Exploring and Exploiting the SQLite

Exploring and Exploiting the SQLite

Hack In The Box Security Conference via YouTube Direct link

Differences from Google's (1)

12 of 31

12 of 31

Differences from Google's (1)

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

Exploring and Exploiting the SQLite

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 Tencent Blade Team
  3. 3 Agenda
  4. 4 The Magellan 2.0
  5. 5 Vulnerabilities or Bugs Found by the Fuzzer
  6. 6 Auditing Strategies: Blobs
  7. 7 Auditing Strategies: The memory operations
  8. 8 Auditing Strategies: Special Commands
  9. 9 Shadow Tables
  10. 10 Structure-Aware Fuzzing
  11. 11 How the Fuzzer is Implemented
  12. 12 Differences from Google's (1)
  13. 13 Raw Data
  14. 14 Generated Testcase
  15. 15 Preparations
  16. 16 Initial Queries of the Fuzzer
  17. 17 The Structure opdata_16
  18. 18 Example of Translating Opcode to Query
  19. 19 Table Selector and Column Selector
  20. 20 SQL Operation Selector
  21. 21 Get Data from Data Provider
  22. 22 Run Generated SQL Queries
  23. 23 Bypass the Defense-In-Depth
  24. 24 It's a Little Bit' Tough
  25. 25 Let's Make Some Fake Objects
  26. 26 Stabilize the Heap and the RCE
  27. 27 Get Uninitialized Heap Data
  28. 28 Overwrite the sqlite3Config
  29. 29 Set the Memory Page to RWX
  30. 30 Restore the Stack
  31. 31 Conclusion

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.