Enviar pesquisa
Carregar
Reverse Engineering for exploit writers
•
Transferir como PPS, PDF
•
3 gostaram
•
2,122 visualizações
A
amiable_indian
Seguir
Tecnologia
Negócios
Denunciar
Compartilhar
Denunciar
Compartilhar
1 de 30
Baixar agora
Recomendados
Introduction to C programming
Introduction to C programming
Kathmandu University
C programming language
C programming language
Maha lakshmi
Programming in C Basics
Programming in C Basics
Bharat Kalia
Advanced C Language for Engineering
Advanced C Language for Engineering
Vincenzo De Florio
Introduction to c
Introduction to c
amol_chavan
C programming
C programming
Rounak Samdadia
Basic C Programming language
Basic C Programming language
Abhishek Soni
COM1407: Introduction to C Programming
COM1407: Introduction to C Programming
Hemantha Kulathilake
Recomendados
Introduction to C programming
Introduction to C programming
Kathmandu University
C programming language
C programming language
Maha lakshmi
Programming in C Basics
Programming in C Basics
Bharat Kalia
Advanced C Language for Engineering
Advanced C Language for Engineering
Vincenzo De Florio
Introduction to c
Introduction to c
amol_chavan
C programming
C programming
Rounak Samdadia
Basic C Programming language
Basic C Programming language
Abhishek Soni
COM1407: Introduction to C Programming
COM1407: Introduction to C Programming
Hemantha Kulathilake
C PROGRAMMING
C PROGRAMMING
Stalongiles Philip
Unit 4 Foc
Unit 4 Foc
JAYA
Brief introduction to the c programming language
Brief introduction to the c programming language
Kumar Gaurav
Introduction to C Programming
Introduction to C Programming
MOHAMAD NOH AHMAD
C language introduction
C language introduction
musrath mohammad
Introduction to C Programming
Introduction to C Programming
Amr Ali (ISTQB CTAL Full, CSM, ITIL Foundation)
C language programming
C language programming
pullarao29
Embedded C programming based on 8051 microcontroller
Embedded C programming based on 8051 microcontroller
Gaurav Verma
Embedded c programming22 for fdp
Embedded c programming22 for fdp
Pradeep Kumar TS
C programming part1
C programming part1
Gaddam Kowshik
C programming tutorial for beginners
C programming tutorial for beginners
Thiyagarajan Soundhiran
Introduction to C Unit 1
Introduction to C Unit 1
SURBHI SAROHA
Discussing Fundamentals of C
Discussing Fundamentals of C
educationfront
Features of c language 1
Features of c language 1
srmohan06
A brief introduction to C Language
A brief introduction to C Language
Mohamed Elsayed
C languaGE UNIT-1
C languaGE UNIT-1
Malikireddy Bramhananda Reddy
C programming interview questions
C programming interview questions
adarshynl
Introduction to c programming
Introduction to c programming
gajendra singh
Introduction to programming with c,
Introduction to programming with c,
Hossain Md Shakhawat
Louisville Infosec - Metasploit Class - Fuzzing and Exploit Development with ...
Louisville Infosec - Metasploit Class - Fuzzing and Exploit Development with ...
