SlideShare uma empresa Scribd logo

Reverse Engineering for exploit writers

Transferir como PPS, PDF
A
amiable_indian
TecnologiaNegócios
1 de 30
Reverse Engineering for exploit writers Jonathan Brossard, iViZ Research Team Clubhack 2008 Pune, India
Who Am I ? (and why am I writing this ??) We are recruting ! Send me your CVs at : [email_address]
Roadmap ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],©iViZ Techno Solutions Pvt Ltd.
A (short) reminder of the ELF format A (short) reminder of the ELF format ©iViZ Techno Solutions Pvt Ltd.
A (short) reminder of the ELF format ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],©iViZ Techno Solutions Pvt Ltd.
A (short) reminder of the ELF format ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],©iViZ Techno Solutions Pvt Ltd.
A (short) reminder of the ELF format ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],©iViZ Techno Solutions Pvt Ltd.
A (short) reminder of the ELF format ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],©iViZ Techno Solutions Pvt Ltd.
Introducing the problem ,[object Object],©iViZ Techno Solutions Pvt Ltd.
- We know where the Segments are - We know where the Sections are located - The application has a symbol table ©iViZ Techno Solutions Pvt Ltd. Introducing the problem Before :
After : ©iViZ Techno Solutions Pvt Ltd. Introducing the problem - We know where the Segments are : the loader/dynamic linker can still do their jobs - We don’t know where the Sections start/end - The application has no symbol table
Introducing the problem ,[object Object],[object Object],[object Object],©iViZ Techno Solutions Pvt Ltd.
Introducing the problem ,[object Object],©iViZ Techno Solutions Pvt Ltd.
How (not) to work with proprietary binaries anyway ? ,[object Object],©iViZ Techno Solutions Pvt Ltd.
[object Object],[object Object],[object Object],How (not) to work with proprietary binaries anyway ? ©iViZ Techno Solutions Pvt Ltd.
What to rebuild ? ,[object Object],[object Object],[object Object],©iViZ Techno Solutions Pvt Ltd.
Increase the size of the binary to contain a new Section Header Table Modify the ELF Header to point to our new Section Header Table (via e_shoff) ©iViZ Techno Solutions Pvt Ltd. Refactoring the binary :
Refactoring the binary ,[object Object],[object Object],[object Object],[object Object],©iViZ Techno Solutions Pvt Ltd.
Refactoring the binary ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],©iViZ Techno Solutions Pvt Ltd.
Allocate (append) and update Section Headers accordingly (don’t forget to e_shnum++ in ELF Header). ©iViZ Techno Solutions Pvt Ltd. Refactoring the binary
We can now use the binary with our usual disassemblers using libbfd. Disassemble the .text, and give names to the destination offsets of (un)conditional jumps and calls Update this list with labels corresponding to predictable offsets (eg: main()) and the content of the .dynamic section Add all those label/offset tuples to a symbol table (new section SHT_SYMTAB) at the end of the binary ©iViZ Techno Solutions Pvt Ltd. Refactoring the binary
Refactoring the binary ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],©iViZ Techno Solutions Pvt Ltd.
Refactoring the binary ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],©iViZ Techno Solutions Pvt Ltd.
Refactoring the binary ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],©iViZ Techno Solutions Pvt Ltd.
Refactoring the binary ,[object Object],[object Object],[object Object],©iViZ Techno Solutions Pvt Ltd.
Refactoring in practice ,[object Object],©iViZ Techno Solutions Pvt Ltd.
Conclusion ,[object Object],[object Object],[object Object],©iViZ Techno Solutions Pvt Ltd.
Greetings ,[object Object],[object Object],[object Object],[object Object],[object Object],©iViZ Techno Solutions Pvt Ltd.
[object Object],©iViZ Techno Solutions Pvt Ltd.
[object Object],©iViZ Techno Solutions Pvt Ltd.

