1 / 7

Discussions on Malcode

Introduction. Difference between Virus-WormInfects files/doesn'tRequires user interaction/doesn'tNot/network-basedNo common agreement. Writing Malcode. Why do people write malcode?Fame or fortune?How do you write a malcode?Choose a platformWhat is a "platform" from the standpoint of a virus?

beyonce
Télécharger la présentation

Discussions on Malcode

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. Discussions on Malcode Attila Ondi

    2. Introduction Difference between Virus-Worm Infects files/doesn't Requires user interaction/doesn't Not/network-based No common agreement

    3. Writing Malcode Why do people write malcode? Fame or fortune? How do you write a malcode? Choose a platform What is a "platform" from the standpoint of a virus? Turing machine Understand how the platform works Down to the last nuances Make it do what you want Preferably without the knowledge of the user... Multi-platform viruses?

    4. Buffer Overflow What is it? "Smashing the stack for fun and profit" by Aleph One Why is it dangerous? How does it work? How could it be prevented?

    5. Preventing Buffer Overflows Stack/architecture "Canary Boundary checking Signed/unsigned! Data execution prevention? Dynamic allocation? heap overflow http://www.w00w00.org/files/articles/heaptut.txt http://doc.bughunter.net/buffer-overflow/heap-corruption.html

    6. Preventing BOs (cont.) "Better" language design? Why are there still so many C/C++-based programs? Offset randomization? "On the Effectiveness of Address-Space Randomization" - http://www.stanford.edu/~blp/papers/asrandom.pdf "Returning to %esp (Circumventing the VA kernel patch For Fun and Profit)" - http://www.milw0rm.com/papers/94 Best practices Be aware of new attacks Don't trust the user Sanitize your input

    7. Conclusion Defense is harder than attack Attack surface No defense is perfect But (if implemented right) they make the execution of attacks more costly (time/knowledge) The Von-Neumann architecture is a double-edged sword Data and instructions are indistinguishable

More Related