nullthreat
Automatic tool for static analysis
Automatic tool for static analysis
Chong-Kuan Chen
Share point 2010 roadmap
Share point 2010 roadmap
ctc TrainCanada
Mais conteúdo relacionado
Mais procurados
C PROGRAMMING
C PROGRAMMING
Stalongiles Philip
Unit 4 Foc
Unit 4 Foc
JAYA
Brief introduction to the c programming language
Brief introduction to the c programming language
Kumar Gaurav
Introduction to C Programming
Introduction to C Programming
MOHAMAD NOH AHMAD
C language introduction
C language introduction
musrath mohammad
Introduction to C Programming
Introduction to C Programming
Amr Ali (ISTQB CTAL Full, CSM, ITIL Foundation)
C language programming
C language programming
pullarao29
Embedded C programming based on 8051 microcontroller
Embedded C programming based on 8051 microcontroller
Gaurav Verma
Embedded c programming22 for fdp
Embedded c programming22 for fdp
Pradeep Kumar TS
C programming part1
C programming part1
Gaddam Kowshik
C programming tutorial for beginners
C programming tutorial for beginners
Thiyagarajan Soundhiran
Introduction to C Unit 1
Introduction to C Unit 1
SURBHI SAROHA
Discussing Fundamentals of C
Discussing Fundamentals of C
educationfront
Features of c language 1
Features of c language 1
srmohan06
A brief introduction to C Language
A brief introduction to C Language
Mohamed Elsayed
C languaGE UNIT-1
C languaGE UNIT-1
Malikireddy Bramhananda Reddy
C programming interview questions
C programming interview questions
adarshynl
Introduction to c programming
Introduction to c programming
gajendra singh
Introduction to programming with c,
Introduction to programming with c,
Hossain Md Shakhawat
Mais procurados
(19)
C PROGRAMMING
C PROGRAMMING
Unit 4 Foc
Unit 4 Foc
Brief introduction to the c programming language
Brief introduction to the c programming language
Introduction to C Programming
Introduction to C Programming
C language introduction
C language introduction
Introduction to C Programming
Introduction to C Programming
C language programming
C language programming
Embedded C programming based on 8051 microcontroller
Embedded C programming based on 8051 microcontroller
Embedded c programming22 for fdp
Embedded c programming22 for fdp
C programming part1
C programming part1
C programming tutorial for beginners
C programming tutorial for beginners
Introduction to C Unit 1
Introduction to C Unit 1
Discussing Fundamentals of C
Discussing Fundamentals of C
Features of c language 1
Features of c language 1
A brief introduction to C Language
A brief introduction to C Language
C languaGE UNIT-1
C languaGE UNIT-1
C programming interview questions
C programming interview questions
Introduction to c programming
Introduction to c programming
Introduction to programming with c,
Introduction to programming with c,
Destaque
Louisville Infosec - Metasploit Class - Fuzzing and Exploit Development with ...
Louisville Infosec - Metasploit Class - Fuzzing and Exploit Development with ...
nullthreat
Automatic tool for static analysis
Automatic tool for static analysis
Chong-Kuan Chen
Share point 2010 roadmap
Share point 2010 roadmap
ctc TrainCanada
Gemtalk Product Roadmap
Gemtalk Product Roadmap
ESUG
Technical roadmap 2015 - Nuxeo Tour 2014
Technical roadmap 2015 - Nuxeo Tour 2014
Nuxeo
Metalnox Product Overview
Metalnox Product Overview
Dan Barefoot
Open Data Center Alliance Workgroups, Usage Models and Roadmap Structure
Open Data Center Alliance Workgroups, Usage Models and Roadmap Structure
Open Data Center Alliance
WSO2 Quarterly Technical Update
WSO2 Quarterly Technical Update
WSO2
Mobile ECM: Using the Nuxeo Platform from mobile devices
Mobile ECM: Using the Nuxeo Platform from mobile devices
Nuxeo
Product Release Road-map Guide
Product Release Road-map Guide
Bim Akinfenwa
Savanna - Elastic Hadoop on OpenStack
Savanna - Elastic Hadoop on OpenStack
Sergey Lukjanov
Roadmap for successful IT budgeting
Roadmap for successful IT budgeting
Absoft Limited
Windows azure overview
Windows azure overview
ctc TrainCanada
Mr. Ravi Shankar Gopal | Roadmap for growth in nonwovens industry in india
Mr. Ravi Shankar Gopal | Roadmap for growth in nonwovens industry in india
dhaval2929
New Products - Template and Roadmap Best Practices
New Products - Template and Roadmap Best Practices
sarjanacoid
Introduction to GreenTouch
Introduction to GreenTouch
greentouch-org
PuppetConf 2016: A Roadmap for a Platform: Mixing Metaphors for Fun and Profi...
