Presentation is loading. Please wait.

Presentation is loading. Please wait.

The past, the present and the future of software exploitation techniques Nikita Tarakanov, Moscow, Russia ZeroNights 2014 13st of November 2014.

Similar presentations


Presentation on theme: "The past, the present and the future of software exploitation techniques Nikita Tarakanov, Moscow, Russia ZeroNights 2014 13st of November 2014."— Presentation transcript:

1 The past, the present and the future of software exploitation techniques Nikita Tarakanov, Moscow, Russia ZeroNights st of November 2014

2 Agenda Introduction The past The present The (nearest) future Q&A

3 Introduction This talk is very high-level overview of past and present software exploitation techniques (and their first appearances) Mostly about memory corruptions and “binary” vulnerabilities The (nearest) future section is just thoughts of speaker

4 The past

5 Kick-off!!! 2 October 1988 Morris Worm Fingerd Sendmail Password bruting via rsh

6 fingerd stack-based buffer overflow Picture source:

7 November 08, 1996 (Phrack 49) Smashing The Stack For Fun And Profit

8 Bypassing the non-exec Stack (ret-2-libc) - 8/10/1997 Solar Designer

9 Bypassing the non-exec Stack (ret-2-libc)

10

11 1/31/ w00w00 on Heap Overflows

12 9/20/ Format String bug in proftpd

13 7/25/ JPEG Com Marker vulnerability in Netscape

14 9/9/ Format String Attacks

15 6/18/ IIS.ida ISAPI filter Vulnerability Remove this slide?

16 7/13/ Code Red Worm in the Wild Remove this slide?

17 11/8/2001 VUDO malloc tricks

18 11/8/2001 Once upon a free

19 2/7/ Third Generation Exploits https://www.blackhat.com/presentations/bh-europe-01/halvar- flake/bh-europe-01-halvarflake-1.ppt

20 7/28/ Advances in Format String Exploitation

21 7/10/ "Variations in Exploit methods between Linux and Windows" litchfield-paper.pdf litchfield-paper.pdf

22 8/2/ “Win32 device drivers communication vulnerabilities” Arbitrary memory overwrite via ioctl METHOD_NEITHER

23 9/8/ "Defeating the Stack Based Buffer Overflow Prevention Mechanism of MS Windows 2003 Server" https://www.blackhat.com/presentations/bh-asia-03/bh-asia-03- litchfield.pdf

24 9/30/ /SAFESEH introduced into Visual Studio Remove this slide?

25 4/21/2004 “Reliable Windows Heap Exploits” https://cansecwest.com/core04/cansecwest04.iso

26 7/28/2004 “Windows Heap Overflows” litchfield/bh-win-04-litchfield.ppt

27 10/25/ “On the effectiveness of ASLR”

28 "Heap Spraying" against Internet Explorer is demonstrated - 11/2/2004

29 1/21/ "Defeating Microsoft Windows XP SP2 Heap protection and DEP bypass" protection.pdf

30 2/17/ “Remote Windows Kernel Exploitation” Jack_White_Paper.pdf

31 7/20/ "Windows Kernel Pool Overflow Exploitation" BeIt.pdf

32 8/31/ “Critical Section Heap Exploit Technique” windows-heap-protections

33 10/5/ Technique published to bypass hardware DEP Uninformed Journal 2, Matt Miller (skape) and Ken Johnson (skywing) NtProtectVirtualMemory NtSetInformationProcess

34 11/30/ Microsoft ships Visual Studio 2005 with GS v2 Remove this slide?

35 12/7/ Technique published to exploit Freelist[0] on XP-SP2 oiting%20Freelist[0]%20On%20XP%20Service%20Pack%202.pdf

36 10/31/ "Memory Retrieval Vulnerabilities" Oct2006.pdf

37 1/19/ "Double Free Vulnerabilities" vulnerabilities-part-1

38 3/1/ "GS and ASLR in Windows Vista"

39 3/27/ "Heap Feng Shui in JavaScript" https://www.blackhat.com/presentations/bh-europe- 07/Sotirov/Presentation/bh-eu-07-sotirov-apr19.pdf

40 7/6/ "Understanding and Bypassing Windows Heap Protection" https://www.immunityinc.com/downloads/Heap_Singapore_Jun_200 7.pdf

41 4/14/ "Application-Specific Attacks - Leveraging the ActionScript Virtual Machine" si/compsec_assign/Dowd2008.pdf

42 7/1/2008 "Real World Kernel Pool Exploitation"

43 7/29/2008.Net controls used to exploit IE https://www.blackhat.com/presentations/bh-usa- 08/Sotirov_Dowd/bh08-sotirov-dowd.pdf

44 8/8/2008 "Attacking the Vista Heap" https://www.blackhat.com/presentations/bh-usa- 08/Hawkes/BH_US_08_Hawkes_Attacking_Vista_Heap.ppt

45 2/3/ Pointer Inference and JIT Spray Paper.pdf

46 The present

47 Drive-By-Download attacks Heap manipulation Turning Memory Corruption to Information leakage (ASLR bypass) ROP

48 Privilege Escalation attacks Arbitrary memory overwrites Simple jump to shellcode located in r3 address space ROP (seen not a lot)

49 The future More chained exploits More “Inter-Ring” exploits Firmware/Hardware bugs

50 Thank you for listening! Any questions?


Download ppt "The past, the present and the future of software exploitation techniques Nikita Tarakanov, Moscow, Russia ZeroNights 2014 13st of November 2014."

Similar presentations


Ads by Google