Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

IDS Evasion Design Tricks for Buffer Overflow Exploits

Black Hat via YouTube

Overview

Explore advanced techniques for evading Intrusion Detection Systems (IDS) when designing buffer overflow exploits in this 40-minute Black Hat Europe 2001 conference talk by Anders Ingeborn. Delve into concepts such as mismanaged bounds checks, size restrictions, and double injection methods. Learn how to find socket descriptors, calculate return addresses, and handle function calls effectively. Examine practical scenarios, including server exploitation through initial and secondary payloads. Gain insights into restoring internal registers, understanding the benefits of these techniques, and potential IDS countermeasures. Enhance your knowledge of exploit development and security vulnerabilities while considering the ethical implications and defensive strategies against such attacks.

Syllabus

Intro
Brief reminder
Simple illustration
Mismanaged bounds check
Size restrictions?
250 bytes example
Another design concept
Double injection
How to find descriptor
"Might" be possible?
Correct return address?
Pop another frame
Situation #1 illustrated
Calculate return address
Function calls
Why do they look like this?
Clean return requirement
Server
Initial injection
First payload
Find socket descriptor
Using the socket
Second payload
Still using the same socket
Finding return address
Code
Restore internal registers
Summary
Benefits
IDS Countermeasures
Other countermeasures
Questions?

Taught by

Black Hat

Reviews

Start your review of IDS Evasion Design Tricks for Buffer Overflow Exploits

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.