PuppetConf 2016: A Roadmap for a Platform: Mixing Metaphors for Fun and Profi...
Puppet
Asap roadmap
Asap roadmap
Rach Zsims
Change Presented ad A Project Roadmap: Infographic Template
Change Presented ad A Project Roadmap: Infographic Template
dmdk12
PuppetConf 2016: Can You Manage Me Now? Humanizing Configuration Management a...
PuppetConf 2016: Can You Manage Me Now? Humanizing Configuration Management a...
Puppet
Destaque
(20)
Louisville Infosec - Metasploit Class - Fuzzing and Exploit Development with ...
Louisville Infosec - Metasploit Class - Fuzzing and Exploit Development with ...
Automatic tool for static analysis
Automatic tool for static analysis
Share point 2010 roadmap
Share point 2010 roadmap
Gemtalk Product Roadmap
Gemtalk Product Roadmap
Technical roadmap 2015 - Nuxeo Tour 2014
Technical roadmap 2015 - Nuxeo Tour 2014
Metalnox Product Overview
Metalnox Product Overview
Open Data Center Alliance Workgroups, Usage Models and Roadmap Structure
Open Data Center Alliance Workgroups, Usage Models and Roadmap Structure
WSO2 Quarterly Technical Update
WSO2 Quarterly Technical Update
Mobile ECM: Using the Nuxeo Platform from mobile devices
Mobile ECM: Using the Nuxeo Platform from mobile devices
Product Release Road-map Guide
Product Release Road-map Guide
Savanna - Elastic Hadoop on OpenStack
Savanna - Elastic Hadoop on OpenStack
Roadmap for successful IT budgeting
Roadmap for successful IT budgeting
Windows azure overview
Windows azure overview
Mr. Ravi Shankar Gopal | Roadmap for growth in nonwovens industry in india
Mr. Ravi Shankar Gopal | Roadmap for growth in nonwovens industry in india
New Products - Template and Roadmap Best Practices
New Products - Template and Roadmap Best Practices
Introduction to GreenTouch
Introduction to GreenTouch
PuppetConf 2016: A Roadmap for a Platform: Mixing Metaphors for Fun and Profi...
PuppetConf 2016: A Roadmap for a Platform: Mixing Metaphors for Fun and Profi...
Asap roadmap
Asap roadmap
Change Presented ad A Project Roadmap: Infographic Template
Change Presented ad A Project Roadmap: Infographic Template
PuppetConf 2016: Can You Manage Me Now? Humanizing Configuration Management a...
PuppetConf 2016: Can You Manage Me Now? Humanizing Configuration Management a...
