SecurityTubeBeta Watch ... Learn ... Contribute |
 |
 |
 |
 |
 |
  |
|
Format String Vulnerabilities Primer (Part 1 The Basics)
In this video series we will cover Format String Vulnerabilities in detail. The prerequisite for this series is Assembly Language and Buffer Overflow basics. If you are not familiar with these topics, please go through the detailed Assembly Language Primer for Hackers and Buffer Overflow Primer for Hackers video series which I have created.
In this first video of the series, we will understand the basics of format strings and format functions. Format functions such as Printf, Sprintf etc. belong to a class of functions called Variadic functions, which are capable of taking variable number of arguments. These functions rely on the format string passed to them, to decide the number of input arguments and their data types. Format string vulnerabilities happen when this format string passed to these functions is controlled by user input. In this video we will look at a simple case where information leakage happens due to a format string vulnerability being present. In the next video we will look at the program stack to undertstand how arguments are fetched by the format functions and why this makes them vulnerable to attack.
In this first video of the series, we will understand the basics of format strings and format functions. Format functions such as Printf, Sprintf etc. belong to a class of functions called Variadic functions, which are capable of taking variable number of arguments. These functions rely on the format string passed to them, to decide the number of input arguments and their data types. Format string vulnerabilities happen when this format string passed to these functions is controlled by user input. In this video we will look at a simple case where information leakage happens due to a format string vulnerability being present. In the next video we will look at the program stack to undertstand how arguments are fetched by the format functions and why this makes them vulnerable to attack.
Related Videos from: Format String Vulnerabilities Primer for Hackers
.jpg) | .jpg) | .jpg) | .jpg) | ||
You are Viewing this Video Now! | |||||
5846 views | 3659 views | 3544 views | 2452 views |
Author
Vivek Ramachandran is a security evangelist and has been working in computer security related fields for the past 7 years. In 2007, Vivek spoke at world renowned conferences Defcon (WEP Cloaking Exposed) and Toorcon (The Caffe Latte Attack). The discovery of the Caffe Latte Attack was covered by CBS5 news, BBC online, Network World etc news agencies.In 2006, Vivek was announced as one of winners of the Microsoft Security Shootout contest held in India among 65,000 participants. He has also been a recipient of a Team Achievement at Cisco Systems for his work on 802.1x and Port Security modules on the Catalyst 6500 switches. Currently he spends all of his time maintaining Security- Freak.Net , SecurityTube.Net and is the co-founder of Axonize. Vivek, is a Bachelor in Electronics and Communications Engineering from the prestigious Indian Institute of Technology, Guwahati.You can contact him at vivek[at]securitytube.net
©2007 Freak Labs |