Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Software Security : From school to reality and ...

zer0mem
May 22, 2015
Education
0
85

Software Security : From school to reality and back!

Presentation for University Komenskeho (Slovakia), cover introduction to software security, with connection to learned knowledge from school!

zer0mem

May 22, 2015
Tweet

More Decks by zer0mem

See All by zer0mem
Windows Kernel Exploitation : This Time Font hunt you down in 4bytes
zer0mem
0
400
When is something overflowing
zer0mem
0
380
Hacking - high school intro
zer0mem
1
140

Other Decks in Education

See All in Education
1106
cbtlibrary
0
410
Introduction - Lecture 1 - Web Technologies (1019888BNR)
signer
PRO
0
4.9k
Qualtricsで相互作用実験する「SMARTRIQS」入門編
kscscr
0
320
勉強したらどうなるの?
mineo_matsuya
9
6.4k
2024年度春学期 統計学 第15回 分布についての仮説を検証する ― 仮説検定(2) (2024. 7. 18)
akiraasano
PRO
0
140
Introduction - Lecture 1 - Human-Computer Interaction (1023841ANR)
signer
PRO
0
1.7k
Chapitre_1_-__L_atmosphère_et_la_vie_-_Partie_1.pdf
bernhardsvt
0
220
Library Prefects 2024-2025
cbtlibrary
0
110
Medicare 101 for 2025
robinlee
PRO
0
200
(2024) Couper un gâteau... sans connaître le nombre de convives
mansuy
2
140
Master of Applied Science & Engineering: Computer Science & Master of Science in Applied Informatics
signer
PRO
0
430
Amazon Connectを利用したCloudWatch Alarm電話通知
junghyeonjae
0
250

Featured

See All Featured
Build your cross-platform service in a week with App Engine
jlugia
229
18k
Fashionably flexible responsive web design (full day workshop)
malarkey
405
65k
The Illustrated Children's Guide to Kubernetes
chrisshort
48
48k
Optimising Largest Contentful Paint
csswizardry
33
2.9k
Designing the Hi-DPI Web
ddemaree
280
34k
Practical Orchestrator
shlominoach
186
10k
Rails Girls Zürich Keynote
gr2m
93
13k
VelocityConf: Rendering Performance Case Studies
addyosmani
325
24k
Measuring & Analyzing Core Web Vitals
bluesmoon
3
78
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
226
22k
Automating Front-end Workflow
addyosmani
1366
200k
BBQ
matthewcrist
85
9.3k

Transcript

  1. Software Security From school to reality and back!

  2. #outline * terminology * hacker-hats * From school * tools

    * competitions * progress * references

  3. Programing ? * Program : Transformation of question / task

    to math-logic problem * Code : Smart calculator based on sequences of reads and writes * Performance how smart you build logic of your calculator

  4. hacker http://en.wikipedia.org/wiki/Hacker Hacker (term), is a term used in computing

    that can describe several types of persons 1. Hacker (computer security) someone who seeks and exploits weaknesses in a computer system or computer network 2. Hacker (hobbyist), who makes innovative customizations or combinations of retail electronic and computer equipment 3. Hacker (programmer subculture), who combines excellence, playfulness, cleverness and exploration in performed activities

  5. vulnerability http://en.wikipedia.org/wiki/Vulnerability_(computing) In computer security, a vulnerability is a weakness

    which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw.[1] To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness. In this frame, vulnerability is also known as the attack surface

  6. exploitation http://en.wikipedia.org/wiki/Exploit_(computer_security) An exploit (from the English verb to exploit,

    meaning "using something to one’s own advantage") is a piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug or vulnerability in order to cause *UNINTENDED OR UNANTICIPATED BEHAVIOR* to occur on computer software, hardware, or something electronic (usually computerized). Such behavior frequently includes things like gaining control of a computer system, allowing privilege escalation, or a denial-of-service attack.

  7. Exploitation [??? guys] ▪ Hunt vulnerabilities – Write fuzzers, checkers,

    support tools … – Use 0days for their own reasons, cyber weapons, spying.. ▪ Invent / copy methodologies – Misuse hole in protection mechanism for attack! – Do 0day business with 3rd party – Keep their research private

  8. What ??? do

  9. Exploitation [good guys] ▪ Hunt vulnerabilities – Write fuzzers, checkers,

    support tools … – Report to vendors & Cooperate on fix ▪ Invent new methodologies – To uncover weakness of current protection mechanism – Cooperate on effective mitigations – Share research with community for faster improvement

  10. What good guys do

  11. CALC … Seriously ?!

  12. Attack chain • Social engineering • Vulnerability Attack vector :

    • Killing 0days proactive solution! Prevent to automatic install malware • Cure after- effects Dissecting malware If proactive fails Targeted attack here won already!

  13. Aftermath Low hanging fruits Poping calcs Good luck …

  14. ... It is all about bugs ... ▪ We are

    humans and making mistakes ▪ Many bugs in code, especially in large codebase ▪ OS introduce many defensive mechanism for effective mitigating techniques for exploiting bugs ▪ What every programmer should know – Algorithms – Designs problems & principles – CPU & Memory (& at least basic understanding of your compiler) – vulnerability classes – mitigation techniques – auditing tools

  15. Algorithms [RP, Tvorba efekt. algo.] ▪ Most of times you

    will not re-implement binary trees, fibonaci heaps, flow algo … ▪ But Algorithmic thinking helps you to find a way how to effective solve given problems ▪ It learns you out-of-box thinking ▪ BUT, Can also push you to the corners! ▪ Always keep in mind : PERFORMANCE > SECURITY is very *very* bad idea ▪ First think about design, later optimize! https://www.topcoder.com/community/data-science/data-science-tutorials/

