sbc 2012 - software exploitation (nguyễn chấn việt)
TRANSCRIPT
![Page 1: SBC 2012 - Software Exploitation (Nguyễn Chấn Việt)](https://reader034.vdocuments.site/reader034/viewer/2022042614/556d1209d8b42ad34f8b51cc/html5/thumbnails/1.jpg)
SECURITY BOOTCAMP 2012 | Make yourself to be an expert!
1
54
Nguyễn Chấn Việt | [email protected]
Software Exploitation
![Page 2: SBC 2012 - Software Exploitation (Nguyễn Chấn Việt)](https://reader034.vdocuments.site/reader034/viewer/2022042614/556d1209d8b42ad34f8b51cc/html5/thumbnails/2.jpg)
SECURITY BOOTCAMP 2012 | Make yourself to be an expert!
2
54
Who am ISenior Security Researcher
+4 years in Information Security. Focusing on Malware Analysis and Exploit Development
Twitter : https://twitter.com/vietwow
![Page 3: SBC 2012 - Software Exploitation (Nguyễn Chấn Việt)](https://reader034.vdocuments.site/reader034/viewer/2022042614/556d1209d8b42ad34f8b51cc/html5/thumbnails/3.jpg)
SECURITY BOOTCAMP 2012 | Make yourself to be an expert!
3
54
Why study this ?This is real security. NOT Security+, CEH, CISSP, …
Firewall, IDS/IPS, AV … cannot detect/prevent
HOT jobs :– Application Security/Pentest
– Exploit Development
Bug Hunting : Vupen wins 1 million dollars with Chrome exploit from Google offer
![Page 4: SBC 2012 - Software Exploitation (Nguyễn Chấn Việt)](https://reader034.vdocuments.site/reader034/viewer/2022042614/556d1209d8b42ad34f8b51cc/html5/thumbnails/4.jpg)
SECURITY BOOTCAMP 2012 | Make yourself to be an expert!
4
54
Vulnerablity Finding
Phases 1 :– Fuzzing / Reverse Engineer (Black-box)– Source code audit (White-box)
Phase 2 :– Exploit Development => We are here
Phase 3 :– $ell– To be Anonymous/Luzsec
![Page 5: SBC 2012 - Software Exploitation (Nguyễn Chấn Việt)](https://reader034.vdocuments.site/reader034/viewer/2022042614/556d1209d8b42ad34f8b51cc/html5/thumbnails/5.jpg)
SECURITY BOOTCAMP 2012 | Make yourself to be an expert!
5
54
Requirements
x86 Assembly
C/C++
Understand OS Primer and how function works
Use debugger tools
Scripting Language (prefered Python)
![Page 6: SBC 2012 - Software Exploitation (Nguyễn Chấn Việt)](https://reader034.vdocuments.site/reader034/viewer/2022042614/556d1209d8b42ad34f8b51cc/html5/thumbnails/6.jpg)
SECURITY BOOTCAMP 2012 | Make yourself to be an expert!
6
54
Tools
IDA / IDA Pro
OllyDBG / Immunity Debugger
GDB
WinDBG
Metasploit
![Page 7: SBC 2012 - Software Exploitation (Nguyễn Chấn Việt)](https://reader034.vdocuments.site/reader034/viewer/2022042614/556d1209d8b42ad34f8b51cc/html5/thumbnails/7.jpg)
SECURITY BOOTCAMP 2012 | Make yourself to be an expert!
7
54
Stack Buffer Overflow in Action
Senior Security Researcher
Bộ nhớ Stack ban đầu Sau khi nhập chuỗi “Hello”
Bộ nhớ Stack sau khi bị tràn
![Page 8: SBC 2012 - Software Exploitation (Nguyễn Chấn Việt)](https://reader034.vdocuments.site/reader034/viewer/2022042614/556d1209d8b42ad34f8b51cc/html5/thumbnails/8.jpg)
SECURITY BOOTCAMP 2012 | Make yourself to be an expert!