Recomendados

Introduction to C programming
Introduction to C programmingIntroduction to C programming
Introduction to C programmingKathmandu University
 
C programming language
C programming languageC programming language
C programming languageMaha lakshmi
 
Programming in C Basics
Programming in C BasicsProgramming in C Basics
Programming in C BasicsBharat Kalia
 
Advanced C Language for Engineering
Advanced C Language for EngineeringAdvanced C Language for Engineering
Advanced C Language for EngineeringVincenzo De Florio
 
Introduction to c
Introduction to cIntroduction to c
Introduction to camol_chavan
 
C programming
C programmingC programming
C programmingRounak Samdadia
 
Basic C Programming language
Basic C Programming languageBasic C Programming language
Basic C Programming languageAbhishek Soni
 
COM1407: Introduction to C Programming
COM1407: Introduction to C Programming COM1407: Introduction to C Programming
COM1407: Introduction to C Programming Hemantha Kulathilake
 

Recomendados

Introduction to C programming
Introduction to C programmingIntroduction to C programming
Introduction to C programmingKathmandu University
 
C programming language
C programming languageC programming language
C programming languageMaha lakshmi
 
Programming in C Basics
Programming in C BasicsProgramming in C Basics
Programming in C BasicsBharat Kalia
 
Advanced C Language for Engineering
Advanced C Language for EngineeringAdvanced C Language for Engineering
Advanced C Language for EngineeringVincenzo De Florio
 
Introduction to c
Introduction to cIntroduction to c
Introduction to camol_chavan
 
C programming
C programmingC programming
C programmingRounak Samdadia
 
Basic C Programming language
Basic C Programming languageBasic C Programming language
Basic C Programming languageAbhishek Soni
 
COM1407: Introduction to C Programming
COM1407: Introduction to C Programming COM1407: Introduction to C Programming
COM1407: Introduction to C Programming Hemantha Kulathilake
 
C PROGRAMMING
C PROGRAMMINGC PROGRAMMING
C PROGRAMMINGStalongiles Philip
 
Unit 4 Foc
Unit 4 FocUnit 4 Foc
Unit 4 FocJAYA
 
Brief introduction to the c programming language
Brief introduction to the c programming languageBrief introduction to the c programming language
Brief introduction to the c programming languageKumar Gaurav
 
Introduction to C Programming
Introduction to C ProgrammingIntroduction to C Programming
Introduction to C ProgrammingMOHAMAD NOH AHMAD
 
C language introduction
C language introduction C language introduction
C language introduction musrath mohammad
 
Introduction to C Programming
Introduction to C ProgrammingIntroduction to C Programming
Introduction to C ProgrammingAmr Ali (ISTQB CTAL Full, CSM, ITIL Foundation)
 
C language programming
C language programmingC language programming
C language programmingpullarao29
 
Embedded C programming based on 8051 microcontroller
Embedded C programming based on 8051 microcontrollerEmbedded C programming based on 8051 microcontroller
Embedded C programming based on 8051 microcontrollerGaurav Verma
 
Embedded c programming22 for fdp
Embedded c programming22 for fdpEmbedded c programming22 for fdp
Embedded c programming22 for fdpPradeep Kumar TS
 
C programming part1
C programming part1C programming part1
C programming part1Gaddam Kowshik
 
C programming tutorial for beginners
C programming tutorial for beginnersC programming tutorial for beginners
C programming tutorial for beginnersThiyagarajan Soundhiran
 
Introduction to C Unit 1
Introduction to C Unit 1Introduction to C Unit 1
Introduction to C Unit 1SURBHI SAROHA
 
Discussing Fundamentals of C
Discussing Fundamentals of CDiscussing Fundamentals of C
Discussing Fundamentals of Ceducationfront
 
Features of c language 1
Features of c language 1Features of c language 1
Features of c language 1srmohan06
 
A brief introduction to C Language
A brief introduction to C LanguageA brief introduction to C Language
A brief introduction to C LanguageMohamed Elsayed
 
C languaGE UNIT-1
C languaGE UNIT-1C languaGE UNIT-1
C languaGE UNIT-1Malikireddy Bramhananda Reddy
 
C programming interview questions
C programming interview questionsC programming interview questions
C programming interview questionsadarshynl
 
Introduction to c programming
Introduction to c programmingIntroduction to c programming
Introduction to c programminggajendra singh
 
Introduction to programming with c,
Introduction to programming with c,Introduction to programming with c,
Introduction to programming with c,Hossain Md Shakhawat
 
Louisville Infosec - Metasploit Class - Fuzzing and Exploit Development with ...
Louisville Infosec - Metasploit Class - Fuzzing and Exploit Development with ...Louisville Infosec - Metasploit Class - Fuzzing and Exploit Development with ...
Louisville Infosec - Metasploit Class - Fuzzing and Exploit Development with ...nullthreat
 
Automatic tool for static analysis
Automatic tool for static analysisAutomatic tool for static analysis
Automatic tool for static analysisChong-Kuan Chen
 
Share point 2010 roadmap
Share point 2010 roadmapShare point 2010 roadmap
Share point 2010 roadmapctc TrainCanada
 

Mais conteúdo relacionado

Mais procurados

Unit 4 Foc
Unit 4 FocUnit 4 Foc
Unit 4 FocJAYA
 
Brief introduction to the c programming language
Brief introduction to the c programming languageBrief introduction to the c programming language
Brief introduction to the c programming languageKumar Gaurav
 
Introduction to C Programming
Introduction to C ProgrammingIntroduction to C Programming
Introduction to C ProgrammingMOHAMAD NOH AHMAD
 
C language programming
C language programmingC language programming
C language programmingpullarao29
 
Embedded C programming based on 8051 microcontroller
Embedded C programming based on 8051 microcontrollerEmbedded C programming based on 8051 microcontroller
Embedded C programming based on 8051 microcontrollerGaurav Verma
 
Embedded c programming22 for fdp
Embedded c programming22 for fdpEmbedded c programming22 for fdp
Embedded c programming22 for fdpPradeep Kumar TS
 
Introduction to C Unit 1
Introduction to C Unit 1Introduction to C Unit 1
Introduction to C Unit 1SURBHI SAROHA
 
Discussing Fundamentals of C
Discussing Fundamentals of CDiscussing Fundamentals of C
Discussing Fundamentals of Ceducationfront
 
Features of c language 1
Features of c language 1Features of c language 1
Features of c language 1srmohan06
 
A brief introduction to C Language
A brief introduction to C LanguageA brief introduction to C Language
A brief introduction to C LanguageMohamed Elsayed
 
C programming interview questions
C programming interview questionsC programming interview questions
C programming interview questionsadarshynl
 
Introduction to c programming
Introduction to c programmingIntroduction to c programming
Introduction to c programminggajendra singh
 
Introduction to programming with c,
Introduction to programming with c,Introduction to programming with c,
Introduction to programming with c,Hossain Md Shakhawat
 

Mais procurados (19)

C PROGRAMMING
C PROGRAMMINGC PROGRAMMING
C PROGRAMMING
 
Unit 4 Foc
Unit 4 FocUnit 4 Foc
Unit 4 Foc
 
Brief introduction to the c programming language
Brief introduction to the c programming languageBrief introduction to the c programming language
Brief introduction to the c programming language
 
Introduction to C Programming
Introduction to C ProgrammingIntroduction to C Programming
Introduction to C Programming
 
C language introduction
C language introduction C language introduction
C language introduction
 
Introduction to C Programming
Introduction to C ProgrammingIntroduction to C Programming
Introduction to C Programming
 
C language programming
C language programmingC language programming
C language programming
 
Embedded C programming based on 8051 microcontroller
Embedded C programming based on 8051 microcontrollerEmbedded C programming based on 8051 microcontroller
Embedded C programming based on 8051 microcontroller
 
Embedded c programming22 for fdp
Embedded c programming22 for fdpEmbedded c programming22 for fdp
Embedded c programming22 for fdp
 
C programming part1
C programming part1C programming part1
C programming part1
 
C programming tutorial for beginners
C programming tutorial for beginnersC programming tutorial for beginners
C programming tutorial for beginners
 
Introduction to C Unit 1
Introduction to C Unit 1Introduction to C Unit 1
Introduction to C Unit 1
 
Discussing Fundamentals of C
Discussing Fundamentals of CDiscussing Fundamentals of C
Discussing Fundamentals of C
 
Features of c language 1
Features of c language 1Features of c language 1
Features of c language 1
 
A brief introduction to C Language
A brief introduction to C LanguageA brief introduction to C Language
A brief introduction to C Language
 
C languaGE UNIT-1
C languaGE UNIT-1C languaGE UNIT-1
C languaGE UNIT-1
 
C programming interview questions
C programming interview questionsC programming interview questions
C programming interview questions
 
Introduction to c programming
Introduction to c programmingIntroduction to c programming
Introduction to c programming
 
Introduction to programming with c,
Introduction to programming with c,Introduction to programming with c,
Introduction to programming with c,
 

Destaque

Louisville Infosec - Metasploit Class - Fuzzing and Exploit Development with ...
Louisville Infosec - Metasploit Class - Fuzzing and Exploit Development with ...Louisville Infosec - Metasploit Class - Fuzzing and Exploit Development with ...
Louisville Infosec - Metasploit Class - Fuzzing and Exploit Development with ...nullthreat
 
Automatic tool for static analysis
Automatic tool for static analysisAutomatic tool for static analysis
Automatic tool for static analysisChong-Kuan Chen
 
Share point 2010 roadmap
Share point 2010 roadmapShare point 2010 roadmap
Share point 2010 roadmapctc TrainCanada
 
Gemtalk Product Roadmap
Gemtalk Product RoadmapGemtalk Product Roadmap
Gemtalk Product RoadmapESUG
 
Technical roadmap 2015 - Nuxeo Tour 2014
Technical roadmap 2015 - Nuxeo Tour 2014Technical roadmap 2015 - Nuxeo Tour 2014
Technical roadmap 2015 - Nuxeo Tour 2014Nuxeo
 
Metalnox Product Overview
Metalnox Product OverviewMetalnox Product Overview
Metalnox Product OverviewDan Barefoot
 
Open Data Center Alliance Workgroups, Usage Models and Roadmap Structure
Open Data Center Alliance Workgroups, Usage Models and Roadmap StructureOpen Data Center Alliance Workgroups, Usage Models and Roadmap Structure
Open Data Center Alliance Workgroups, Usage Models and Roadmap StructureOpen Data Center Alliance
 
WSO2 Quarterly Technical Update
WSO2 Quarterly Technical UpdateWSO2 Quarterly Technical Update
WSO2 Quarterly Technical UpdateWSO2
 
Mobile ECM: Using the Nuxeo Platform from mobile devices
Mobile ECM: Using the Nuxeo Platform from mobile devicesMobile ECM: Using the Nuxeo Platform from mobile devices
Mobile ECM: Using the Nuxeo Platform from mobile devicesNuxeo
 
Product Release Road-map Guide
Product Release Road-map GuideProduct Release Road-map Guide
Product Release Road-map GuideBim Akinfenwa
 
Savanna - Elastic Hadoop on OpenStack
Savanna - Elastic Hadoop on OpenStackSavanna - Elastic Hadoop on OpenStack
Savanna - Elastic Hadoop on OpenStackSergey Lukjanov
 
Roadmap for successful IT budgeting
Roadmap for successful IT budgetingRoadmap for successful IT budgeting
Roadmap for successful IT budgetingAbsoft Limited
 
Mr. Ravi Shankar Gopal | Roadmap for growth in nonwovens industry in india
Mr. Ravi Shankar Gopal | Roadmap for growth in nonwovens industry in indiaMr. Ravi Shankar Gopal | Roadmap for growth in nonwovens industry in india
Mr. Ravi Shankar Gopal | Roadmap for growth in nonwovens industry in indiadhaval2929
 
New Products - Template and Roadmap Best Practices
New Products - Template and Roadmap Best PracticesNew Products - Template and Roadmap Best Practices
New Products - Template and Roadmap Best Practicessarjanacoid
 
Introduction to GreenTouch
Introduction to GreenTouchIntroduction to GreenTouch
Introduction to GreenTouchgreentouch-org
 
PuppetConf 2016: A Roadmap for a Platform: Mixing Metaphors for Fun and Profi...
PuppetConf 2016: A Roadmap for a Platform: Mixing Metaphors for Fun and Profi...PuppetConf 2016: A Roadmap for a Platform: Mixing Metaphors for Fun and Profi...
PuppetConf 2016: A Roadmap for a Platform: Mixing Metaphors for Fun and Profi...Puppet
 
Change Presented ad A Project Roadmap: Infographic Template
Change Presented ad A Project Roadmap: Infographic TemplateChange Presented ad A Project Roadmap: Infographic Template
Change Presented ad A Project Roadmap: Infographic Templatedmdk12
 
PuppetConf 2016: Can You Manage Me Now? Humanizing Configuration Management a...
PuppetConf 2016: Can You Manage Me Now? Humanizing Configuration Management a...PuppetConf 2016: Can You Manage Me Now? Humanizing Configuration Management a...
PuppetConf 2016: Can You Manage Me Now? Humanizing Configuration Management a...Puppet
 

Destaque (20)

Louisville Infosec - Metasploit Class - Fuzzing and Exploit Development with ...
Louisville Infosec - Metasploit Class - Fuzzing and Exploit Development with ...Louisville Infosec - Metasploit Class - Fuzzing and Exploit Development with ...
Louisville Infosec - Metasploit Class - Fuzzing and Exploit Development with ...
 
