|
BinExploitMe - Lesson 1: A Simple Buffer Overflow |
| In computer security and programming, a buffer overflow, or buffer overrun, is a programming error which may result in a memory access exception and program termination, or in the event of the user being malicious, a breach of system security. A buffer overflow is an anomalous condition where a process attempts to store data beyond the boundaries of a fixed length buffer. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include other buffers, variables and program flow data. Buffer overflows may cause a process to crash or produce incorrect results. They can be triggered by inputs specifically designed to execute malicious code or to make the program operate in an unintended way. As such, buffer overflows cause many software vulnerabilities and form the basis of many exploits. Sufficient bounds checking by either the programmer or the compiler can prevent buffer overflows. |
| Date: 2007-08-24 20:29:23 - Added by: Schneider |
| Views: 1335 - Votes: 1 - Rating: 5 |
| |
|
The DVL Project Presentation Video |
| This presentation was held at a university workshop and gives a brief overview on DVL and its future. |
| Date: 2007-08-24 16:30:05 - Added by: Schneider |
| Views: 692 - Votes: 0 - Rating: 0 |
| |
|
Ten Slides on... Trusted Computing |
| Trusted Computing is a technology developed and promoted by the Trusted Computing Group (TCG). The term is taken from the field of trusted systems and has a specialized meaning. |
| Date: 2007-08-24 16:25:42 - Added by: Schneider |
| Views: 284 - Votes: 0 - Rating: 0 |
| |
|
Ten Slides on... ASLR - Address Space Layout Randomization |
| Address space layout randomization (ASLR) is a computer security technique which involves arranging the positions of key data areas, usually including the base of the executable and position of libraries, heap, and stack, randomly in a process' address space. Address space randomization hinders some types of security attack by preventing an attacker being able to easily predict target addresses. For example attackers trying to execute return-to-lib cee attacks must locate the code to be executed; while other attackers trying to execute shellcode injected on the stack have to first find the stack. In both cases, the related memory addresses are obscured from the attackers; these values have to be guessed, and a mistaken guess is not usually recoverable due to the application crashing. |
| Date: 2007-08-24 16:24:20 - Added by: Schneider |
| Views: 262 - Votes: 0 - Rating: 0 |
| |
|
Basic Introduction to GDB |
| This eLecture gives some basic introduction to GDB and its usage. The GNU Debugger, usually called just GDB, is the standard debugger for the GNU software system. It is a portable debugger that runs on many Unix-like systems and works for many programming languages, including Ada, C, C++, and FORTRAN. GDB offers extensive facilities for tracing and altering the execution of computer programs. The user can monitor and modify the values of programs' internal variables, and even call functions independently of the program's normal behavior. |
| Date: 2007-08-24 16:21:31 - Added by: Schneider |
| Views: 670 - Votes: 0 - Rating: 0 |
| |
|
Introduction to HLA Assembly Language Video |
| The Art of Assembly Language Programming (AoA), Randy Hyde's acclaimed text on assembly language programming, is the most-often recommended book on 80x86 assembly language programming in newsgroups, on web sites, and by word of mouth. The Art of Assembly Language Programming assumes that the reader already knows at least one high level programming language like Visual BASIC, C/C++, Java, or Pascal/Delphi. If you understand the basics of computer programming, you're ready to learn assembly language programming! |
| Date: 2007-08-24 16:19:03 - Added by: Schneider |
| Views: 413 - Votes: 0 - Rating: 0 |
| |
|
DVL Strychnine+e605 Trailer |
| Damn Vulnerable Linux Strychnine+e605 completes the IT security perspectives. This release includes all necessary tools, binary vulnerabilities and web vulnerabilities |
| Date: 2007-08-24 16:12:37 - Added by: Schneider |
| Views: 475 - Votes: 1 - Rating: 5 |
| |
|
Cracking 128 Bit WEP-Key in one minute |
| WEP is part of the IEEE 802.11 standard ratified in September 1999. WEP uses the stream cipher RC4 for confidentiality and the CRC-32 checksum for integrity. |
| Date: 2007-08-24 16:07:15 - Added by: Schneider |
| Views: 903 - Votes: 2 - Rating: 5 |
| |
|
Hello World to the Boomerang Decompiler |
| This project is an attempt to develop a real decompiler for machine code programs through the open source community. A decompiler takes as input an executable file, and attempts to create a high level, compilable, possibly even maintainable source file that does the same thing. It is therefore the opposite of a compiler, which takes a source file and makes an executable. However, a general decompiler does not attempt to reverse every action of the decompiler, rather it transforms the input program repeatedly until the result is high level source code. It therefore won't recreate the original source file; probably nothing like it. It does not matter if the executable file has symbols or not, or was compiled from any particular language. (However, declarative languages like ML are not considered.) |
| Date: 2007-08-24 16:04:11 - Added by: Schneider |
| Views: 590 - Votes: 1 - Rating: 5 |
| |
