buffer
play

Buffer Overflow overflows Defenses and other memory safety - PowerPoint PPT Presentation

Dec 12, 2023 •433 likes •2.41k views

Last time We continued By looking at Buffer Overflow overflows Defenses and other memory safety vulnerabilities Finish overflow attacks & other vulnerabilities Overflow defenses Everything youve always wanted to know about

  1. Whence the gadgets? • How can we find gadgets to construct an exploit? • Automate a search of the target binary for gadgets (look for ret instructions, work backwards) Cf. https://github.com/0vercl0k/rp - • Are there sufficient gadgets to do anything interesting? • Yes: Shacham found that for significant codebases (e.g., libc), gadgets are Turing complete Especially true on x86’s dense instruction set - • Schwartz et al (USENIX Security ’11) have automated gadget shellcode creation, though not needing/requiring Turing completeness

  2. Blind ROP

  3. Blind ROP • Defense: Randomizing the location of the code (by compiling for position independence) on a 64- bit machine makes attacks very difficult

  4. Blind ROP • Defense: Randomizing the location of the code (by compiling for position independence) on a 64- bit machine makes attacks very difficult • Recent, published attacks are often for 32-bit versions of executables

  5. Blind ROP • Defense: Randomizing the location of the code (by compiling for position independence) on a 64- bit machine makes attacks very difficult • Recent, published attacks are often for 32-bit versions of executables • Attack response : Blind ROP

  6. Blind ROP • Defense: Randomizing the location of the code (by compiling for position independence) on a 64- bit machine makes attacks very difficult • Recent, published attacks are often for 32-bit versions of executables • Attack response : Blind ROP If server restarts on a crash, but does not re-randomize:

  7. Blind ROP • Defense: Randomizing the location of the code (by compiling for position independence) on a 64- bit machine makes attacks very difficult • Recent, published attacks are often for 32-bit versions of executables • Attack response : Blind ROP If server restarts on a crash, but does not re-randomize: 1.Read the stack to leak canaries and a return address

  8. Blind ROP • Defense: Randomizing the location of the code (by compiling for position independence) on a 64- bit machine makes attacks very difficult • Recent, published attacks are often for 32-bit versions of executables • Attack response : Blind ROP If server restarts on a crash, but does not re-randomize: 1.Read the stack to leak canaries and a return address 2.Find gadgets (at run-time) to effect call to write

  9. Blind ROP • Defense: Randomizing the location of the code (by compiling for position independence) on a 64- bit machine makes attacks very difficult • Recent, published attacks are often for 32-bit versions of executables • Attack response : Blind ROP If server restarts on a crash, but does not re-randomize: 1.Read the stack to leak canaries and a return address 2.Find gadgets (at run-time) to effect call to write 3.Dump binary to find gadgets for shellcode http://www.scs.stanford.edu/brop/

  10. Defeat! • The blind ROP team was able to completely automatically , only through remote interactions , develop a remote code exploit for nginx , a popular web server

  11. Defeat! • The blind ROP team was able to completely automatically , only through remote interactions , develop a remote code exploit for nginx , a popular web server • The exploit was carried out on a 64-bit executable with full stack canaries and randomization

  12. Defeat! • The blind ROP team was able to completely automatically , only through remote interactions , develop a remote code exploit for nginx , a popular web server • The exploit was carried out on a 64-bit executable with full stack canaries and randomization • Conclusion: give an inch, and they take a mile?

  13. Defeat! • The blind ROP team was able to completely automatically , only through remote interactions , develop a remote code exploit for nginx , a popular web server • The exploit was carried out on a 64-bit executable with full stack canaries and randomization • Conclusion: give an inch, and they take a mile? • Put another way: Memory safety is really useful!