  16. Design [Programovanie (3)] ▪ OOP is very effective way to

    build complex systems ▪ Reuse code, modularity, abstraction ▪ Keep clean code, descriptive naming, simple one purpose functions ▪ Keep focus on language features, and its newest development! ▪ Design patterns can help /show you generalization of problem ▪ But design patterns are *not* solution for everything ▪ Think about design patterns and use them when it is appropriate ▪ Good design leads to easier maintance, refactoring & review https://sourcemaking.com/design_patterns http://www.stroustrup.com/C++11FAQ.html

  17. MEMORY & CPU [Principy pocitacov] ▪ Understand memory & cpu

    – How are data stored – Instructions – assembler ▪ X86, arm ▪ Understand “program->compiler->assembly” – Variables – Functions – Loops & calls https://www.recurse.com/blog/5-learning-c-with-gdb https://www.recurse.com/blog/7-understanding-c-by-learning-assembly http://www.intel.com/content/www/us/en/processors/architectures-software-developer-manuals.html

  18. SAT Solvers [FOJA, Algebra] ▪ Magic Blackbox with right answer

    – Boolean Satisfiability Problem ▪ Based on Boolean algebra ▪ NP-complete , but some optimalization used  ▪ Appropriate & smart formulation of problem (part of problem), helps in fuzzers and explotation as well ▪ Competition of sat solvers! http://www.quarkslab.com/dl/StHack2015-Dynamic-Behavior-Analysis-using- Binary-Instrumentation-Jonathan-Salwan.pdf https://github.com/0vercl0k/z3-playground/blob/master/hackingweek- reverse400_z3.py http://en.wikipedia.org/wiki/Boolean_satisfiability_problem http://www.satcompetition.org/

  19. bugs & bugs http://www.sublimetext.com/ http://en.wikipedia.org/wiki/Buffer_overflow

  20. CODE : Bubble sort ? http://www.vim.org/ https://inguma.eu/projects/bokken

  21. VULNERABILITY Bubble sort ! As signed numbers can represent NEGATIVE

    numbers, they lose a range of positive numbers that can only be represented with unsigned numbers of the same size (in bits) because roughly half the possible values are non-positive values (so if an 8- bit is signed, positive unsigned values 128 to 255 are gone while -128 to 127 are present). Unsigned variables can dedicate all the possible values to the positive number range. https://www.visualstudio.com/ en-us/products/visual-studio-community-vs.aspx

  22. EXPLOITATION Bubble sort !

  23. Some of hardening Stack canaries Memory allocation randomiza tion Memory

    object separation DEP i want exec Those are data

  24. How to Start … tools, competitions …

  25. IDE (+ plugins!) programming environment • Visual Studio 2013 (community

    edition) • Vim • Sublime

  26. REVERSE ENGENEERING • bokken • windbg • gdb (lldb)

  27. Virtual machine + emulators • Virtual Box • Bochsd •

    Qemu

  28. Additional tools (win) • ConEmu (far manager) • Hiew •

    cygwin

  29. Additional tools • Z3 • Capstone • Git • Process

    explorer

  30. ALGO - COMPETITIONS

  31. CTF - COMPETITIONS

  32. Final words … advices, references …

  33. SELF – learning For ever and ever best approach *DO

    SPORT* Keep balanced body and mind essential for creative ideas ;) HARDwork Push 110% to everything in your life (learning, sport, work, study, …)

  34. #whoami * Peter Hlavaty - @zer0mem * GJH (2004-2008) *

    Matfyz (2008-2010) * ESET (2010-2014) * KEEN (2014-…) * Conferences (…) * Lectures (…) * Pwn Events (...) Feel free to ContacT me I will try to help (with some delay +- :)

  35. tweets ▪ @aionescu ▪ @Ivanlef0u ▪ @K33nTeam ▪ @binitamshah ▪

    @taviso ▪ @team509 ▪ @mdowd ▪ @d_olex ▪ @grsecurity ▪ @kernelpool ▪ @gynvael ▪ @j00ru ▪ @lcamtuf ▪ @0verl0ck ▪ @matrosov ▪ @vxradius ▪ @trimosx ▪ @solardiz

  36. References - tools editor: http://www.vim.org/ https://www.visualstudio.com/en-us/ products/visual-studio-community-vs.aspx http://www.sublimetext.com/ re :

    https://inguma.eu/projects/bokken http://www.radare.org/r/ http://www.capstone-engine.org/ http://www.windbg.org/ https://msdn.microsoft.com/en- us/library/windows/hardware/ff551063(v=vs.85).aspx http://www.gnu.org/software/gdb/ http://lldb.llvm.org/ virtual : https://www.virtualbox.org/ http://bochs.sourceforge.net/ http://wiki.qemu.org/Main_Page tools: http://www.farmanager.com/ http://www.hiew.ru/ http://conemu.github.io/ https://www.cygwin.com/ https://github.com/Z3Prover/z3 http://rise4fun.com/z3/tutorial http://www.capstone-engine.org/ https://github.com/ https://technet.microsoft.com/sk- sk/sysinternals/bb896653

  37. References - events http://ctf.codegate.org/ https://ctf.0ops.sjtu.cn/ https://legitbs.net/ http://ghostintheshellcode.com/ http://play.plaidctf.com/ https://ctf.dragonsector.pl/ https://github.com/ctfs/write-ups-2015/

    http://uva.onlinejudge.org/ https://www.topcoder.com/community/data-science/data- science-tutorials/ https://arena.topcoder.com/#/a/home http://zenit.edu.sk/ https://www.ksp.sk/ http://people.ksp.sk/~acm/welcome.php