.14, Issue 12)Darul Amal Chishtia
 
Unity is Strength 2024 Peace Haggadah_For Digital Viewing.pdf
Unity is Strength 2024 Peace Haggadah_For Digital Viewing.pdfUnity is Strength 2024 Peace Haggadah_For Digital Viewing.pdf
Unity is Strength 2024 Peace Haggadah_For Digital Viewing.pdfRebeccaSealfon
 
A Costly Interruption: The Sermon On the Mount, pt. 2 - Blessed
A Costly Interruption: The Sermon On the Mount, pt. 2 - BlessedA Costly Interruption: The Sermon On the Mount, pt. 2 - Blessed
A Costly Interruption: The Sermon On the Mount, pt. 2 - BlessedVintage Church
 
The-Clear-Quran,-A-Thematic-English-Translation-by-Dr-Mustafa-Khattab.pdf
The-Clear-Quran,-A-Thematic-English-Translation-by-Dr-Mustafa-Khattab.pdfThe-Clear-Quran,-A-Thematic-English-Translation-by-Dr-Mustafa-Khattab.pdf
The-Clear-Quran,-A-Thematic-English-Translation-by-Dr-Mustafa-Khattab.pdfSana Khan
 
Asli amil baba in Karachi Pakistan and best astrologer Black magic specialist
Asli amil baba in Karachi Pakistan and best astrologer Black magic specialistAsli amil baba in Karachi Pakistan and best astrologer Black magic specialist
Asli amil baba in Karachi Pakistan and best astrologer Black magic specialistAmil Baba Mangal Maseeh
 
No.1 Amil baba in Pakistan amil baba in Lahore amil baba in Karachi
No.1 Amil baba in Pakistan amil baba in Lahore amil baba in KarachiNo.1 Amil baba in Pakistan amil baba in Lahore amil baba in Karachi
No.1 Amil baba in Pakistan amil baba in Lahore amil baba in KarachiAmil Baba Mangal Maseeh
 
Culture Clash_Bioethical Concerns_Slideshare Version.pptx
Culture Clash_Bioethical Concerns_Slideshare Version.pptxCulture Clash_Bioethical Concerns_Slideshare Version.pptx
Culture Clash_Bioethical Concerns_Slideshare Version.pptxStephen Palm
 
No.1 Amil baba in Pakistan amil baba in Lahore amil baba in Karachi
No.1 Amil baba in Pakistan amil baba in Lahore amil baba in KarachiNo.1 Amil baba in Pakistan amil baba in Lahore amil baba in Karachi
No.1 Amil baba in Pakistan amil baba in Lahore amil baba in KarachiAmil Baba Naveed Bangali
 
No 1 astrologer amil baba in Canada Usa astrologer in Canada
No 1 astrologer amil baba in Canada Usa astrologer in CanadaNo 1 astrologer amil baba in Canada Usa astrologer in Canada
No 1 astrologer amil baba in Canada Usa astrologer in CanadaAmil Baba Mangal Maseeh
 

Kürzlich hochgeladen (20)

Dubai Call Girls Skinny Mandy O525547819 Call Girls Dubai
Dubai Call Girls Skinny Mandy O525547819 Call Girls DubaiDubai Call Girls Skinny Mandy O525547819 Call Girls Dubai
Dubai Call Girls Skinny Mandy O525547819 Call Girls Dubai
 
原版1:1复刻莫纳什大学毕业证Monash毕业证留信学历认证
原版1:1复刻莫纳什大学毕业证Monash毕业证留信学历认证原版1:1复刻莫纳什大学毕业证Monash毕业证留信学历认证
原版1:1复刻莫纳什大学毕业证Monash毕业证留信学历认证
 
Topmost Kala ilam expert in UK Or Black magic specialist in UK Or Black magic...
Topmost Kala ilam expert in UK Or Black magic specialist in UK Or Black magic...Topmost Kala ilam expert in UK Or Black magic specialist in UK Or Black magic...
Topmost Kala ilam expert in UK Or Black magic specialist in UK Or Black magic...
 
