Improving Software Security Analysis using Exploitation Properties

Abstract:

Reliable exploitation of software vulnerabilities has continued to become more difficult as formidable mitigations have been established and are now included by default with most modern operating systems. Future exploitation of software vulnerabilities will rely on either discovering ways to circumvent these mitigations or uncovering flaws that are not adequately protected. Since the majority of the mitigations that exist today lack universal bypass techniques, it has become more fruitful to take the latter approach. It is in this vein that this paper introduces the concept of exploitation properties and describes how they can be used to better understand the exploitability of a system irrespective of a particular vulnerability. Perceived exploitability is of utmost importance to both an attacker and to a defender given the presence of modern mitigations. The ANI vulnerability (MS07-017) is used to help illustrate these points by acting as a simple example of a vulnerability that may have been more easily identified as code that should have received additional scrutiny by taking exploitation properties into consideration.

---

• Introduction
• Exploitation Properties
  • Platform Properties
  • Process Properties
  • Module Properties
    • No Support for ASLR
    • No Support for SafeSEH
  • Function Properties
    • Absence of GuardStack
    • Partial Overwrite Feasibility
    • Function or Parent Registers an Exception Handler
    • Function is an Exception Handler
  
  
• Case Study: MS07-017
  • Background
  • Detection
  • Test Case
  • Results
  
  
• Potential Uses
• Future Work
• Conclusion
• Bibliography
• About this document ...

---

Network Security Data Visualization

| View | Upload your own

What Every Engineer Needs to Know About Web Security and Where to Learn It

Presenter: Neil Daswani



This talk discusses recent trends in security, and what every engineer needs to know to prevent the most significant emerging threats such as cross-site scripting and SQL injection attacks. Just as every engineer might use object-oriented design principles to achieve extensibility and re-usability, every engineer needs to employ principles such as the principle of least privilege, fail-safe stance, and protecting against the weakest link to achieve security. Instead of focusing on "tips" and "tricks" that allow you to "band-aid" the security of your systems, we discuss how to derive defenses based on the application of security principles, such that you can determine how to deal with new threats as they come along or application-specific threats that might be relevant to your domain. Finally, we present some statistics on the current state of software security vulnerabilities, and discuss existing and upcoming challenges in the field of software security.

How to Break Web Software

Presenter: Mike Andrews



Mike Andrews looks at how web applications are attacked, walks through a testing framework for evaluating the security of an application and takes some deep-dives into a few interesting and common vulnerabilities and how they can be exploited.

Analysis of Compromised Linux Server

These slides demonstrate the process used to analyze a compromised (hacked) Linux Server.

| View | Upload your own

How not to get hacked!

The common ways that web applications can be attacked and what you need to do to prevent it.

| View | Upload your own

Tactical Exploitation - Black Hat USA 2007

| View | Upload your own