8
54
Classical methodDirect EIP overwrite : Chỉ cần overwrite EIP thành địa chỉ của shellcode => khi function kết thúc, CPU sẽ nhảy đến địa chỉ shellcode và thực thi
=> Chỉ áp dụng được ở những năm 1990
![Page 9: SBC 2012 - Software Exploitation (Nguyễn Chấn Việt)](https://reader034.vdocuments.site/reader034/viewer/2022042614/556d1209d8b42ad34f8b51cc/html5/thumbnails/9.jpg)
SECURITY BOOTCAMP 2012 | Make yourself to be an expert!
9
54
Some problems
Bad character => encode shellcode
Limited-size buffer => egg-hunter shellcode
Shifting stack pointer : giúp exploit của ta trở nên “reliability” hơn vì đôi khi 1 số stack operation trong chương trình sẽ làm corrupt shellcode
– add esp, xxxx
![Page 10: SBC 2012 - Software Exploitation (Nguyễn Chấn Việt)](https://reader034.vdocuments.site/reader034/viewer/2022042614/556d1209d8b42ad34f8b51cc/html5/thumbnails/10.jpg)
SECURITY BOOTCAMP 2012 | Make yourself to be an expert!
10
54
Exploit Mitigation Techniques
![Page 11: SBC 2012 - Software Exploitation (Nguyễn Chấn Việt)](https://reader034.vdocuments.site/reader034/viewer/2022042614/556d1209d8b42ad34f8b51cc/html5/thumbnails/11.jpg)
SECURITY BOOTCAMP 2012 | Make yourself to be an expert!
11
54
![Page 12: SBC 2012 - Software Exploitation (Nguyễn Chấn Việt)](https://reader034.vdocuments.site/reader034/viewer/2022042614/556d1209d8b42ad34f8b51cc/html5/thumbnails/12.jpg)
SECURITY BOOTCAMP 2012 | Make yourself to be an expert!
12
54
![Page 13: SBC 2012 - Software Exploitation (Nguyễn Chấn Việt)](https://reader034.vdocuments.site/reader034/viewer/2022042614/556d1209d8b42ad34f8b51cc/html5/thumbnails/13.jpg)
SECURITY BOOTCAMP 2012 | Make yourself to be an expert!
13
54
![Page 14: SBC 2012 - Software Exploitation (Nguyễn Chấn Việt)](https://reader034.vdocuments.site/reader034/viewer/2022042614/556d1209d8b42ad34f8b51cc/html5/thumbnails/14.jpg)
SECURITY BOOTCAMP 2012 | Make yourself to be an expert!
14
54
/GSCơ chế bảo vệ của compiler
Chèn 1 giá trị random gọi là cookie vào trước buffer trong stack
Khi chương trình kết thúc sẽ kiểm tra, nếu giá trị này bị thay đổi thì chương trình sẽ bị kill ngay lập tức
![Page 15: SBC 2012 - Software Exploitation (Nguyễn Chấn Việt)](https://reader034.vdocuments.site/reader034/viewer/2022042614/556d1209d8b42ad34f8b51cc/html5/thumbnails/15.jpg)
SECURITY BOOTCAMP 2012 | Make yourself to be an expert!
15
54
Memory Layout
Parameters
Return Address
Frame Pointer
Locals
(1)
(1) Without Cookie
![Page 16: SBC 2012 - Software Exploitation (Nguyễn Chấn Việt)](https://reader034.vdocuments.site/reader034/viewer/2022042614/556d1209d8b42ad34f8b51cc/html5/thumbnails/16.jpg)
SECURITY BOOTCAMP 2012 | Make yourself to be an expert!
16
54
Memory Layout
Parameters
Return Address
Frame Pointer
Locals
Parameters
Return Address
Frame Pointer
Locals
Cookie
(1)
(2)(1) Without Cookie(2) MSVC++ 2003
![Page 17: SBC 2012 - Software Exploitation (Nguyễn Chấn Việt)](https://reader034.vdocuments.site/reader034/viewer/2022042614/556d1209d8b42ad34f8b51cc/html5/thumbnails/17.jpg)
SECURITY BOOTCAMP 2012 | Make yourself to be an expert!