  14. void safe() { char buf[80]; fgets(buf, 80, stdin); } void safer() { char buf[80]; fgets(buf, sizeof(buf), stdin); }

  15. void safe() { char buf[80]; fgets(buf, 80, stdin); } void safer() { char buf[80]; fgets(buf, sizeof(buf), stdin); } void vulnerable() { char buf[80]; if(fgets(buf, sizeof(buf), stdin)==NULL) return; printf(buf); }

  16. void safe() { char buf[80]; fgets(buf, 80, stdin); } void safer() { char buf[80]; fgets(buf, sizeof(buf), stdin); } void vulnerable() { char buf[80]; if(fgets(buf, sizeof(buf), stdin)==NULL) return; printf(buf); }

  17. Format string vulnerabilities

  18. printf format strings int i = 10; printf(“%d %p\n”, i, &i);

  19. printf format strings int i = 10; printf(“%d %p\n”, i, &i); 0x00000000 0xffffffff … %ebp %eip &fmt 10 &i

  20. printf format strings int i = 10; printf(“%d %p\n”, i, &i); 0x00000000 0xffffffff … %ebp %eip &fmt 10 &i printf ’s stack frame

  21. printf format strings int i = 10; printf(“%d %p\n”, i, &i); 0x00000000 0xffffffff … %ebp %eip &fmt 10 &i printf ’s stack frame caller’s 
 stack frame

  22. printf format strings int i = 10; printf(“%d %p\n”, i, &i); 0x00000000 0xffffffff … %ebp %eip &fmt 10 &i printf ’s stack frame caller’s 
 stack frame

  23. printf format strings int i = 10; printf(“%d %p\n”, i, &i); 0x00000000 0xffffffff … %ebp %eip &fmt 10 &i printf ’s stack frame caller’s 
 stack frame • printf takes variable number of arguments • printf pays no mind to where the stack frame “ends” • It presumes that you called it with (at least) as many arguments as specified in the format string

  24. printf format strings int i = 10; printf(“%d %p\n”, i, &i); 0x00000000 0xffffffff … %ebp %eip &fmt 10 &i printf ’s stack frame caller’s 
 stack frame • printf takes variable number of arguments • printf pays no mind to where the stack frame “ends” • It presumes that you called it with (at least) as many arguments as specified in the format string

  25. printf format strings int i = 10; printf(“%d %p\n”, i, &i); 0x00000000 0xffffffff … %ebp %eip &fmt 10 &i printf ’s stack frame caller’s 
 stack frame • printf takes variable number of arguments • printf pays no mind to where the stack frame “ends” • It presumes that you called it with (at least) as many arguments as specified in the format string

  26. printf format strings int i = 10; printf(“%d %p\n”, i, &i); 0x00000000 0xffffffff … %ebp %eip &fmt 10 &i printf ’s stack frame caller’s 
 stack frame • printf takes variable number of arguments • printf pays no mind to where the stack frame “ends” • It presumes that you called it with (at least) as many arguments as specified in the format string

  27. void vulnerable() { char buf[80]; if(fgets(buf, sizeof(buf), stdin)==NULL) return; printf(buf); }

  28. void vulnerable() { char buf[80]; if(fgets(buf, sizeof(buf), stdin)==NULL) return; printf(buf); } “%d %x"

  29. void vulnerable() { char buf[80]; if(fgets(buf, sizeof(buf), stdin)==NULL) return; printf(buf); } “%d %x" 0x00000000 0xffffffff … %ebp %eip &fmt caller’s 
 stack frame

  30. void vulnerable() { char buf[80]; if(fgets(buf, sizeof(buf), stdin)==NULL) return; printf(buf); } “%d %x" 0x00000000 0xffffffff … %ebp %eip &fmt caller’s 
 stack frame

  31. void vulnerable() { char buf[80]; if(fgets(buf, sizeof(buf), stdin)==NULL) return; printf(buf); } “%d %x" 0x00000000 0xffffffff … %ebp %eip &fmt caller’s 
 stack frame

  32. Format string vulnerabilities

  33. Format string vulnerabilities • printf(“100% dml”);

  34. Format string vulnerabilities • printf(“100% dml”); • Prints stack entry 4 byes above saved %eip

  35. Format string vulnerabilities • printf(“100% dml”); • Prints stack entry 4 byes above saved %eip • printf(“%s”);

  36. Format string vulnerabilities • printf(“100% dml”); • Prints stack entry 4 byes above saved %eip • printf(“%s”); • Prints bytes pointed to by that stack entry

