Software Security

Question 1

Untargeted attacks on a system

Answer 1

• Botnets, crypto trojans, Bitcoin mining, …
• All targets are equal or prioritized on a technical level
• Reap the weakest (or most unlucky ones)
• Attack strategy: Phishing campaigns, IP scanning, automated attacks
• Defending strategy: Don’t be trivial to attack

Question 2

Targeted attacks on high-value systems

Answer 2

• Unavoidable
• Deter the attacker: cost, complexity, visibility/attribution
• Attack strategy: detailed analysis, 0-day exploits
• Defending strategy: per-system, per-attacker analysis
• Attacks are costly

Question 3

Trust Models

Answer 3

• Intra-System Controls: Network Segregation, Authentication, Encryption, …
• Development Principles: Don’t trust any service/machine, input data filtering, output sanitization
• Goal: Restrict lateral movement
  -> e.g. Zero Trust vs. Perimeter Principle (Gesamtes System ist vom Internet getrennt)

Question 4

Planning the attack - reconnaissance

Answer 4

• Target platform
• Libraries/Platforms(+ Versions!)
• Conceptual Mistakes
• Programming Antipatterns

Question 5

Attacking the database

Answer 5

• Some databases support plugins and load them dynamically
  -> Find a way to upload a file
  -> Place the file on the search path
  -> Register the plugin
  -> Call the plugin code

Question 6

Interpretation

Answer 6

• Read the code, perform/simulate the equivalent low-level actions
• Attack vectors:
  -> Use language features (code injection)
  -> Exploit vulnerability in interpreter

Question 7

Compilation

Answer 7

• Translate code from one language to another
  -> Assembler translates mnemonics to binary
• Execution directly on host CPU
• Exploiting the binary means exploiting the assembler code

Question 8

JIT Compilation

Answer 8

• Also called hotspot compilation
  -> Interpret most code
  -> Compile hotspots to native code once, then execute many times
  -> Much faster for frequently-run code
• Attack: Bridge from managed to unmanaged code
  -> Escape from JavaScript sandbox
  -> JIT-compiled code runs natively on CPU
  -> Manipulate the compiler output

Question 9

Mitigation Strategies for attacks on memory

Answer 9

• Memory pages either executable or writeable
  -> Make stack non-executable
  -> Protect some heap portions
• Hardware and OS support, set flags correctly
• Most common: NX-flag (no execute)

Question 10

libc Exploit

Answer 10

• Man manipuliert die Return Address so (z.B. durch Buffer Overflow), dass eine beliebige (schädliche) Funktion ausgeführt wird
• Über die lib libc kann man z.B. die Funktion “system()” benutzen
• Eine Gegenmaßnahme ist allocaten von random return addresses oder das Schreiben eines secrets, was rekonstruiert werden müsste

Question 11

Code Reuse Attacken Mitigation

Answer 11

• Control Flow Integrity
  -> define accepted control flows
  -> check for deviations at runtime

Question 12

Definitionen Vulnerability, Threat, Attack

Answer 12

• Vulnerability: Ein Fehler in der Gestaltung, Umsetzung oder Konfiguration eines Systems, der eine Attacke erst ermöglicht
• Threat: Eine Person oder eine andere Ursache, die die Schutzziele beeinträchtigen könnte
• Attack: Eine bestimmte Methode, die eine Schwachstelle ausnutzt