Amil baba in uk amil baba in Australia amil baba in canada
Amil baba in uk amil baba in Australia amil baba in canadaAmil baba in uk amil baba in Australia amil baba in canada
Amil baba in uk amil baba in Australia amil baba in canada
 
Asli amil baba near you 100%kala ilm ka mahir
Asli amil baba near you 100%kala ilm ka mahirAsli amil baba near you 100%kala ilm ka mahir
Asli amil baba near you 100%kala ilm ka mahir
 
Seerah un nabi Muhammad Quiz Part-1.pdf
Seerah un nabi Muhammad Quiz Part-1.pdfSeerah un nabi Muhammad Quiz Part-1.pdf
Seerah un nabi Muhammad Quiz Part-1.pdf
 
Amil baba kala jadu expert asli ilm ka malik
Amil baba kala jadu expert asli ilm ka malikAmil baba kala jadu expert asli ilm ka malik
Amil baba kala jadu expert asli ilm ka malik
 
Study of the Psalms Chapter 1 verse 1 by wanderean
Study of the Psalms Chapter 1 verse 1 by wandereanStudy of the Psalms Chapter 1 verse 1 by wanderean
Study of the Psalms Chapter 1 verse 1 by wanderean
 
The King 'Great Goodness' Part 1 Mahasilava Jataka (Eng. & Chi.).pptx
The King 'Great Goodness' Part 1 Mahasilava Jataka (Eng. & Chi.).pptxThe King 'Great Goodness' Part 1 Mahasilava Jataka (Eng. & Chi.).pptx
The King 'Great Goodness' Part 1 Mahasilava Jataka (Eng. & Chi.).pptx
 
Monthly Khazina-e-Ruhaniyaat April’2024 (Vol.14, Issue 12)
Monthly Khazina-e-Ruhaniyaat April’2024 (Vol.14, Issue 12)Monthly Khazina-e-Ruhaniyaat April’2024 (Vol.14, Issue 12)
Monthly Khazina-e-Ruhaniyaat April’2024 (Vol.14, Issue 12)
 
Top 8 Krishna Bhajan Lyrics in English.pdf
Top 8 Krishna Bhajan Lyrics in English.pdfTop 8 Krishna Bhajan Lyrics in English.pdf
Top 8 Krishna Bhajan Lyrics in English.pdf
 
Unity is Strength 2024 Peace Haggadah_For Digital Viewing.pdf
Unity is Strength 2024 Peace Haggadah_For Digital Viewing.pdfUnity is Strength 2024 Peace Haggadah_For Digital Viewing.pdf
Unity is Strength 2024 Peace Haggadah_For Digital Viewing.pdf
 
A Costly Interruption: The Sermon On the Mount, pt. 2 - Blessed
A Costly Interruption: The Sermon On the Mount, pt. 2 - BlessedA Costly Interruption: The Sermon On the Mount, pt. 2 - Blessed
A Costly Interruption: The Sermon On the Mount, pt. 2 - Blessed
 
The-Clear-Quran,-A-Thematic-English-Translation-by-Dr-Mustafa-Khattab.pdf
The-Clear-Quran,-A-Thematic-English-Translation-by-Dr-Mustafa-Khattab.pdfThe-Clear-Quran,-A-Thematic-English-Translation-by-Dr-Mustafa-Khattab.pdf
The-Clear-Quran,-A-Thematic-English-Translation-by-Dr-Mustafa-Khattab.pdf
 
Asli amil baba in Karachi Pakistan and best astrologer Black magic specialist
Asli amil baba in Karachi Pakistan and best astrologer Black magic specialistAsli amil baba in Karachi Pakistan and best astrologer Black magic specialist
Asli amil baba in Karachi Pakistan and best astrologer Black magic specialist
 
No.1 Amil baba in Pakistan amil baba in Lahore amil baba in Karachi
No.1 Amil baba in Pakistan amil baba in Lahore amil baba in KarachiNo.1 Amil baba in Pakistan amil baba in Lahore amil baba in Karachi
No.1 Amil baba in Pakistan amil baba in Lahore amil baba in Karachi
 