Semelhante a Reverse Engineering for exploit writers
7986-lect 7.pdf
7986-lect 7.pdf
RiazAhmad521284
Aspect-oriented programming in Perl
Aspect-oriented programming in Perl
megakott
Safetty systems intro_embedded_c
Safetty systems intro_embedded_c
Maria Cida Rosa
Compilation and Execution
Compilation and Execution
Chong-Kuan Chen
Readme
Readme
rec2006
Embedded C.pptx
Embedded C.pptx
MusthafaKadersha
Lecture 01 2017
Lecture 01 2017
Jesmin Akhter
(1) c sharp introduction_basics_dot_net
(1) c sharp introduction_basics_dot_net
Nico Ludwig
A Life of breakpoint
A Life of breakpoint
Hajime Morrita
C notes.pdf
C notes.pdf
Durga Padma
Defcon 22 - Stitching numbers - generating rop payloads from in memory numbers
Defcon 22 - Stitching numbers - generating rop payloads from in memory numbers
Alexandre Moneger
Dotnet basics
Dotnet basics
Mir Majid
Os Worthington
Os Worthington
oscon2007
Technical Interview
Technical Interview
prashant patel
Unit 2 ppt
Unit 2 ppt
Mitali Chugh
Introduction to Assembly Language
Introduction to Assembly Language
ApekshaShinde6
C# tutorial
C# tutorial
sarangowtham_gunnam
Assembly language programming(unit 4)
Assembly language programming(unit 4)
Ashim Saha
Build your own discovery index of scholary e-resources
Build your own discovery index of scholary e-resources
Martin Czygan
Php7 extensions workshop
Php7 extensions workshop
julien pauli
Semelhante a Reverse Engineering for exploit writers
(20)
7986-lect 7.pdf
7986-lect 7.pdf
Aspect-oriented programming in Perl
Aspect-oriented programming in Perl
Safetty systems intro_embedded_c
Safetty systems intro_embedded_c
Compilation and Execution
Compilation and Execution
Readme
Readme
Embedded C.pptx
Embedded C.pptx
Lecture 01 2017
Lecture 01 2017
(1) c sharp introduction_basics_dot_net
(1) c sharp introduction_basics_dot_net
A Life of breakpoint
A Life of breakpoint
C notes.pdf
C notes.pdf
Defcon 22 - Stitching numbers - generating rop payloads from in memory numbers
Defcon 22 - Stitching numbers - generating rop payloads from in memory numbers
Dotnet basics
Dotnet basics
Os Worthington
Os Worthington
Technical Interview
Technical Interview
Unit 2 ppt
Unit 2 ppt
Introduction to Assembly Language
Introduction to Assembly Language
C# tutorial
C# tutorial
Assembly language programming(unit 4)
Assembly language programming(unit 4)
Build your own discovery index of scholary e-resources
Build your own discovery index of scholary e-resources
Php7 extensions workshop
Php7 extensions workshop
Mais de amiable_indian
Phishing As Tragedy of the Commons
Phishing As Tragedy of the Commons
amiable_indian
Cisco IOS Attack & Defense - The State of the Art
Cisco IOS Attack & Defense - The State of the Art
amiable_indian
Secrets of Top Pentesters
Secrets of Top Pentesters
amiable_indian
Workshop on Wireless Security
Workshop on Wireless Security
amiable_indian
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
amiable_indian
Workshop on BackTrack live CD
Workshop on BackTrack live CD
amiable_indian
Reverse Engineering for exploit writers
Reverse Engineering for exploit writers
amiable_indian
State of Cyber Law in India
State of Cyber Law in India
amiable_indian
AntiSpam - Understanding the good, the bad and the ugly
AntiSpam - Understanding the good, the bad and the ugly
amiable_indian
Reverse Engineering v/s Secure Coding
Reverse Engineering v/s Secure Coding
amiable_indian
Network Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons Learned
amiable_indian
Economic offenses through Credit Card Frauds Dissected
Economic offenses through Credit Card Frauds Dissected
amiable_indian
Immune IT: Moving from Security to Immunity
Immune IT: Moving from Security to Immunity
amiable_indian
Hacking Client Side Insecurities
Hacking Client Side Insecurities
amiable_indian
Web Exploit Finder Presentation
Web Exploit Finder Presentation
amiable_indian
Network Security Data Visualization
Network Security Data Visualization
amiable_indian
Enhancing Computer Security via End-to-End Communication Visualization
Enhancing Computer Security via End-to-End Communication Visualization
amiable_indian
Top Network Vulnerabilities Over Time
Top Network Vulnerabilities Over Time
amiable_indian
What are the Business Security Metrics?
