Buffer Overflow Attacks: Detect, Exploit, Prevent

 

The SANS Institute maintains a list of the “Top 10 Software Vulnerabilities.” At the current time, over half of these vulnerabilities are exploitable by Buffer Overflow attacks, making this class of attack one of the most common and most dangerous weapon used by malicious attackers. This is the first book specifically aimed at detecting, exploiting, and preventing the most common and dangerous attacks.

Buffer overflows make up one of the largest collections of vulnerabilities in existence; And a large percentage of possible remote exploits are of the overflow variety. Almost all of the most devastating computer attacks to hit the Internet in recent years including SQL Slammer, Blaster, and I Love You attacks. If executed properly, an overflow vulnerability will allow an attacker to run arbitrary code on the victim’s machine with the equivalent rights of whichever process was overflowed. This is often used to provide a remote shell onto the victim machine, which can be used for further exploitation. Continue reading “Buffer Overflow Attacks: Detect, Exploit, Prevent” »

Malware Unpacking With Ollydbg

dexter_packed

For years, malware take advantage of packers to protect themselves against reverse analysis and AV detection. Third party packers such as UPX, PECompact, Aspack, etc. were being used by malware for years to somehow evade antivirus detection and make reversing difficult . However, due to the fact that these are available tools, AV companies and reversers where able to study them and thus malwares packed with such third party packers can be easily unpacked these days. Today however, malware using a so called hacker-packer is proliferating. Unlike packers such as UPX, hacker-packer tools are not readily available. They are sold and distributed usually underground. Continue reading “Malware Unpacking With Ollydbg” »

Malware Unpacking With Ollydbg

dexter_packed

For years, malware take advantage of packers to protect themselves against reverse analysis and AV detection. Third party packers such as UPX, PECompact, Aspack, etc. were being used by malware for years to somehow evade antivirus detection and make reversing difficult . However, due to the fact that these are available tools, AV companies and reversers where able to study them and thus malwares packed with such third party packers can be easily unpacked these days. Today however, malware using a so called hacker-packer is proliferating. Unlike packers such as UPX, hacker-packer tools are not readily available. They are sold and distributed usually underground. Continue reading “Malware Unpacking With Ollydbg” »