17
54
Bypass /GSCơ chế bảo vệ của compiler
Chèn 1 giá trị random gọi là cookie vào giữa Saved EBP và RET
Khi chương trình kết thúc sẽ kiểm tra, nếu giá trị này bị thay đổi thì chương trình sẽ bị kill ngay lập tức
![Page 18: SBC 2012 - Software Exploitation (Nguyễn Chấn Việt)](https://reader034.vdocuments.site/reader034/viewer/2022042614/556d1209d8b42ad34f8b51cc/html5/thumbnails/18.jpg)
SECURITY BOOTCAMP 2012 | Make yourself to be an expert!
18
54
Bypass /GSSEH - “Structured Exception Handling” là cơ chế xử lý Exception của Windows
int test(void){ __try{ // Exception may occur here} __except( EXCEPTION_EXECUTE_HANDLER ){ // This handles the exception} return 0; }
int test(void){ __try{ // Exception may occur here} __except( EXCEPTION_EXECUTE_HANDLER ){ // This handles the exception} return 0; }
![Page 19: SBC 2012 - Software Exploitation (Nguyễn Chấn Việt)](https://reader034.vdocuments.site/reader034/viewer/2022042614/556d1209d8b42ad34f8b51cc/html5/thumbnails/19.jpg)
SECURITY BOOTCAMP 2012 | Make yourself to be an expert!
19
54
Memory Layout
(3)
![Page 20: SBC 2012 - Software Exploitation (Nguyễn Chấn Việt)](https://reader034.vdocuments.site/reader034/viewer/2022042614/556d1209d8b42ad34f8b51cc/html5/thumbnails/20.jpg)
SECURITY BOOTCAMP 2012 | Make yourself to be an expert!
20
54
Memory Layout
(3)
![Page 21: SBC 2012 - Software Exploitation (Nguyễn Chấn Việt)](https://reader034.vdocuments.site/reader034/viewer/2022042614/556d1209d8b42ad34f8b51cc/html5/thumbnails/21.jpg)
SECURITY BOOTCAMP 2012 | Make yourself to be an expert!
21
54
Bypass /GSVì SEH được trigger trước khi chương trình kết thúc => điều đó đồng nghĩa với việc exploit của ta sẽ được hiện trước chương trình kết thúc (và kiểm tra cookie)
Để khai thác, ta phải tạo ra 1 exception. Sau đó “ép” application jump đến shellcode của ta (thay vì default sẽ là jump để real exception handler function)
![Page 22: SBC 2012 - Software Exploitation (Nguyễn Chấn Việt)](https://reader034.vdocuments.site/reader034/viewer/2022042614/556d1209d8b42ad34f8b51cc/html5/thumbnails/22.jpg)
SECURITY BOOTCAMP 2012 | Make yourself to be an expert!
22
54
Bypass /GS
![Page 23: SBC 2012 - Software Exploitation (Nguyễn Chấn Việt)](https://reader034.vdocuments.site/reader034/viewer/2022042614/556d1209d8b42ad34f8b51cc/html5/thumbnails/23.jpg)
SECURITY BOOTCAMP 2012 | Make yourself to be an expert!
23
54
ASLRCơ chế bảo vệ của OS
Nguyên tắc là OS sẽ randomize các address trên memory như stack, heap, … (trừ text section) => khiến ta không thể search các address cần thiết như địa chỉ shellcode, địa chỉ hàm, ….
![Page 24: SBC 2012 - Software Exploitation (Nguyễn Chấn Việt)](https://reader034.vdocuments.site/reader034/viewer/2022042614/556d1209d8b42ad34f8b51cc/html5/thumbnails/24.jpg)
SECURITY BOOTCAMP 2012 | Make yourself to be an expert!