What are the Business Security Metrics?
amiable_indian
No Substitute for Ongoing Data, Quantification, Visualization, and Story-Telling
No Substitute for Ongoing Data, Quantification, Visualization, and Story-Telling
amiable_indian
Mais de amiable_indian
(20)
Phishing As Tragedy of the Commons
Phishing As Tragedy of the Commons
Cisco IOS Attack & Defense - The State of the Art
Cisco IOS Attack & Defense - The State of the Art
Secrets of Top Pentesters
Secrets of Top Pentesters
Workshop on Wireless Security
Workshop on Wireless Security
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
Workshop on BackTrack live CD
Workshop on BackTrack live CD
Reverse Engineering for exploit writers
Reverse Engineering for exploit writers
State of Cyber Law in India
State of Cyber Law in India
AntiSpam - Understanding the good, the bad and the ugly
AntiSpam - Understanding the good, the bad and the ugly
Reverse Engineering v/s Secure Coding
Reverse Engineering v/s Secure Coding
Network Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons Learned
Economic offenses through Credit Card Frauds Dissected
Economic offenses through Credit Card Frauds Dissected
Immune IT: Moving from Security to Immunity
Immune IT: Moving from Security to Immunity
Hacking Client Side Insecurities
Hacking Client Side Insecurities
Web Exploit Finder Presentation
Web Exploit Finder Presentation
Network Security Data Visualization
Network Security Data Visualization
Enhancing Computer Security via End-to-End Communication Visualization
Enhancing Computer Security via End-to-End Communication Visualization
Top Network Vulnerabilities Over Time
Top Network Vulnerabilities Over Time
What are the Business Security Metrics?
What are the Business Security Metrics?
No Substitute for Ongoing Data, Quantification, Visualization, and Story-Telling
No Substitute for Ongoing Data, Quantification, Visualization, and Story-Telling
Último
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
LoriGlavin3
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
ThousandEyes
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
Wes McKinney
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
Alan Dix
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
Ingrid Airi González
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
Raghuram Pandurangan
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
HarshalMandlekar2
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance Audit
Skynet Technologies
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
Nathaniel Shimoni
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
Lonnie McRorey
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
DianaGray10
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
Curtis Poe
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
Pixlogix Infotech
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
BookNet Canada
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
Nicole Novielli
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
Neo4j
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
Knoldus Inc.
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
LoriGlavin3
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
LoriGlavin3
Último
(20)
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance Audit
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
Reverse Engineering for exploit writers
1.
Reverse Engineering for
exploit writers Jonathan Brossard, iViZ Research Team Clubhack 2008 Pune, India
2.
Who Am I
? (and why am I writing this ??) We are recruting ! Send me your CVs at : [email_address]
3.
4.
A (short) reminder
of the ELF format A (short) reminder of the ELF format ©iViZ Techno Solutions Pvt Ltd.
5.
6.
7.
8.
9.
10.
- We know
where the Segments are - We know where the Sections are located - The application has a symbol table ©iViZ Techno Solutions Pvt Ltd. Introducing the problem Before :
11.
After : ©iViZ
Techno Solutions Pvt Ltd. Introducing the problem - We know where the Segments are : the loader/dynamic linker can still do their jobs - We don’t know where the Sections start/end - The application has no symbol table
12.
13.
14.
15.
16.
17.
Increase the size
of the binary to contain a new Section Header Table Modify the ELF Header to point to our new Section Header Table (via e_shoff) ©iViZ Techno Solutions Pvt Ltd. Refactoring the binary :
18.
19.
20.
Allocate (append) and
update Section Headers accordingly (don’t forget to e_shnum++ in ELF Header). ©iViZ Techno Solutions Pvt Ltd. Refactoring the binary
21.
We can now
use the binary with our usual disassemblers using libbfd. Disassemble the .text, and give names to the destination offsets of (un)conditional jumps and calls Update this list with labels corresponding to predictable offsets (eg: main()) and the content of the .dynamic section Add all those label/offset tuples to a symbol table (new section SHT_SYMTAB) at the end of the binary ©iViZ Techno Solutions Pvt Ltd. Refactoring the binary
22.
23.
24.
25.
26.
27.
28.
29.
30.
Baixar agora