Dive into advanced buffer overflow techniques in this Black Hat USA 2000 conference talk by Greg Hoglund. Explore attack theory, injection vectors, and payload types while learning about the challenges of buffer overflow injection. Examine stack injection techniques, address housekeeping, and endianness considerations. Discover strategies for payload placement, including confined payloads and using more stack space. Investigate HEAP trespassing, VTABLE overwriting, and XOR protection. Compare hardcoded function calls with dynamic function loading, and understand the pros and cons of each approach. Gain insights into HASH loading and CRC checking in this comprehensive exploration of advanced buffer overflow methods.
Overview
Syllabus
Intro
Attack Theory
Entry -vs- Effect
Injection Vector
Injector/Payload Pairs
Types of Injection
Who writes Injector Code?
How hard can it hit?
Buffer Overflow Injection
Challenges
Stack Injection
Address Housekeeping
Stack Overflow
Little and Big Endian
Where to put the payload
Confined Payload
Using more stack for payload
Large payload, Lowland address
A register points to the stack
Call thru a Register
Push a register then return
NOP Sled
Trespassing the HEAP
Overwrite the VTABLE
Overwrite VTABLE
Getting Bearings
XOR Protection
XOR again to decode
Hardcoded Function Calls
Pros/Cons to hard coding
Dynamic Function Loading
HASH Loading
Check CRC's
Taught by
Black Hat