24
54
Bypass ASLRBruteforce : chỉ khả thi với hệ thống 32-bit
Non ASLR : Return-to-esp, Return-to-eax
Heap Spray
![Page 25: SBC 2012 - Software Exploitation (Nguyễn Chấn Việt)](https://reader034.vdocuments.site/reader034/viewer/2022042614/556d1209d8b42ad34f8b51cc/html5/thumbnails/25.jpg)
SECURITY BOOTCAMP 2012 | Make yourself to be an expert!
25
54
Bypass ASLRReturn-to-esp :
– overwrite địa chỉ RET thành địa chỉ của lệnh “JMP ESP” (FF E4) hoặc “CALL ESP”
– Đặt shellcode ngay sau RET
=> Khi hàm kết thúc, lệnh “JMP ESP” / “CALL ESP” sẽ được thực thi, do đó phần shellcode ngay sau đó sẽ được thực thi
![Page 26: SBC 2012 - Software Exploitation (Nguyễn Chấn Việt)](https://reader034.vdocuments.site/reader034/viewer/2022042614/556d1209d8b42ad34f8b51cc/html5/thumbnails/26.jpg)
SECURITY BOOTCAMP 2012 | Make yourself to be an expert!
26
54
Bypass ASLRReturn-to-eax :
– Phương pháp này được sử dụng trong các trường hợp thanh ghi EAX được dùng để store return value, khi đó thanh ghi EAX sẽ trỏ về buffer, ta chỉ cần chèn shellcode vào buffer, sau đó tìm instruction “jmp eax” và overwrite vào RET
![Page 27: SBC 2012 - Software Exploitation (Nguyễn Chấn Việt)](https://reader034.vdocuments.site/reader034/viewer/2022042614/556d1209d8b42ad34f8b51cc/html5/thumbnails/27.jpg)
SECURITY BOOTCAMP 2012 | Make yourself to be an expert!
27
54
Bypass ASLRHeapspray :
– Thay vì return về Stack, với cơ chế của các browser ngày nay, ta có thể return về Heap
– Ta sẽ “spray” shellcode ở nhiều nơi trên Heap– Với kỹ thuật này, ta không cần quan tâm đến việc
encode shellcode vì tất cả character đã được “allow” bởi Javascript
![Page 28: SBC 2012 - Software Exploitation (Nguyễn Chấn Việt)](https://reader034.vdocuments.site/reader034/viewer/2022042614/556d1209d8b42ad34f8b51cc/html5/thumbnails/28.jpg)
SECURITY BOOTCAMP 2012 | Make yourself to be an expert!
28
54
DEP / NXCơ chế bảo vệ của OS
Nguyên tắc là OS sẽ mark các page memory là Non-Execution => Shellcode đặt trên Stack hay Heap đều không thể Execute
![Page 29: SBC 2012 - Software Exploitation (Nguyễn Chấn Việt)](https://reader034.vdocuments.site/reader034/viewer/2022042614/556d1209d8b42ad34f8b51cc/html5/thumbnails/29.jpg)
SECURITY BOOTCAMP 2012 | Make yourself to be an expert!
29
54
DEP / NXCơ chế bảo vệ của OS
Nguyên tắc là OS sẽ mark các page memory là Non-Execution => Shellcode đặt trên Stack hay Heap đều không thể Execute
![Page 30: SBC 2012 - Software Exploitation (Nguyễn Chấn Việt)](https://reader034.vdocuments.site/reader034/viewer/2022042614/556d1209d8b42ad34f8b51cc/html5/thumbnails/30.jpg)
SECURITY BOOTCAMP 2012 | Make yourself to be an expert!
30
54
Bypass DEP / NXReturn-to-glibc
– Section .text/.code luôn luôn được thực thi => thay vì trỏ về shellcode, ta có thể trỏ về các hàm trong glibc hay các instruction trong chính chương trình
![Page 31: SBC 2012 - Software Exploitation (Nguyễn Chấn Việt)](https://reader034.vdocuments.site/reader034/viewer/2022042614/556d1209d8b42ad34f8b51cc/html5/thumbnails/31.jpg)
SECURITY BOOTCAMP 2012 | Make yourself to be an expert!
