Curiosity is insubordination in its purest form. -Vladimir Nabokov

sábado, 26 de noviembre de 2011

Exploit exercises Ya tengo diversion.

About Exploit Exercises provides a variety of virtual machines, documentation and challenges that can be used to learn about a variety of computer security issues such as privilege escalation, vulnerability analysis, exploit development, debugging, reverse engineering.

Nebula takes the participant through a variety of common (and less than common) weaknesses and vulnerabilities in Linux. It takes a look at

SUID files
Race conditions
Shell meta-variables
$PATH weaknesses
Scripting language weaknesses
Binary compilation failures
At the end of Nebula, the user will have a reasonably thorough understanding of local attacks against Linux systems, and a cursory look at some of the remote attacks that are possible.

Protostar introduces the following in a friendly way:

Network programming
Byte order
Handling sockets
Stack overflows
Format strings
Heap overflows
The above is introduced in a simple way, starting with simple memory corruption and modification, function redirection, and finally executing custom shellcode. Address Space Layout Randomisation and Non-Executable memory has been disabled.

Fusion is the next step from the protostar setup, and covers more advanced styles of exploitation, and covers a variety of anti-exploitation mechanisms such as:

Address Space Layout Randomisation
Position Independent Executables
Non-executable Memory
Source Code Fortification (_DFORTIFY_SOURCE=)
Stack Smashing Protection (ProPolice / SSP)
In addition to the above, there are a variety of other challenges and things to explore, such as:

Cryptographic issues
Timing attacks
Variety of network protocols (such as Protocol Buffers and Sun RPC)
At the end of Fusion, the participant will have a through understanding of exploit prevention strategies, associated weaknesses, various cryptographic weaknesses, numerous heap implementations.

A disfrutar.

Related Posts by Categories