Automatic tool for static analysis
Automatic tool for static analysisAutomatic tool for static analysis
Automatic tool for static analysis
 
Share point 2010 roadmap
Share point 2010 roadmapShare point 2010 roadmap
Share point 2010 roadmap
 
Gemtalk Product Roadmap
Gemtalk Product RoadmapGemtalk Product Roadmap
Gemtalk Product Roadmap
 
Technical roadmap 2015 - Nuxeo Tour 2014
Technical roadmap 2015 - Nuxeo Tour 2014Technical roadmap 2015 - Nuxeo Tour 2014
Technical roadmap 2015 - Nuxeo Tour 2014
 
Metalnox Product Overview
Metalnox Product OverviewMetalnox Product Overview
Metalnox Product Overview
 
Open Data Center Alliance Workgroups, Usage Models and Roadmap Structure
Open Data Center Alliance Workgroups, Usage Models and Roadmap StructureOpen Data Center Alliance Workgroups, Usage Models and Roadmap Structure
Open Data Center Alliance Workgroups, Usage Models and Roadmap Structure
 
WSO2 Quarterly Technical Update
WSO2 Quarterly Technical UpdateWSO2 Quarterly Technical Update
WSO2 Quarterly Technical Update
 
Mobile ECM: Using the Nuxeo Platform from mobile devices
Mobile ECM: Using the Nuxeo Platform from mobile devicesMobile ECM: Using the Nuxeo Platform from mobile devices
Mobile ECM: Using the Nuxeo Platform from mobile devices
 
Product Release Road-map Guide
Product Release Road-map GuideProduct Release Road-map Guide
Product Release Road-map Guide
 
Savanna - Elastic Hadoop on OpenStack
Savanna - Elastic Hadoop on OpenStackSavanna - Elastic Hadoop on OpenStack
Savanna - Elastic Hadoop on OpenStack
 
Roadmap for successful IT budgeting
Roadmap for successful IT budgetingRoadmap for successful IT budgeting
Roadmap for successful IT budgeting
 
Windows azure overview
Windows azure overviewWindows azure overview
Windows azure overview
 
Mr. Ravi Shankar Gopal | Roadmap for growth in nonwovens industry in india
Mr. Ravi Shankar Gopal | Roadmap for growth in nonwovens industry in indiaMr. Ravi Shankar Gopal | Roadmap for growth in nonwovens industry in india
Mr. Ravi Shankar Gopal | Roadmap for growth in nonwovens industry in india
 
New Products - Template and Roadmap Best Practices
New Products - Template and Roadmap Best PracticesNew Products - Template and Roadmap Best Practices
New Products - Template and Roadmap Best Practices
 
Introduction to GreenTouch
Introduction to GreenTouchIntroduction to GreenTouch
Introduction to GreenTouch
 
PuppetConf 2016: A Roadmap for a Platform: Mixing Metaphors for Fun and Profi...
PuppetConf 2016: A Roadmap for a Platform: Mixing Metaphors for Fun and Profi...PuppetConf 2016: A Roadmap for a Platform: Mixing Metaphors for Fun and Profi...
PuppetConf 2016: A Roadmap for a Platform: Mixing Metaphors for Fun and Profi...
 
Asap roadmap
Asap roadmapAsap roadmap
Asap roadmap
 
Change Presented ad A Project Roadmap: Infographic Template
Change Presented ad A Project Roadmap: Infographic TemplateChange Presented ad A Project Roadmap: Infographic Template
Change Presented ad A Project Roadmap: Infographic Template
 
PuppetConf 2016: Can You Manage Me Now? Humanizing Configuration Management a...
PuppetConf 2016: Can You Manage Me Now? Humanizing Configuration Management a...PuppetConf 2016: Can You Manage Me Now? Humanizing Configuration Management a...
PuppetConf 2016: Can You Manage Me Now? Humanizing Configuration Management a...
 