31
54
Bypass DEP / NXReturn-to-glibc
– Có thể thực hiện chained return-to-glibc bằng cách kết hợp sử dụng POP-POP-RET
![Page 32: SBC 2012 - Software Exploitation (Nguyễn Chấn Việt)](https://reader034.vdocuments.site/reader034/viewer/2022042614/556d1209d8b42ad34f8b51cc/html5/thumbnails/32.jpg)
SECURITY BOOTCAMP 2012 | Make yourself to be an expert!
32
54
Bypass DEP / NXReturn-to-glibc
– Trên Windows, Cơ chế DEP cũ có thể dễ dạng bị disable bởi các Windows API “NtSetInformationProcess” thông qua kỹ thuật return-to-glibc
![Page 33: SBC 2012 - Software Exploitation (Nguyễn Chấn Việt)](https://reader034.vdocuments.site/reader034/viewer/2022042614/556d1209d8b42ad34f8b51cc/html5/thumbnails/33.jpg)
SECURITY BOOTCAMP 2012 | Make yourself to be an expert!
33
54
Permanent DEPPhiên bản improve của DEP
DEP không thể bị change (disable) sau khi thiết lập
![Page 34: SBC 2012 - Software Exploitation (Nguyễn Chấn Việt)](https://reader034.vdocuments.site/reader034/viewer/2022042614/556d1209d8b42ad34f8b51cc/html5/thumbnails/34.jpg)
SECURITY BOOTCAMP 2012 | Make yourself to be an expert!
34
54
Bypass Permanent DEPReturn Oriented Programing (ROP)
– Là kỹ thuật mở rộng của return-to-glibc– Dựa trên kỹ thuật return-to-glibc và “borrowed
code chunks” => Return về các instruction trong section text/code
– ESP sẽ là key (thay vì EIP)
Payload Already Inside:Data re-use for ROP Exploits – Long Le Dinh
![Page 35: SBC 2012 - Software Exploitation (Nguyễn Chấn Việt)](https://reader034.vdocuments.site/reader034/viewer/2022042614/556d1209d8b42ad34f8b51cc/html5/thumbnails/35.jpg)
SECURITY BOOTCAMP 2012 | Make yourself to be an expert!
35
54
Other Vulnerbility ?Format String (lỗi định dạng)
Integer Overflow (tràn số nguyên)– Bypass checking– Possible memory corruption
Race Condition
User-after-free
![Page 36: SBC 2012 - Software Exploitation (Nguyễn Chấn Việt)](https://reader034.vdocuments.site/reader034/viewer/2022042614/556d1209d8b42ad34f8b51cc/html5/thumbnails/36.jpg)
SECURITY BOOTCAMP 2012 | Make yourself to be an expert!
36
54
Format StringXuất phát từ việc sử dụng format string không đúng cách
print(“%d”,number);
print(number);
Khác nhau như thế nào ?
![Page 37: SBC 2012 - Software Exploitation (Nguyễn Chấn Việt)](https://reader034.vdocuments.site/reader034/viewer/2022042614/556d1209d8b42ad34f8b51cc/html5/thumbnails/37.jpg)
SECURITY BOOTCAMP 2012 | Make yourself to be an expert!
37
54
Format StringCho phép attack có thể “view” stack memory sử dụng %x
Cho phép attack có thể write value vào 1 arbitrary memory sử dụng %n
![Page 38: SBC 2012 - Software Exploitation (Nguyễn Chấn Việt)](https://reader034.vdocuments.site/reader034/viewer/2022042614/556d1209d8b42ad34f8b51cc/html5/thumbnails/38.jpg)
SECURITY BOOTCAMP 2012 | Make yourself to be an expert!
38
54
Format StringKhông có RET => Làm sao để chiếm control ?
– Overwrite section .dtors– Overwrite GOT table
![Page 39: SBC 2012 - Software Exploitation (Nguyễn Chấn Việt)](https://reader034.vdocuments.site/reader034/viewer/2022042614/556d1209d8b42ad34f8b51cc/html5/thumbnails/39.jpg)
SECURITY BOOTCAMP 2012 | Make yourself to be an expert!
