Video Converter
Audio Converter
Image Converter
PDF Converter
File Compressor
malicious code malicious code

Malicious Code Malicious Code for Fun and Profit for Fun and - PowerPoint PPT Presentation

Mar 14, 2023 •206 likes •1.16k views

Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu mihai@cs.wisc.edu 10 March 2005 What is Malicious Code? What is Malicious Code? Viruses, worms, trojans, Code that breaks your security policy.

  1. Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu mihai@cs.wisc.edu 10 March 2005

  2. What is Malicious Code? What is Malicious Code? Viruses, worms, trojans, … Code that breaks your security policy. Attack vector Characteristics Payload Spreading algorithm 10 March 2005 Mihai Christodorescu 2

  3. Outline Outline • Attack Vectors • Payloads • Spreading Algorithms • Case Studies 10 March 2005 Mihai Christodorescu 3

  4. Attack Vectors Attack Vectors • Social engineering “Make them want to run it.” • Vulnerability exploitation “Force your way into the system.” • Piggybacking “Make it run when other programs run.” 10 March 2005 Mihai Christodorescu 4

  5. Social Engineering Social Engineering • Suggest to user that the executable is: – A game. – A desirable picture/movie. – An important document. – A security update from Microsoft. – A security update from the IT department. • Spoofing the sender helps. 10 March 2005 Mihai Christodorescu 5

  6. Outline Outline • Attack Vectors: � Social Engineering � Vulnerability Exploitation � Piggybacking • Payloads • Spreading Algorithms • Case Studies 10 March 2005 Mihai Christodorescu 6

  7. Vulnerability Exploitation Vulnerability Exploitation • Make use of flaws in software input handling. • Sample techniques: – Buffer overflow attacks. – Format string attacks. – Return-to-libc attacks. – SQL injection attacks. 10 March 2005 Mihai Christodorescu 7

  8. Buffer Basic Principles Basic Principles Overflows A buffer overflow occurs when data is stored past the boundaries of an array or a string. The additional data now overwrites nearby program variables. Result: Attacker controls or takes over a currently running process. 10 March 2005 Mihai Christodorescu 8

  9. Buffer Example Example Overflows Expected input: \\hostname\path void process_request( char * req ) { // Get hostname char host[ 20 ]; int pos = find_char( req, ‘\\’, 2 ); strcpy( host, substr( req, 2, pos – 1 ) ); ... return; } 10 March 2005 Mihai Christodorescu 9

  10. Buffer Example Example Overflows Expected input: \\hostname\path void process_request( char * req ) { // Get hostname char host[ 20 ]; int pos = find_char( req, ‘\\’, 2 ); strcpy( host, substr( req, 2, pos – 1 ) ); ... process_request( “\\tux12\usr\foo.txt” ); ⇒ � OK return; } 10 March 2005 Mihai Christodorescu 10

  11. Buffer Example Example Overflows Expected input: \\hostname\path void process_request( char * req ) { // Get hostname char host[ 20 ]; int pos = find_char( req, ‘\\’, 2 ); strcpy( host, substr( req, 2, pos – 1 ) ); ... process_request( “\\tux12\usr\foo.txt” ); ⇒ � OK return; process_request( “\\aaabbbcccdddeeefffggghhh\bar” ); ⇒ � BAD } 10 March 2005 Mihai Christodorescu 11

  12. Buffer Program Stack Program Stack Overflows A stack frame per procedure call. void process_request( char * req ) { // Get hostname char host[ 20 ]; int pos = find_char( req, ‘\\’, 2 ); strcpy( host, substr( req, 2, pos – 1 ) ); ... return; } 10 March 2005 Mihai Christodorescu 12

  13. Buffer Program Stack Program Stack Overflows A stack frame per procedure call. main() void process_request( char * req ) { process_request() // Get hostname char host[ 20 ]; int pos = find_char( req, ‘\\’, 2 ); strcpy( host, substr( req, 2, pos – 1 ) ); ... return; } strcpy() 10 March 2005 Mihai Christodorescu 13

  14. Buffer Program Stack Program Stack Overflows A stack frame per procedure call. main() void process_request( char * req ) { process_request() // Get hostname char host[ 20 ]; int pos = find_char( req, ‘\\’, 2 ); strcpy( host, substr( req, 2, pos – 1 ) ); ... return; } strcpy() 10 March 2005 Mihai Christodorescu 14

