SecurityTubeBeta Watch ... Learn ... Contribute |
 |
 |
 |
 |
 |
  |
|
Reverse Engineering Techniques to find Security Vulnerabilities
In this video, Alex Sotirov takes us through the basics of how to go about finding security vulnerabilities in software using reverse engineering. He begins the presentation with a quick demo of the ANI bug he discovered on Vista and XP. He then starts with the very basics of reverse engineering and describes the tools he uses - IDA Pro, BinDiff, PaiMei etc. He then talks about the various protection mechanisms built into Vista - /GS stack cookies, Address Space layout Randomization (ASLR) and Data Execution Prevention (DEP).
In the second part of the talk, he describes how he subverted all these protection mechanisms while finding and exploiting the ANI vulnerability. In the process he also talks about Heap Spraying techniques and how they can be used to exploit vulnerable situations in code. He concludes his talk by educating the audience about secure programming techniques and principles of secure software design. This is a very detailed video and runs for around an hour, but is definitely worth the time and patience. Highly recommended watch.
For those of you who are newbies to reverse engineering, we have created the Assembly language primer (13 videos), Buffer Overflow basics (9 videos) and Format String (in progress) exploitation videos for you to get started. You can also refer to the excellent video posted by Dino Dai Zovi on Windows Exploit Programming for additional material on the subject. Enjoy!
In the second part of the talk, he describes how he subverted all these protection mechanisms while finding and exploiting the ANI vulnerability. In the process he also talks about Heap Spraying techniques and how they can be used to exploit vulnerable situations in code. He concludes his talk by educating the audience about secure programming techniques and principles of secure software design. This is a very detailed video and runs for around an hour, but is definitely worth the time and patience. Highly recommended watch.
For those of you who are newbies to reverse engineering, we have created the Assembly language primer (13 videos), Buffer Overflow basics (9 videos) and Format String (in progress) exploitation videos for you to get started. You can also refer to the excellent video posted by Dino Dai Zovi on Windows Exploit Programming for additional material on the subject. Enjoy!
Related Videos from: Windows Exploit Code Programming
 |  | ||||
You are Viewing this Video Now! | |||||
16464 views | 8092 views |
Author
Vivek Ramachandran is a security evangelist and has been working in computer security related fields for the past 7 years. In 2007, Vivek spoke at world renowned conferences Defcon (WEP Cloaking Exposed) and Toorcon (The Caffe Latte Attack). The discovery of the Caffe Latte Attack was covered by CBS5 news, BBC online, Network World etc news agencies.In 2006, Vivek was announced as one of winners of the Microsoft Security Shootout contest held in India among 65,000 participants. He has also been a recipient of a Team Achievement at Cisco Systems for his work on 802.1x and Port Security modules on the Catalyst 6500 switches. Currently he spends all of his time maintaining Security- Freak.Net , SecurityTube.Net and is the co-founder of Axonize. Vivek, is a Bachelor in Electronics and Communications Engineering from the prestigious Indian Institute of Technology, Guwahati.You can contact him at vivek[at]securitytube.net
©2007 Freak Labs |