Presentation is loading. Please wait.

Presentation is loading. Please wait.

Markus Gaasedelen - 5/7/2014Windows Exploitation1.

Similar presentations


Presentation on theme: "Markus Gaasedelen - 5/7/2014Windows Exploitation1."— Presentation transcript:

1 Markus Gaasedelen - 5/7/2014Windows Exploitation1

2 ‘… This course will explore the tools, a number of mitigations, and their associated bypass techniques that are utilized in most modern exploits on the Windows platform. The outcome of this course will leave one with the ability to analyze real world vulnerabilities and develop reliable exploits from end to end for Windows XP – Windows 7 systems.’ -Course Abstract Markus Gaasedelen - 5/7/2014Windows Exploitation2

3 – My security related blog – Includes extended homework write-ups – Includes my course syllabus & plan of study – graded deliverables for the course Markus Gaasedelen - 5/7/2014Windows Exploitation3

4 Markus Gaasedelen - 5/7/2014Windows Exploitation4

5 ‘Unique Bugs & Crashes’ – Find a piece of shareware, or some other application that you feel should have some bugs that aren’t too crazy to discover and see what you can find. Markus Gaasedelen - 5/7/2014Windows Exploitation5

6 Markus Gaasedelen - 5/7/2014Windows Exploitation6

7 Media files,.mp3 &.wav files Playlist files Media Player skins … others? Markus Gaasedelen - 5/7/2014Windows Exploitation7

8 Markus Gaasedelen - 5/7/2014Windows Exploitation8

9 1.Given a sample file, change random data in it 2.Use corrupted files as input to target 3.???? 4.Repeat Markus Gaasedelen - 5/7/2014Windows Exploitation9

10 Markus Gaasedelen - 5/7/2014Windows Exploitation10 Sample.mp3 Fortissimo.exe Sample.mp3

11 Markus Gaasedelen - 5/7/2014Windows Exploitation11 Sample.mp3 Fortissimo.exe Sample.mp3 MiniFuzz.exe Sample.mp3 Excuse me, your file is corrupt.

12 Markus Gaasedelen - 5/7/2014Windows Exploitation12 Sample.mp3 Fortissimo.exe Sample.mp3 MiniFuzz.exe Sample.mp3 SEGFAULT

13 Markus Gaasedelen - 5/7/2014Windows Exploitation13

14 Markus Gaasedelen - 5/7/2014Windows Exploitation14

15 Markus Gaasedelen - 5/7/2014Windows Exploitation15

16 None in Fortissimo … but id3lib.dll? – Wat Id3lib.dll is the one.dll that Fortissimo includes Markus Gaasedelen - 5/7/2014Windows Exploitation16

17 Markus Gaasedelen - 5/7/2014Windows Exploitation17

18 Markus Gaasedelen - 5/7/2014Windows Exploitation18

19 Markus Gaasedelen - 5/7/2014Windows Exploitation19

20 Markus Gaasedelen - 5/7/2014Windows Exploitation20 We crash in this call (ID3_Tag object initialization)

21 There must be issues in id3lib.dll’s ability to parse malformed.MP3 headers – Open source! – Start from the ID3_Tag() initialization routine and work your way down, looking for its parsing calls – … or try static analysis tools! – Markus Gaasedelen - 5/7/2014Windows Exploitation21

22 Dumb fuzzing works, can be slow – Use targeted fuzzing next time (eg. PeachFuzz) Fortissimo - – Its basic media handling at least stands up to short term dumb fuzzing – I’m sure there’s bugs in the skin & playlist handling The id3lib.dll library definitely has issues Markus Gaasedelen - 5/7/2014Windows Exploitation22


Download ppt "Markus Gaasedelen - 5/7/2014Windows Exploitation1."

Similar presentations


Ads by Google