  15. Buffer Program Stack Program Stack Overflows A stack frame per procedure call. main() arg: req eq void process_request( char * req ) { process_request() // Get hostname char host[ 20 ]; int pos = find_char( req, ‘\\’, 2 ); strcpy( host, substr( req, 2, pos – 1 ) ); ... return; } strcpy() 10 March 2005 Mihai Christodorescu 15

  16. Buffer Program Stack Program Stack Overflows A stack frame per procedure call. main() arg: req eq void process_request( char * req ) { return address process_request() // Get hostname frame pointer char host[ 20 ]; int pos = find_char( req, ‘\\’, 2 ); strcpy( host, substr( req, 2, pos – 1 ) ); ... return; } strcpy() 10 March 2005 Mihai Christodorescu 16

  17. Buffer Program Stack Program Stack Overflows A stack frame per procedure call. main() arg: req eq void process_request( char * req ) { return address process_request() // Get hostname frame pointer char host[ 20 ]; int pos = find_char( req, ‘\\’, 2 ); strcpy( host, substr( req, 2, pos – 1 ) ); local: host host ... return; } strcpy() 10 March 2005 Mihai Christodorescu 17

  18. Buffer Program Stack Program Stack Overflows A stack frame per procedure call. main() arg: req eq void process_request( char * req ) { return address process_request() // Get hostname frame pointer char host[ 20 ]; int pos = find_char( req, ‘\\’, 2 ); strcpy( host, substr( req, 2, pos – 1 ) ); local: host host ... return; } local: pos pos strcpy() 10 March 2005 Mihai Christodorescu 18

  19. Buffer Normal Execution Normal Execution Overflows process_request( “\\tux12\usr\foo.txt” ); main() arg: req eq void process_request( char * req ) { return address process_request() // Get hostname frame pointer char host[ 20 ]; int pos = find_char( req, ‘\\’, 2 ); strcpy( host, substr( req, 2, pos – 1 ) ); local: host host ... return; } local: pos pos 10 March 2005 Mihai Christodorescu 19

  20. Buffer Normal Execution Normal Execution Overflows process_request( “\\tux12\usr\foo.txt” ); main() arg: req eq void process_request( char * req ) { return address process_request() // Get hostname frame pointer char host[ 20 ]; int pos = find_char( req, ‘\\’, 2 ); strcpy( host, substr( req, 2, pos – 1 ) ); local: host host ... return; } local: pos pos 7 10 March 2005 Mihai Christodorescu 20

  21. Buffer Normal Execution Normal Execution Overflows process_request( “\\tux12\usr\foo.txt” ); main() arg: req eq void process_request( char * req ) { return address process_request() // Get hostname frame pointer char host[ 20 ]; int pos = find_char( req, ‘\\’, 2 ); strcpy( host, substr( req, 2, pos – 1 ) ); local: host host ... return; t } local: pos pos 7 10 March 2005 Mihai Christodorescu 21

  22. Buffer Normal Execution Normal Execution Overflows process_request( “\\tux12\usr\foo.txt” ); main() arg: req eq void process_request( char * req ) { return address process_request() // Get hostname frame pointer char host[ 20 ]; int pos = find_char( req, ‘\\’, 2 ); strcpy( host, substr( req, 2, pos – 1 ) ); local: host host ... return; t u } local: pos pos 7 10 March 2005 Mihai Christodorescu 22

  23. Buffer Normal Execution Normal Execution Overflows process_request( “\\tux12\usr\foo.txt” ); main() arg: req eq void process_request( char * req ) { return address process_request() // Get hostname frame pointer char host[ 20 ]; int pos = find_char( req, ‘\\’, 2 ); strcpy( host, substr( req, 2, pos – 1 ) ); local: host host ... return; t u x } local: pos pos 7 10 March 2005 Mihai Christodorescu 23

  24. Buffer Normal Execution Normal Execution Overflows process_request( “\\tux12\usr\foo.txt” ); main() arg: req eq void process_request( char * req ) { return address process_request() // Get hostname frame pointer char host[ 20 ]; int pos = find_char( req, ‘\\’, 2 ); strcpy( host, substr( req, 2, pos – 1 ) ); local: host host ... return; t u x 1 } local: pos pos 7 10 March 2005 Mihai Christodorescu 24