39
54
Use-after-freeModern race condition for browser
Objects in memory– - Replacing objects in memory on the fly– - Replacing them with user-controlled strings
![Page 40: SBC 2012 - Software Exploitation (Nguyễn Chấn Việt)](https://reader034.vdocuments.site/reader034/viewer/2022042614/556d1209d8b42ad34f8b51cc/html5/thumbnails/40.jpg)
SECURITY BOOTCAMP 2012 | Make yourself to be an expert!
40
54
Use-after-freeExample : 1 class bao gồm 3 member và 3 method
Class vuln()
{– int number1, number2, number3;
– void func1() {…};
– void func2() {…};
– void func3() {…};
}
![Page 41: SBC 2012 - Software Exploitation (Nguyễn Chấn Việt)](https://reader034.vdocuments.site/reader034/viewer/2022042614/556d1209d8b42ad34f8b51cc/html5/thumbnails/41.jpg)
SECURITY BOOTCAMP 2012 | Make yourself to be an expert!
41
54
Use-after-freeTrên memory :
VTABLE ----> FPTR1 ----------> code
NUMBER1 FPTR2 ----------> code
NUMBER2 FPTR3 ----------> code
NUMBER3
![Page 42: SBC 2012 - Software Exploitation (Nguyễn Chấn Việt)](https://reader034.vdocuments.site/reader034/viewer/2022042614/556d1209d8b42ad34f8b51cc/html5/thumbnails/42.jpg)
SECURITY BOOTCAMP 2012 | Make yourself to be an expert!
42
54
Use-after-freeNếu ta khởi tạo 2 instance của class đó :
b VTABLE ----> FPTR1 ----------> code
NUMBER1 FPTR2 ----------> code
NUMBER2 FPTR3 ----------> code
NUMBER3
a VTABLE ----> FPTR1 ----------> code
NUMBER1 FPTR2 ----------> code
NUMBER2 FPTR3 ----------> code
NUMBER3
![Page 43: SBC 2012 - Software Exploitation (Nguyễn Chấn Việt)](https://reader034.vdocuments.site/reader034/viewer/2022042614/556d1209d8b42ad34f8b51cc/html5/thumbnails/43.jpg)
SECURITY BOOTCAMP 2012 | Make yourself to be an expert!
43
54
Vtable overwriteKhi ta thực hiện :
– strcpy(b.number3, argv[1]);
– a.method2();
=> Nếu ta input dữ liệu lớn hơn size của number3 thì ta có thể overwrite lên các data khác
![Page 44: SBC 2012 - Software Exploitation (Nguyễn Chấn Việt)](https://reader034.vdocuments.site/reader034/viewer/2022042614/556d1209d8b42ad34f8b51cc/html5/thumbnails/44.jpg)
SECURITY BOOTCAMP 2012 | Make yourself to be an expert!
44
54
Use-after-freeBack to use-after-free :
– x = new ABC()
– y = clone(x)
– destroy(x)
– y.method2()
![Page 45: SBC 2012 - Software Exploitation (Nguyễn Chấn Việt)](https://reader034.vdocuments.site/reader034/viewer/2022042614/556d1209d8b42ad34f8b51cc/html5/thumbnails/45.jpg)
SECURITY BOOTCAMP 2012 | Make yourself to be an expert!
45
54
Use-after-freex = new ABC() :
– x VTABLE
– MEMBER1
– MEMBER2
– MEMBER3
– MEMBER4
![Page 46: SBC 2012 - Software Exploitation (Nguyễn Chấn Việt)](https://reader034.vdocuments.site/reader034/viewer/2022042614/556d1209d8b42ad34f8b51cc/html5/thumbnails/46.jpg)
SECURITY BOOTCAMP 2012 | Make yourself to be an expert!
