P1L2 Software Security

Question 1

What are stack buffer overflows?

Answer 1

Inserting extra instructions into a command to force an overlfow that inserts calls to malware.

Question 2

The stack buffer is used for

Answer 2

Local variables
Parameters passed to the function
Control information (ie return address)

Question 3

what is shellcode?

Answer 3

The code the attacker whats to launch

Question 4

What does shellcode do?

Answer 4

1. Creates a shell from machine code.

2. Must have a return address that is a legitimate return address.

Question 5

What privileges does shellcode allow?

Answer 5

The host program exploited by the shellcode.

The system service or OS root privileges

Question 6

Variations of buffer overflow

Answer 6

Return-to-libc: return address is overwritten to point to a funciton in a library.
Heap Overflows: Long lived data get stored on the heap (alloc/malloc/globals)
OpenSSL Heartbleed: Attacker reads sensitive data

Question 7

Defense against buffer overflow

Answer 7

Programming languages that are:

• -strongly typed
• -automatic bounds checks
• -automatic memory management

Question 8

Example of safe language

Answer 8

Java

Question 9

Example of unsafe language

Answer 9

C

Question 10

What is the defense if unsafe languages must be used?

Answer 10

Check all input
Use safer functions that do bounds checking
Use automatic tools to analyze code for unsafe functions.

Question 11

Thwarting Buffer Overflow Attacks

Answer 11

Stack canaries: Values written into the stack frame just before the return address
Address Space Layout Randomization(ASLR): Randomized the stack, heap, etc.
Non-executable Stack: Used with ASLR. Requires hardware support