  25. Buffer Normal Execution Normal Execution Overflows process_request( “\\tux12\usr\foo.txt” ); main() arg: req eq void process_request( char * req ) { return address process_request() // Get hostname frame pointer char host[ 20 ]; int pos = find_char( req, ‘\\’, 2 ); strcpy( host, substr( req, 2, pos – 1 ) ); local: host host ... 2 return; t u x 1 } local: pos pos 7 10 March 2005 Mihai Christodorescu 25

  26. Buffer Normal Execution Normal Execution Overflows process_request( “\\tux12\usr\foo.txt” ); main() arg: req eq void process_request( char * req ) { return address process_request() // Get hostname frame pointer char host[ 20 ]; int pos = find_char( req, ‘\\’, 2 ); strcpy( host, substr( req, 2, pos – 1 ) ); local: host host ... 2 \0 return; t u x 1 } local: pos pos 7 10 March 2005 Mihai Christodorescu 26

  27. Buffer Overflow Execution Overflow Execution Overflows process_request( “\\aaabbbcccdddeeefffggghhhiiijjj\bar” ); main() arg: req eq void process_request( char * req ) { return address process_request() // Get hostname frame pointer char host[ 20 ]; int pos = find_char( req, ‘\\’, 2 ); strcpy( host, substr( req, 2, pos – 1 ) ); local: host host ... return; } local: pos pos 32 10 March 2005 Mihai Christodorescu 27

Recommend

Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu

Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu

Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu mihai@cs.wisc.edu 23 March 2006 What is Malicious Code? What is Malicious Code? Viruses, worms, trojans, Code that breaks your security policy.

707 views • 69 slides
Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu

Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu

Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu mihai@cs.wisc.edu 29 March 2007 SYN Cookies (contd) SYN Cookies (contd) SYN cookies are particular choices of initial TCP sequence numbers

870 views • 62 slides
Lines of Malicious Code: Insights Into the Malicious Software Industry Martina Lindorfer

Lines of Malicious Code: Insights Into the Malicious Software Industry Martina Lindorfer

Lines of Malicious Code: Insights Into the Malicious Software Industry Martina Lindorfer Vienna University of Technology Alessandro Di Federico Politecnico di Milano Federico Maggi Politecnico di Milano Paolo Milani Comparetti Vienna

570 views • 27 slides
Two Round Information-Theoretic MPC with Malicious Security Prabhanjan Ananth Arka Rai

Two Round Information-Theoretic MPC with Malicious Security Prabhanjan Ananth Arka Rai

Two Round Information-Theoretic MPC with Malicious Security Prabhanjan Ananth Arka Rai Choudhuri Aarushi Goel Abhishek Jain EUROCRYPT 2019 Adversarial Model Adversarial Model Malicious Adversary Adversarial Model Malicious Adversary

1.11k views • 57 slides
Malicious Software Countermeasures Summary ITS335: IT Security Sirindhorn International

Malicious Software Countermeasures Summary ITS335: IT Security Sirindhorn International

ITS335 Malicious Software Malicious Software Propagation Payload Malicious Software Countermeasures Summary ITS335: IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 25 October

677 views • 30 slides
Two Round Information-Theoretic MPC with Malicious Security Prabhanjan Ananth Arka Rai

Two Round Information-Theoretic MPC with Malicious Security Prabhanjan Ananth Arka Rai

Two Round Information-Theoretic MPC with Malicious Security Prabhanjan Ananth Arka Rai Choudhuri Aarushi Goel Abhishek Jain TPMPC 2019 Adversarial Model Adversarial Model Malicious Adversary Adversarial Model Malicious Adversary

927 views • 69 slides
Malicious Code Karlstads universitet mCrowds: Anonymity for the mobile Internet Karlstads

Malicious Code Karlstads universitet mCrowds: Anonymity for the mobile Internet Karlstads

2005-10-12 Malicious Code an Increasing Problem Malicious Code Karlstads universitet mCrowds: Anonymity for the mobile Internet Karlstads universitet DAV C19 Applied Security 2 Datavetenskap 2005-10-12 Datavetenskap 2005-10-12 Media

444 views • 7 slides
Malicious Code and Access Control in SDN SPRING14 , 31.7. 1.8.2014 Hans Christian Rpke

Malicious Code and Access Control in SDN SPRING14 , 31.7. 1.8.2014 Hans Christian Rpke