St. Louise de Marillac: Animator of the Confraternities of Charity
St. Louise de Marillac: Animator of the Confraternities of CharitySt. Louise de Marillac: Animator of the Confraternities of Charity
St. Louise de Marillac: Animator of the Confraternities of Charity
 
Culture Clash_Bioethical Concerns_Slideshare Version.pptx
Culture Clash_Bioethical Concerns_Slideshare Version.pptxCulture Clash_Bioethical Concerns_Slideshare Version.pptx
Culture Clash_Bioethical Concerns_Slideshare Version.pptx
 
No.1 Amil baba in Pakistan amil baba in Lahore amil baba in Karachi
No.1 Amil baba in Pakistan amil baba in Lahore amil baba in KarachiNo.1 Amil baba in Pakistan amil baba in Lahore amil baba in Karachi
No.1 Amil baba in Pakistan amil baba in Lahore amil baba in Karachi
 
No 1 astrologer amil baba in Canada Usa astrologer in Canada
No 1 astrologer amil baba in Canada Usa astrologer in CanadaNo 1 astrologer amil baba in Canada Usa astrologer in Canada
No 1 astrologer amil baba in Canada Usa astrologer in Canada
 

Software Attacks Overview

  • 1. English for Computer Science II Software(Runtime) Attacks Amir Neziri & Jurlind Budurushi Source: [6]
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11. The Stack Frame 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
  • 12.
  • 13.
  • 14.
  • 15. (1) Program starts 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
  • 16. (2) The echo() function is called 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
  • 17. (3) Call instruction pushes return address onto the stack 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
  • 18. (4) Allocation of saved base pointer and buffer 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
  • 19. (5) echo() calls gets(buffer) function 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
  • 20. (6) Adversary transmits malicious code 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
  • 21. (7) Malicious code contains shellcode, pattern bytes, . . . 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
  • 22. (8) . . . , and a new return address 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
  • 23. (9) Before echo() returns to main, SP is updated 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
  • 24. (10) echo() issues return resulting in execution of shellcode 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
  • 25.
  • 26. ROP – The Big Picture 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
  • 27. ROP – The Big Picture 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi
  • 28. ROP – The Big Picture 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
  • 29.
  • 30.
  • 31.
  • 32. ROP – Waiting for input from user 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
  • 33. ROP – Attacker overflows the buffer 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
  • 34. ROP – Input contains ret-addresses and one argument 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
  • 35. ROP – 1st sequence is executed 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
  • 36. ROP – „ret“ instruction transfers control 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
  • 37. ROP – Transfers control from 2nd to 3rd instruction 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
  • 38. ROP – POP argument from stack 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
  • 39. ROP – „ret“ has been reached 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
  • 40. ROP – Transfers control from 3rd to 4th instruction 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
  • 41. ROP – Transfers control from 1st gadget to the 2nd 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
  • 42. ROP – Transfers control from 1st sequence to the 2nd 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi Source: [6]
  • 43.
  • 44.
  • 45. Questions??? 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi
  • 46. 5/12/2011 | Department 20 | B. IT Nieh | Software(Runtime) Attacks | A. Neziri & J. Budurushi
  • 47.

Hinweis der Redaktion

  1. 2/3/2011 | | Hello to everyone and welcome to our presentation. The topic of our presentation is “Software Attacks”
  2. https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project 2/3/2011 | |
  3. Stealing Votes with ROP: http://www.youtube.com/watch?v=lsfG3KPrD1I 2/3/2011 | |
  4. How many people do have a pay TV ???? 2/3/2011 | |
  5. Push elements onto the stack (SP is decremented) Pop elements o the stack (SP is incremented) 2/3/2011 | |
  6. Cann you see the problem ??? 2/3/2011 | |
  7. 2/3/2011 | |
  8. 2/3/2011 | |
  9. 2/3/2011 | |