  37. Format string vulnerabilities • printf(“100% dml”); • Prints stack entry 4 byes above saved %eip • printf(“%s”); • Prints bytes pointed to by that stack entry • printf(“%d %d %d %d …”);

  38. Format string vulnerabilities • printf(“100% dml”); • Prints stack entry 4 byes above saved %eip • printf(“%s”); • Prints bytes pointed to by that stack entry • printf(“%d %d %d %d …”); • Prints a series of stack entries as integers

  39. Format string vulnerabilities • printf(“100% dml”); • Prints stack entry 4 byes above saved %eip • printf(“%s”); • Prints bytes pointed to by that stack entry • printf(“%d %d %d %d …”); • Prints a series of stack entries as integers • printf(“%08x %08x %08x %08x …”);

  40. Format string vulnerabilities • printf(“100% dml”); • Prints stack entry 4 byes above saved %eip • printf(“%s”); • Prints bytes pointed to by that stack entry • printf(“%d %d %d %d …”); • Prints a series of stack entries as integers • printf(“%08x %08x %08x %08x …”); • Same, but nicely formatted hex

  41. Format string vulnerabilities • printf(“100% dml”); • Prints stack entry 4 byes above saved %eip • printf(“%s”); • Prints bytes pointed to by that stack entry • printf(“%d %d %d %d …”); • Prints a series of stack entries as integers • printf(“%08x %08x %08x %08x …”); • Same, but nicely formatted hex • printf(“100% no way!”)

  42. Format string vulnerabilities • printf(“100% dml”); • Prints stack entry 4 byes above saved %eip • printf(“%s”); • Prints bytes pointed to by that stack entry • printf(“%d %d %d %d …”); • Prints a series of stack entries as integers • printf(“%08x %08x %08x %08x …”); • Same, but nicely formatted hex • printf(“100% no way!”) WRITES the number 3 to address pointed to by stack entry •

  43. Format string prevalence % of 0.5 vulnerabilities that involve 0.375 format string bugs 0.25 0.125 0 2002 2004 2006 2008 2010 2012 2014 http://web.nvd.nist.gov/view/vuln/statistics

  44. What’s wrong with this code? #define BUF_SIZE 16 char buf[BUF_SIZE]; void vulnerable() { int len = read_int_from_network(); char *p = read_string_from_network(); if(len > BUF_SIZE) { printf(“Too large\n”); return; } memcpy(buf, p, len); }

  45. What’s wrong with this code? #define BUF_SIZE 16 char buf[BUF_SIZE]; void vulnerable() { int len = read_int_from_network(); char *p = read_string_from_network(); if(len > BUF_SIZE) { printf(“Too large\n”); return; } memcpy(buf, p, len); } void *memcpy(void *dest, const void *src, size_t n);

  46. What’s wrong with this code? #define BUF_SIZE 16 char buf[BUF_SIZE]; void vulnerable() { int len = read_int_from_network(); char *p = read_string_from_network(); if(len > BUF_SIZE) { printf(“Too large\n”); return; } memcpy(buf, p, len); } void *memcpy(void *dest, const void *src, size_t n); typedef unsigned int size_t;

  47. What’s wrong with this code? #define BUF_SIZE 16 char buf[BUF_SIZE]; void vulnerable() { Negative int len = read_int_from_network(); char *p = read_string_from_network(); if(len > BUF_SIZE) { printf(“Too large\n”); return; } memcpy(buf, p, len); } void *memcpy(void *dest, const void *src, size_t n); typedef unsigned int size_t;

  48. What’s wrong with this code? #define BUF_SIZE 16 char buf[BUF_SIZE]; void vulnerable() { Negative int len = read_int_from_network(); char *p = read_string_from_network(); Ok if(len > BUF_SIZE) { printf(“Too large\n”); return; } memcpy(buf, p, len); } void *memcpy(void *dest, const void *src, size_t n); typedef unsigned int size_t;