Malicious Code and Access Control in SDN SPRING14 , 31.7. 1.8.2014 Hans Christian Rpke Chair for System Security 1 Introduction 2 Malicious Code in SDN 3 Access Control in SDN 4 Conclusions Software-Defined Networks|Horst Grtz

421 views • 19 slides
MALWARE: VIRUSES CMSC 414 FEB 08 2018 MALWARE Malicious code that is stored on and runs

MALWARE: VIRUSES CMSC 414 FEB 08 2018 MALWARE Malicious code that is stored on and runs

MALWARE: VIRUSES CMSC 414 FEB 08 2018 MALWARE Malicious code that is stored on and runs on a victims system How does it get to run? Attacks a user- or network-facing vulnerable service Backdoor: Added by a malicious

1.02k views • 81 slides
Viruses based on slides by Vitaly Shmatikov and Ninghui Li Malware Malicious code often

Viruses based on slides by Vitaly Shmatikov and Ninghui Li Malware Malicious code often

Viruses based on slides by Vitaly Shmatikov and Ninghui Li Malware Malicious code often masquerades as good software or attaches itself to good software Some malicious programs need host programs Trojan horses, logic bombs, viruses

628 views • 40 slides
Code Generation Machine code generation cs4713 1 Machine code generation machine Intermediate

Code Generation Machine code generation cs4713 1 Machine code generation machine Intermediate

Code Generation Machine code generation cs4713 1 Machine code generation machine Intermediate Code optimizer Code generator Code generator Input: intermediate code + symbol tables In our case, three-address code All variables

719 views • 38 slides
{Sequential Code} {Sequential Code} {Sequential Code} {Sequential Code} {Sequential Code}

{Sequential Code} {Sequential Code} {Sequential Code} {Sequential Code} {Sequential Code}

{Sequential Code} {Sequential Code} {Sequential Code} {Sequential Code} {Sequential Code} {MapReduce Code} for (int i=0; i < $in.size(); ++i) { if ($in.get(i) > $c) $out.add($in.get(i)); } for (int i=0; i <

375 views • 33 slides
CURRENT ISSUES OF MALICIOUS DOMAINS BLOCKING Tuesday 9 th April, 2019 Stanislav paek Martin

CURRENT ISSUES OF MALICIOUS DOMAINS BLOCKING Tuesday 9 th April, 2019 Stanislav paek Martin

CURRENT ISSUES OF MALICIOUS DOMAINS BLOCKING Tuesday 9 th April, 2019 Stanislav paek Martin Latovika, Martin Hork and Tom Plesnk Introduction Malicious Domains Attackers may register their own domains May host phishing

429 views • 19 slides
Introduction to Malicious Web Sites Ktcl Web Sitelerine Bir lk Bak Ali Ikinci

Introduction to Malicious Web Sites Ktcl Web Sitelerine Bir lk Bak Ali Ikinci

OWASP T urkey - Uygulama Gvenlii Gn Introduction to Malicious Web Sites Ktcl Web Sitelerine Bir lk Bak Ali Ikinci Siber Gvenlik Dernei ali@ikinci.info 9 June 2012 Turkey About Me Working on Malicious Web Sites

506 views • 31 slides
Spoiled Onions: Exposing Malicious Tor Exit Relays Philipp Winter, Richard K ower, Martin

Spoiled Onions: Exposing Malicious Tor Exit Relays Philipp Winter, Richard K ower, Martin

Spoiled Onions: Exposing Malicious Tor Exit Relays Philipp Winter, Richard K ower, Martin Mulazzani , Markus Huber, Sebastian Schrittwieser, Stefan Lindskog, Edgar Weippl Outline This talk is about: Detecting malicious Tor exit relays

524 views • 31 slides
PlatPal: Detecting Malicious Documents with Platform Diversity Meng Xu and Taesoo Kim Georgia

PlatPal: Detecting Malicious Documents with Platform Diversity Meng Xu and Taesoo Kim Georgia

PlatPal: Detecting Malicious Documents with Platform Diversity Meng Xu and Taesoo Kim Georgia Institute of Technology 1 Malicious Documents On the Rise 2 3 4 Adobe Components Exploited Element parser JavaScript engine 137 CVEs in 2015

889 views • 62 slides
An Examination of Security in Web Applications Brian Booth Luis Sanchez Jeremy Hancock Simon

