nullcon 2010 - Intelligent debugging and in memory fuzzing
•Transferir como PPT, PDF•
2 gostaram•1,483 visualizações
This document discusses intelligent debugging techniques and in-memory fuzzing. It covers attaching processes for debugging, different types of debugging events, concepts of breakpoints like soft, hard and memory breakpoints. It also discusses hooking techniques like soft and hard hooking. The document demonstrates in-memory fuzzing by taking snapshots of processes, allocating memory, mutating data and restoring processes to find bugs. Python libraries for debugging like Pydbg, IDAPython and fuzzing like PeachFuzz, Sulley are also mentioned.
![typedef struct presentation { ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],nullcon Goa 2010 http://nullcon.net](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7)
Recomendados
Recomendados
Mais conteúdo relacionado
Mais procurados
Mais procurados (20)
Semelhante a nullcon 2010 - Intelligent debugging and in memory fuzzing
Semelhante a nullcon 2010 - Intelligent debugging and in memory fuzzing (20)
Mais de n|u - The Open Security Community
Mais de n|u - The Open Security Community (20)
Último
Último (20)
nullcon 2010 - Intelligent debugging and in memory fuzzing
- 1. Intelligent Debugging and in-memory Fuzzers By Vishwas Sharma Amandeep Bharti Rohan Thakur nullcon Goa 2010 http://nullcon.net
- 4. func Attach/Load { HANDLE WINAPI OpenProcess (Attaching) Return process handler BOOL WINAPI CreateProcess (Loading) One of the output variable is process handler of loaded process BOOL WINAPI DebugActiveProcess Attach to an active process nullcon Goa 2010 http://nullcon.net
- 5. func DebugEvents { BOOL WINAPI WaitForDebugEvent Wait for any debugging event if and when a perticular debugging event is triggered handle the event as you require BOOL WINAPI ContinueDebugEvent Continue Looking for debugging events BOOL WINAPI DebugActiveProcessStop Detach to process from debugging enviornment nullcon Goa 2010 http://nullcon.net
- 6. func DebugEvents { typedef struct _DEBUG_EVENT { DWORD dwDebugEventCode; DWORD dwProcessId; DWORD dwThreadId; union { EXCEPTION_DEBUG_INFO Exception; Event is thrown whenever an exception occurs in the application being debugged. CREATE_THREAD_DEBUG_INFO CreateThread; Event is thrown when thread is created in the process CREATE_PROCESS_DEBUG_INFO CreateProcessInfo; Event is thrown when a process is created EXIT_THREAD_DEBUG_INFO ExitThread; Event is Triggered when Thread Exits EXIT_PROCESS_DEBUG_INFO ExitProcess; Event is Triggered when Process Exits nullcon Goa 2010 http://nullcon.net
- 7. func DebugEvents { LOAD_DLL_DEBUG_INFO LoadDll; Event is thrown when a dll is Loaded UNLOAD_DLL_DEBUG_INFO UnloadDll; Event is thrown when a dll is unloaded OUTPUT_DEBUG_STRING_INFO DebugString; Event occurs when the debugee calls the API call OutputDebugString to send debugging information to a debugger RIP_INFO RipInfo; Event is triggered if your process being debugged dies unexpectedly nullcon Goa 2010 http://nullcon.net
- 17. nullcon Goa 2010 http://nullcon.net
- 19. In-Memory Fuzzing nullcon Goa 2010 http://nullcon.net
- 23. Demo nullcon Goa 2010 http://nullcon.net
- 24. nullcon Goa 2010 http://nullcon.net
- 25. nullcon Goa 2010 http://nullcon.net
- 26. nullcon Goa 2010 http://nullcon.net
- 27. Demo nullcon Goa 2010 http://nullcon.net
- 29. Questions nullcon Goa 2010 http://nullcon.net