P1L2 Software Security Flashcards

1
Q

What are stack buffer overflows?

A

Inserting extra instructions into a command to force an overlfow that inserts calls to malware.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The stack buffer is used for

A
Local variables
Parameters passed to the function
Control information (ie return address)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

what is shellcode?

A

The code the attacker whats to launch

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What does shellcode do?

A
  1. Creates a shell from machine code.

2. Must have a return address that is a legitimate return address.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What privileges does shellcode allow?

A

The host program exploited by the shellcode.

The system service or OS root privileges

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Variations of buffer overflow

A

Return-to-libc: return address is overwritten to point to a funciton in a library.
Heap Overflows: Long lived data get stored on the heap (alloc/malloc/globals)
OpenSSL Heartbleed: Attacker reads sensitive data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Defense against buffer overflow

A

Programming languages that are:

  • -strongly typed
  • -automatic bounds checks
  • -automatic memory management
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Example of safe language

A

Java

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Example of unsafe language

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the defense if unsafe languages must be used?

A

Check all input
Use safer functions that do bounds checking
Use automatic tools to analyze code for unsafe functions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Thwarting Buffer Overflow Attacks

A

Stack canaries: Values written into the stack frame just before the return address
Address Space Layout Randomization(ASLR): Randomized the stack, heap, etc.
Non-executable Stack: Used with ASLR. Requires hardware support

How well did you know this?
1
Not at all
2
3
4
5
Perfectly