Control Hijacking - Attacks

Question 1

What are the different types of control hijacking attacks?

Answer 1

• Buffer overflow
• Integer overflow
• Stack overflow
• Index overflow
• C++ VTables overflow

Question 2

Define

Control Hijacking Attacks

Answer 2

An attacker hijacks the control flow by corrupting memory

Question 3

Describe

Buffer Overflow

Answer 3

Writing more data in the buffer and over its adjacement memory

Question 4

Describe

Integer Overflow

Answer 4

Unexpected results from comparing, casting, and positive/negative integers

Question 5

How could integer overflow be prevented?

Answer 5

Using assertions

Question 6

Describe

Stack Overflow

Answer 6

Overwriting the stack information

Question 7

What does the stack overflow cause?

Answer 7

Segmentation faults

Question 8

What can an attacker do after a stack overflow?

Answer 8

Jump to user-defined code, overwrite sensitive data

Question 9

Describe

Index Overflow

Answer 9

Access an array index beyond boundary check

Question 10

What does an integer flow allow?

Answer 10

Direct write to memory locations

Question 11

Describe

C++ VTables Overflow

Answer 11

Overwriting a variable or pointer pointing to the vtable with a fake vtable in order to execute malicious code

Question 12

A program’s state is described by what

Answer 12

Processor registers and memory

Question 13

Define

Processor Registers

Answer 13

Loads data for operations copied back/from main memory; stores local data for arithmetic computations

Question 14

Define

Stack

Answer 14

Collection of push/pop operations and stack frames

Question 15

Which way does the stack grow and towards what?

Answer 15

Down towards lower memory

Question 16

Describe

ESP

Answer 16

Points to the top of the stack and the most recent item

Question 17

What does push() do on the stack?

Answer 17

• Decrements the ESP’s position in memory
• Updates the stored ESP value with the newest stack item

Question 18

What does pop() do on the stack?

Answer 18

• Increments the ESP’s position in memory
• Returns the value stored in the ESP (top of the stack)
• Removing top element from the stack

Question 19

Define

EBP

Answer 19

Stores the address of the current stack frame

Question 20

Define

Stack Frame

Answer 20

The function being invoked or return

Question 21

What happens to a function after it executes in relation to the stack?

Answer 21

The frame is removed from the stack to signify completion of the function

Question 22

How are local variables stored on the stack?

Answer 22

Little Endian

Question 23

Given the following, how would they be stored on the stack from highest in memory to lowest?

local_var(a, b, c)

Answer 23

c
b
a

Question 24

Define

Memory Safety

Answer 24

No access to “undefined”

Question 25

What constitutes as access?

Answer 25

Read, write, or execute privileges

Question 26

How do you build confidence with memory safety?

Answer 26

• Module-by-module analysis
• Preconditions
• Postconditions

Question 27

Define

Precondition

Answer 27

Holds true for a statement or function to execute

Question 28

Define

Postcondition

Answer 28

Holds true after function returns or statement executes

Question 29

What does the postcondition imply?

Answer 29

The precondition was true

Question 30

What is the layout of a stackframe from top of memory to bottom of memory?

Answer 30

Caller’s Frame
Function Arguments/Params
Return Addr
Pointer to previous frame
Local variables