46
54
Use-after-freey = clone(x) :
– y pointer -----> x VTABLE
– MEMBER1
– MEMBER2
– MEMBER3
– MEMBER4
![Page 47: SBC 2012 - Software Exploitation (Nguyễn Chấn Việt)](https://reader034.vdocuments.site/reader034/viewer/2022042614/556d1209d8b42ad34f8b51cc/html5/thumbnails/47.jpg)
SECURITY BOOTCAMP 2012 | Make yourself to be an expert!
47
54
Use-after-freedestroy(x)
y.method2() :– y VTABLE
– MEMBER1
– MEMBER2
– MEMBER3
– MEMBER4
![Page 48: SBC 2012 - Software Exploitation (Nguyễn Chấn Việt)](https://reader034.vdocuments.site/reader034/viewer/2022042614/556d1209d8b42ad34f8b51cc/html5/thumbnails/48.jpg)
SECURITY BOOTCAMP 2012 | Make yourself to be an expert!
48
54
Use-after-freeIdea : nếu ngay sau lúc destroy x, ta có thể input data vào (đủ nhanh) với đúng memory size của object x thì sẽ overwrite vtable object x thành công
– y pointer -----> 41414141
– AAAA
– AAAA
– AAAA
– AAAA
![Page 49: SBC 2012 - Software Exploitation (Nguyễn Chấn Việt)](https://reader034.vdocuments.site/reader034/viewer/2022042614/556d1209d8b42ad34f8b51cc/html5/thumbnails/49.jpg)
SECURITY BOOTCAMP 2012 | Make yourself to be an expert!
49
54
0day vs 1day VulnernablityReverse Engineering Patch for finding Vulnerability
![Page 50: SBC 2012 - Software Exploitation (Nguyễn Chấn Việt)](https://reader034.vdocuments.site/reader034/viewer/2022042614/556d1209d8b42ad34f8b51cc/html5/thumbnails/50.jpg)
SECURITY BOOTCAMP 2012 | Make yourself to be an expert!
50
54
Learning More ?Ebooks :
– The Art of Exploitation– The Shellcoder's Handbook: Discovering and
Exploiting Security Holes– Grey Hat Hacking - Ethical Hackers Handbook
– Nghệ thuật tận dụng lỗi phần mềm - NamNT
Sites :– https://www.corelan.be
– http://resources.infosecinstitute.com/
![Page 51: SBC 2012 - Software Exploitation (Nguyễn Chấn Việt)](https://reader034.vdocuments.site/reader034/viewer/2022042614/556d1209d8b42ad34f8b51cc/html5/thumbnails/51.jpg)
SECURITY BOOTCAMP 2012 | Make yourself to be an expert!
51
54
Learning More ?Training Courses
Wargames :– Online : http://www.overthewire.org/wargames/– Offline : exploit-exercises
Capture The Flag :– CSAW– HITB– Defcon– …
![Page 52: SBC 2012 - Software Exploitation (Nguyễn Chấn Việt)](https://reader034.vdocuments.site/reader034/viewer/2022042614/556d1209d8b42ad34f8b51cc/html5/thumbnails/52.jpg)
SECURITY BOOTCAMP 2012 | Make yourself to be an expert!
52
54
Exploit Listing SitesExploit-DB
Injector
CVE Details
Packetstorm
CERT
Mitre
National Vulnerability Database
Common Weakness Enumberation
![Page 53: SBC 2012 - Software Exploitation (Nguyễn Chấn Việt)](https://reader034.vdocuments.site/reader034/viewer/2022042614/556d1209d8b42ad34f8b51cc/html5/thumbnails/53.jpg)
SECURITY BOOTCAMP 2012 | Make yourself to be an expert!
53
54
Any Questions ?
![Page 54: SBC 2012 - Software Exploitation (Nguyễn Chấn Việt)](https://reader034.vdocuments.site/reader034/viewer/2022042614/556d1209d8b42ad34f8b51cc/html5/thumbnails/54.jpg)
SECURITY BOOTCAMP 2012 | Make yourself to be an expert!
54
54Thank you very much !