Writing Stack Based Overflows on Windows
Results 1 to 3 of 3

Thread: Writing Stack Based Overflows on Windows

  1. #1
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914

    Writing Stack Based Overflows on Windows

    Hey Hey,

    So here's a prime example of what will go in the AO External Tutorial DB when it's finished but until then we'll keep throwing stuff on here..

    http://www.securitycompass.com/Case%20Studies.htm

    Part I Basic Concepts
    Part II - Windows Assembly for writing Exploits
    Part III - Stack Overflows
    Part IV Shell Code Creation and Exploiting An Application Remotely
    Appendix V Source Code Used In Articles

    The articles released this week introduce basic concepts of of memory management, and assembly. Next week the next two articles will be released.
    The articles also have a Mini Exercise section, the solutions for which will be provided on November 20th. If you would like us to put your solution in, please send us an email at articles[a-t]securitycompass.com with the subject solution in it. The best solution shall be published as a link here
    Other articles on this same page include:
    Exploiting And Defending Networks
    Exploiting And Defending Web Applications
    Analyzing Code for Security Defects

    I haven't read it yet, but I plan on looking into it shortly (I have to pass my work day boredom somehow)

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  2. #2
    Senior Member
    Join Date
    Mar 2003
    Posts
    372
    I have been following this since they released the first chapter a while back. It is a decent write up, but it is not and end all/be all of stack overflows. It does give a great overview in to the world of buffer overflows.

    If you want to go further indepth on this topic then there are a couple of books that I would recommend if you are interested. The first is Buffer Overflow Attacks by James C. Foster and that has Nisha Bhalla (the guy that wrote the short papers linked) as a co-author.

    The other one is also by James Foster and is called Sockets, Shellcode, Porting, and Coding : Reverse Engineering Exploits and Tool Coding for Security Professionals. This one is not directly pertaining to overflows but it gives great insight in to security coding and links very well with the other book.

    The second book is pretty hardcore, and assumes that you have some programming skills. The first one isn't nearly as difficult to follow for the novice programmer though it /does/ have some hard to follow sections

    All in all I say those two books will put you firmly on the course of finding and developing your own overflows. They also will give you a very good foundation for reviewing code in your organization and helping to secure any applications that your company may produce.

    Give a man a match and he will be warm for a while, light him on fire and he will be warm for the rest of his life.

  3. #3
    Senior Member treanglin's Avatar
    Join Date
    Dec 2003
    Posts
    110
    I read that Sockets, Shellcode, Porting, and Coding : Reverse Engineering Exploits and Tool Coding for Security Professionals a few months ago in Barnes & Noble. It was very very insightful. I never had the money to buy it though. (College student) As soon as I do save up a few I'm sure I'll add that book to my collection though.
    "Do you know why the system is slow?" they ask

    "It's probably something to do with..." I look up today's excuse ".. clock speed"
    -BOFH

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •