Government Security
Network Security Resources

Jump to content

Photo

Buffer Overflow Primer Videos


  • Please log in to reply
7 replies to this topic

#1 rama

rama

    Private First Class

  • Members
  • 57 posts

Posted 24 April 2009 - 08:35 AM

Hello All,

Hope you liked the Assembly Language Primer series I made before this. I will be adding a couple of more videos to it soon.
In the meantime wanted to get started with some real fun -

Buffer Overflow Primer Videos

In this video series we will take an in-depth look into Buffer Overflow attacks - how they work and how to exploit them.
I made the first video in the series today - a 30 minute session.

Buffer Overflow Primer Part 1 (Smashing the Stack)

In this video we will look at how the program stack can be corrupted by a buffer overflow, how the EIP can be made to point at an arbitrary location in code as a consequence and how one can exploit such a condition.

http://www.securityt...ack)-video.aspx

Lots more videos to come in this series.


Comments and Feedback welcome!

#2 Ariyan

Ariyan

    Private First Class

  • Members
  • 25 posts

Posted 24 April 2009 - 10:47 PM

My Net Speed Is Very Slow Can You Reupload A place Until I Download Via Internet Download Accelerator

Tnx In Anyware

#3 rama

rama

    Private First Class

  • Members
  • 57 posts

Posted 25 April 2009 - 08:18 AM

My Net Speed Is Very Slow Can You Reupload A place Until I Download Via Internet Download Accelerator

Tnx In Anyware


The videos will be up on the site forever. So take your time to download them - also SecurityTube allows download managers, so should not be a problem.

#4 rama

rama

    Private First Class

  • Members
  • 57 posts

Posted 25 April 2009 - 08:20 AM

Hello All,

Here are the next 2 videos in the Buffer Overflow Primer Series:

2. Writing Shellcode - we will take a very simple case of converting the exit() syscall into shellcode

http://securitytube....ode)-video.aspx


3. Executing Shellcode - we will look at how to write a simple C program to test the shellcode we wrote in the previous video


http://securitytube....ode)-video.aspx



Many more to come in this series!

#5 rama

rama

    Private First Class

  • Members
  • 57 posts

Posted 30 April 2009 - 03:53 AM

Hello All,

Next 2 videos in this series are online now:

4. Disassembling Execve:

In this video we will look at how to invoke execve in assembly.

http://securitytube....cve)-video.aspx

5. Creating Shellcode for Execve:

In thie video we will look at how to create shellode for invoking the execve syscall.

http://securitytube....cve)-video.aspx

More videos to come in this series!

Comments and Feedback welcome!

#6 rama

rama

    Private First Class

  • Members
  • 57 posts

Posted 05 May 2009 - 07:54 AM

Hello All,

I just completed a couple of more videos in this series. So here goes:

6. Exploiting a vulnerable program:

In this video we will understand how to overwrite the stack with our shellcode and exploit a vulnerable program.

http://securitytube....ram)-video.aspx


7. Demo of an actual exploitation:

This will consist of a demo of an actual exploitation based on the theory learnt in the previous video.

http://securitytube....emo)-video.aspx



8. Return to Libc theory:

2.6 kernel onwards the stack was made Non-Executable, thus rendering the tradional buffer overflow attacks useless. In this video we will understand how we can subvert this protection using a technique called "Return to Libc"

http://securitytube....ory)-video.aspx



9. Demo of exploiting using Return to Libc:

This will consist of an actual demo by using a vulnerable program.

http://securitytube....emo)-video.aspx




Comments and Feedback welcome!

#7 rama

rama

    Private First Class

  • Members
  • 57 posts

Posted 22 May 2009 - 05:52 AM

Hello All,

Just wanted to add 2 more videos on Advanced Buffer Overflow techniques:

1. Exploiting Buffer Overflows on systems with linux kernel without ASLR

http://securitytube....ASLR-video.aspx

2. Exploiting Buffer Overflows on systems with ASLR enabled in the kernel using a Brute Force on the Stack

http://securitytube....ayer-video.aspx

These videos have been made by BlackLight from http://blacklight.gotdns.org/ .


Enjoy!

#8 ashish771

ashish771

    Private

  • Members
  • 10 posts

Posted 03 March 2012 - 05:19 AM

Btw, SecurityTube now offers professional certifications for Wireless, Metasploit etc. and also gives our free course material to universities for use: http://securitytube-training.com




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users