Semelhante a Reverse Engineering for exploit writers

Aspect-oriented programming in Perl
Aspect-oriented programming in PerlAspect-oriented programming in Perl
Aspect-oriented programming in Perlmegakott
 
Safetty systems intro_embedded_c
Safetty systems intro_embedded_cSafetty systems intro_embedded_c
Safetty systems intro_embedded_cMaria Cida Rosa
 
Compilation and Execution
Compilation and ExecutionCompilation and Execution
Compilation and ExecutionChong-Kuan Chen
 
(1) c sharp introduction_basics_dot_net
(1) c sharp introduction_basics_dot_net(1) c sharp introduction_basics_dot_net
(1) c sharp introduction_basics_dot_netNico Ludwig
 
Defcon 22 - Stitching numbers - generating rop payloads from in memory numbers
Defcon 22 - Stitching numbers - generating rop payloads from in memory numbersDefcon 22 - Stitching numbers - generating rop payloads from in memory numbers
Defcon 22 - Stitching numbers - generating rop payloads from in memory numbersAlexandre Moneger
 
Os Worthington
Os WorthingtonOs Worthington
Os Worthingtonoscon2007
 
Introduction to Assembly Language
Introduction to Assembly Language Introduction to Assembly Language
Introduction to Assembly Language ApekshaShinde6
 
Assembly language programming(unit 4)
Assembly language programming(unit 4)Assembly language programming(unit 4)
Assembly language programming(unit 4)Ashim Saha
 
Build your own discovery index of scholary e-resources
Build your own discovery index of scholary e-resourcesBuild your own discovery index of scholary e-resources
Build your own discovery index of scholary e-resourcesMartin Czygan
 
Php7 extensions workshop
Php7 extensions workshopPhp7 extensions workshop
Php7 extensions workshopjulien pauli
 

Semelhante a Reverse Engineering for exploit writers (20)

7986-lect 7.pdf
7986-lect 7.pdf7986-lect 7.pdf
7986-lect 7.pdf
 
Aspect-oriented programming in Perl
Aspect-oriented programming in PerlAspect-oriented programming in Perl
Aspect-oriented programming in Perl
 
Safetty systems intro_embedded_c
Safetty systems intro_embedded_cSafetty systems intro_embedded_c
Safetty systems intro_embedded_c
 
Compilation and Execution
Compilation and ExecutionCompilation and Execution
Compilation and Execution
 
Readme
ReadmeReadme
Readme
 
Embedded C.pptx
Embedded C.pptxEmbedded C.pptx
Embedded C.pptx
 
Lecture 01 2017
Lecture 01 2017Lecture 01 2017
Lecture 01 2017
 
(1) c sharp introduction_basics_dot_net
(1) c sharp introduction_basics_dot_net(1) c sharp introduction_basics_dot_net
(1) c sharp introduction_basics_dot_net
 
A Life of breakpoint
A Life of breakpointA Life of breakpoint
A Life of breakpoint
 
C notes.pdf
C notes.pdfC notes.pdf
C notes.pdf
 
Defcon 22 - Stitching numbers - generating rop payloads from in memory numbers
Defcon 22 - Stitching numbers - generating rop payloads from in memory numbersDefcon 22 - Stitching numbers - generating rop payloads from in memory numbers
Defcon 22 - Stitching numbers - generating rop payloads from in memory numbers
 
Dotnet basics
Dotnet basicsDotnet basics
Dotnet basics
 
Os Worthington
Os WorthingtonOs Worthington
Os Worthington
 
Technical Interview
Technical InterviewTechnical Interview
Technical Interview
 
Unit 2 ppt
Unit 2 pptUnit 2 ppt
Unit 2 ppt
 
Introduction to Assembly Language
Introduction to Assembly Language Introduction to Assembly Language
Introduction to Assembly Language
 
C# tutorial
C# tutorialC# tutorial
C# tutorial
 
Assembly language programming(unit 4)
Assembly language programming(unit 4)Assembly language programming(unit 4)
Assembly language programming(unit 4)
 
Build your own discovery index of scholary e-resources
Build your own discovery index of scholary e-resourcesBuild your own discovery index of scholary e-resources
Build your own discovery index of scholary e-resources
 