An Examination of Security in Web Applications Brian Booth Luis Sanchez Jeremy Hancock Simon

An Examination of Security in Web Applications Brian Booth Luis Sanchez Jeremy Hancock Simon Timms Dr. Osmar Zaiane Cmput 410 Introduction As we enter full force into the information age more and more of our lives involves utilizing the

306 views • 14 slides
www.ren-isac.net soc@ren-isac.net 317.274.7228 What is an ISAC? Information

www.ren-isac.net soc@ren-isac.net 317.274.7228 What is an ISAC? Information

www.ren-isac.net soc@ren-isac.net 317.274.7228 What is an ISAC? Information Sharing and Analysis Centers Presidential Decision Directive-63 (PDD-63), signed May 22, 1998 The federal government asked each critical

543 views • 20 slides
Barriers to CSIRTs cooperation. Challenge in practice the CLOSER Project Krzysztof Silicki

Barriers to CSIRTs cooperation. Challenge in practice the CLOSER Project Krzysztof Silicki

Barriers to CSIRTs cooperation. Challenge in practice the CLOSER Project Barriers to CSIRTs cooperation. Challenge in practice the CLOSER Project Krzysztof Silicki Mirosaw Maj NASK / CERT Polska 20th FIRST Annual Conference,

771 views • 37 slides
Security Innovation The Israeli Eco System National Risk Management & Innovation REFAEL

Security Innovation The Israeli Eco System National Risk Management & Innovation REFAEL

Second Annual Event Encouraging Digital Security Innovation The Israeli Eco System National Risk Management & Innovation REFAEL FRANCO Deputy Director General Head of Robustness Division CERT IL 3 Israel cyber eco system Israeli CERT

1.02k views • 52 slides
Secure application development with AOP Nils Durner <ndurner@web.de> 1 Outline of the

Secure application development with AOP Nils Durner <ndurner@web.de> 1 Outline of the

Secure application development with AOP Nils Durner <ndurner@web.de> 1 Outline of the talk Introduction to Aspect Oriented Programming Examples for uses of AOP for security AOP & Memory safety Future work 2 What is

870 views • 59 slides
Cyber Risk Research at CCRS Jennifer Copic Research Assistant Cambridge Centre for Risk Studies

Cyber Risk Research at CCRS Jennifer Copic Research Assistant Cambridge Centre for Risk Studies

Cambridge Centre for Risk Studies Advisory Board Research Showcase 24 January 2017 Cyber Risk Research at CCRS Jennifer Copic Research Assistant Cambridge Centre for Risk Studies Largest Cyber Data Exfiltration Event: Yahoo August 2013

296 views • 18 slides
CYBER SECURITY By Sachin Dedhia CISA, CEH, ISO 27001 L.A., Ethical Hacker & Digital

CYBER SECURITY By Sachin Dedhia CISA, CEH, ISO 27001 L.A., Ethical Hacker & Digital

CYBER SECURITY By Sachin Dedhia CISA, CEH, ISO 27001 L.A., Ethical Hacker & Digital Forensics Expert Founder Skynet Secure Solutions , skynetsecure.com Email : Sachin@skynetsecure.com Phone : 91- 9867700095 Web Conference Security

828 views • 11 slides
Analysis of the HTTPS Certificate Ecosystem Zakir Durumeric, James Kasten, Michael Bailey, J.

Analysis of the HTTPS Certificate Ecosystem Zakir Durumeric, James Kasten, Michael Bailey, J.

Analysis of the HTTPS Certificate Ecosystem Zakir Durumeric, James Kasten, Michael Bailey, J. Alex Halderman University of Michigan Analysis of the HTTPS Certificate Ecosystem Zakir Durumeric HTTPS and TLS How does HTTPS and the CA ecosystem

451 views • 24 slides

More recommend

Explore More Topics

Stay informed with curated content and fresh updates.

animals pets art culture automotive transportation business finance computer internet construction architecture education-career electronics communication

Logo Sambuz

Unleash a World of Digital Possibilities—Browse, Share, and Explore Content Without Boundaries

Useful Links

About Us Privacy Services FAQ's Contact

Newsletter

Stay Informed & Inspired—Subscribe for the Latest Updates, Tips, and Exclusive Content Directly to Your Inbox.

Mail Us

mail@sambuz.com

2026 SAMBUZ, All right reserved.