Php7 extensions workshop
Php7 extensions workshopPhp7 extensions workshop
Php7 extensions workshop
 

Mais de amiable_indian

Phishing As Tragedy of the Commons
Phishing As Tragedy of the CommonsPhishing As Tragedy of the Commons
Phishing As Tragedy of the Commonsamiable_indian
 
Cisco IOS Attack & Defense - The State of the Art
Cisco IOS Attack & Defense - The State of the Art Cisco IOS Attack & Defense - The State of the Art
Cisco IOS Attack & Defense - The State of the Art amiable_indian
 
Secrets of Top Pentesters
Secrets of Top PentestersSecrets of Top Pentesters
Secrets of Top Pentestersamiable_indian
 
Workshop on Wireless Security
Workshop on Wireless SecurityWorkshop on Wireless Security
Workshop on Wireless Securityamiable_indian
 
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...amiable_indian
 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CDamiable_indian
 
Reverse Engineering for exploit writers
Reverse Engineering for exploit writersReverse Engineering for exploit writers
Reverse Engineering for exploit writersamiable_indian
 
State of Cyber Law in India
State of Cyber Law in IndiaState of Cyber Law in India
State of Cyber Law in Indiaamiable_indian
 
AntiSpam - Understanding the good, the bad and the ugly
AntiSpam - Understanding the good, the bad and the uglyAntiSpam - Understanding the good, the bad and the ugly
AntiSpam - Understanding the good, the bad and the uglyamiable_indian
 
Reverse Engineering v/s Secure Coding
Reverse Engineering v/s Secure CodingReverse Engineering v/s Secure Coding
Reverse Engineering v/s Secure Codingamiable_indian
 
Network Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons LearnedNetwork Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons Learnedamiable_indian
 
Economic offenses through Credit Card Frauds Dissected
Economic offenses through Credit Card Frauds DissectedEconomic offenses through Credit Card Frauds Dissected
Economic offenses through Credit Card Frauds Dissectedamiable_indian
 
Immune IT: Moving from Security to Immunity
Immune IT: Moving from Security to ImmunityImmune IT: Moving from Security to Immunity
Immune IT: Moving from Security to Immunityamiable_indian
 
Hacking Client Side Insecurities
Hacking Client Side InsecuritiesHacking Client Side Insecurities
Hacking Client Side Insecuritiesamiable_indian
 
Web Exploit Finder Presentation
Web Exploit Finder PresentationWeb Exploit Finder Presentation
Web Exploit Finder Presentationamiable_indian
 
Network Security Data Visualization
Network Security Data VisualizationNetwork Security Data Visualization
Network Security Data Visualizationamiable_indian
 
Enhancing Computer Security via End-to-End Communication Visualization
Enhancing Computer Security via End-to-End Communication Visualization Enhancing Computer Security via End-to-End Communication Visualization
Enhancing Computer Security via End-to-End Communication Visualization amiable_indian
 
Top Network Vulnerabilities Over Time
Top Network Vulnerabilities Over TimeTop Network Vulnerabilities Over Time
Top Network Vulnerabilities Over Timeamiable_indian
 
What are the Business Security Metrics?
What are the Business Security Metrics? What are the Business Security Metrics?
What are the Business Security Metrics? amiable_indian
 
No Substitute for Ongoing Data, Quantification, Visualization, and Story-Telling
No Substitute for Ongoing Data, Quantification, Visualization, and Story-TellingNo Substitute for Ongoing Data, Quantification, Visualization, and Story-Telling
No Substitute for Ongoing Data, Quantification, Visualization, and Story-Tellingamiable_indian
 

Mais de amiable_indian (20)

Phishing As Tragedy of the Commons
Phishing As Tragedy of the CommonsPhishing As Tragedy of the Commons
Phishing As Tragedy of the Commons
 
Cisco IOS Attack & Defense - The State of the Art
Cisco IOS Attack & Defense - The State of the Art Cisco IOS Attack & Defense - The State of the Art
Cisco IOS Attack & Defense - The State of the Art
 
Secrets of Top Pentesters
Secrets of Top PentestersSecrets of Top Pentesters
Secrets of Top Pentesters
 
Workshop on Wireless Security
Workshop on Wireless SecurityWorkshop on Wireless Security
Workshop on Wireless Security
 
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CD
 
Reverse Engineering for exploit writers
Reverse Engineering for exploit writersReverse Engineering for exploit writers
Reverse Engineering for exploit writers
 
State of Cyber Law in India
State of Cyber Law in IndiaState of Cyber Law in India
State of Cyber Law in India
 
AntiSpam - Understanding the good, the bad and the ugly
AntiSpam - Understanding the good, the bad and the uglyAntiSpam - Understanding the good, the bad and the ugly
AntiSpam - Understanding the good, the bad and the ugly
 
Reverse Engineering v/s Secure Coding
Reverse Engineering v/s Secure CodingReverse Engineering v/s Secure Coding
Reverse Engineering v/s Secure Coding
 
Network Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons LearnedNetwork Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons Learned
 
Economic offenses through Credit Card Frauds Dissected
Economic offenses through Credit Card Frauds DissectedEconomic offenses through Credit Card Frauds Dissected
Economic offenses through Credit Card Frauds Dissected
 
Immune IT: Moving from Security to Immunity
Immune IT: Moving from Security to ImmunityImmune IT: Moving from Security to Immunity
Immune IT: Moving from Security to Immunity
 
Hacking Client Side Insecurities
Hacking Client Side InsecuritiesHacking Client Side Insecurities
Hacking Client Side Insecurities
 
Web Exploit Finder Presentation
Web Exploit Finder PresentationWeb Exploit Finder Presentation
Web Exploit Finder Presentation
 
Network Security Data Visualization
Network Security Data VisualizationNetwork Security Data Visualization
Network Security Data Visualization
 
Enhancing Computer Security via End-to-End Communication Visualization
Enhancing Computer Security via End-to-End Communication Visualization Enhancing Computer Security via End-to-End Communication Visualization
Enhancing Computer Security via End-to-End Communication Visualization
 
Top Network Vulnerabilities Over Time
Top Network Vulnerabilities Over TimeTop Network Vulnerabilities Over Time
Top Network Vulnerabilities Over Time
 
What are the Business Security Metrics?
What are the Business Security Metrics? What are the Business Security Metrics?
What are the Business Security Metrics?
 
No Substitute for Ongoing Data, Quantification, Visualization, and Story-Telling
No Substitute for Ongoing Data, Quantification, Visualization, and Story-TellingNo Substitute for Ongoing Data, Quantification, Visualization, and Story-Telling
No Substitute for Ongoing Data, Quantification, Visualization, and Story-Telling
 

Último

The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditSkynet Technologies
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 

Último (20)

The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance Audit
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 

Reverse Engineering for exploit writers

  • 1. Reverse Engineering for exploit writers Jonathan Brossard, iViZ Research Team Clubhack 2008 Pune, India
  • 2. Who Am I ? (and why am I writing this ??) We are recruting ! Send me your CVs at : [email_address]
  • 3.
  • 4. A (short) reminder of the ELF format A (short) reminder of the ELF format ©iViZ Techno Solutions Pvt Ltd.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10. - We know where the Segments are - We know where the Sections are located - The application has a symbol table ©iViZ Techno Solutions Pvt Ltd. Introducing the problem Before :
  • 11. After : ©iViZ Techno Solutions Pvt Ltd. Introducing the problem - We know where the Segments are : the loader/dynamic linker can still do their jobs - We don’t know where the Sections start/end - The application has no symbol table
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17. Increase the size of the binary to contain a new Section Header Table Modify the ELF Header to point to our new Section Header Table (via e_shoff) ©iViZ Techno Solutions Pvt Ltd. Refactoring the binary :
  • 18.
  • 19.
  • 20. Allocate (append) and update Section Headers accordingly (don’t forget to e_shnum++ in ELF Header). ©iViZ Techno Solutions Pvt Ltd. Refactoring the binary
  • 21. We can now use the binary with our usual disassemblers using libbfd. Disassemble the .text, and give names to the destination offsets of (un)conditional jumps and calls Update this list with labels corresponding to predictable offsets (eg: main()) and the content of the .dynamic section Add all those label/offset tuples to a symbol table (new section SHT_SYMTAB) at the end of the binary ©iViZ Techno Solutions Pvt Ltd. Refactoring the binary
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.
  • 29.
  • 30.