  49. What’s wrong with this code? #define BUF_SIZE 16 char buf[BUF_SIZE]; void vulnerable() { Negative int len = read_int_from_network(); char *p = read_string_from_network(); Ok if(len > BUF_SIZE) { printf(“Too large\n”); return; } memcpy(buf, p, len); } Implicit cast to unsigned void *memcpy(void *dest, const void *src, size_t n); typedef unsigned int size_t;

  50. Integer overflow vulnerabilities

  51. What’s wrong with this code? void vulnerable() { size_t len; char *buf; len = read_int_from_network(); buf = malloc(len + 5); read(fd, buf, len); ... }

  52. What’s wrong with this code? void vulnerable() { size_t len; char *buf; HUGE len = read_int_from_network(); buf = malloc(len + 5); read(fd, buf, len); ... }

  53. What’s wrong with this code? void vulnerable() { size_t len; char *buf; HUGE len = read_int_from_network(); Wrap-around buf = malloc(len + 5); read(fd, buf, len); ... }

  54. What’s wrong with this code? void vulnerable() { size_t len; char *buf; HUGE len = read_int_from_network(); Wrap-around buf = malloc(len + 5); read(fd, buf, len); ... } Takeaway: You have to know the semantics of your programming language to avoid these errors

  55. Integer overflow prevalence 3 % of vulnerabilities that 
 involve integer overflows 2.25 1.5 0.75 0 2000 2002 2004 2006 2008 2010 2012 2014 http://web.nvd.nist.gov/view/vuln/statistics

  56. What’s wrong with this code? Suppose that it has higher privilege than the user int main() { char buf[1024]; ... if(access(argv[1], R_OK) != 0) { printf(“cannot access file\n”); exit(-1); } file = open(argv[1], O_RDONLY); read(file, buf, 1023); close(file); printf(“%s\n”, buf); return 0; }

  57. What’s wrong with this code? Suppose that it has higher privilege than the user int main() { char buf[1024]; ... uid if(access(argv[1], R_OK) != 0) { printf(“cannot access file\n”); exit(-1); } euid file = open(argv[1], O_RDONLY); read(file, buf, 1023); close(file); printf(“%s\n”, buf); return 0; }

  58. What’s wrong with this code? Suppose that it has higher privilege than the user int main() { char buf[1024]; ~attacker/mystuff.txt ... uid if(access(argv[1], R_OK) != 0) { printf(“cannot access file\n”); exit(-1); } euid file = open(argv[1], O_RDONLY); read(file, buf, 1023); close(file); printf(“%s\n”, buf); return 0; }

  59. What’s wrong with this code? Suppose that it has higher privilege than the user int main() { char buf[1024]; ~attacker/mystuff.txt ... uid if(access(argv[1], R_OK) != 0) { printf(“cannot access file\n”); exit(-1); } euid file = open(argv[1], O_RDONLY); read(file, buf, 1023); close(file); printf(“%s\n”, buf); return 0; }

  60. What’s wrong with this code? Suppose that it has higher privilege than the user int main() { char buf[1024]; ~attacker/mystuff.txt ... uid if(access(argv[1], R_OK) != 0) { printf(“cannot access file\n”); exit(-1); } ln -s /usr/sensitive ~attacker/mystuff.txt euid file = open(argv[1], O_RDONLY); read(file, buf, 1023); close(file); printf(“%s\n”, buf); return 0; }

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Buffer Manager Each relation is can be mapped onto many files (each file containing data from one

Buffer Manager Each relation is can be mapped onto many files (each file containing data from one

Buffer Management The database buffer is the mediator between the basic file system and the tuple-oriented file system. The buffer managers task is to make the pages addressable in main memory and to coordinate the writing of pages to disk

1.12k views • 8 slides
Introduction Buffer Overflows Buffer overflows were the most common form of security

Introduction Buffer Overflows Buffer overflows were the most common form of security

Introduction Buffer Overflows Buffer overflows were the most common form of security vulnerability in the 90s. Buffer overflows dominate in the area of remote network penetration vulnerabilities. CS 465 They represent one of the

651 views • 4 slides
Buffer Overflows with Content 2 A Process Stack Buffer Overflow Common Techniques employed

Buffer Overflows with Content 2 A Process Stack Buffer Overflow Common Techniques employed

1 Buffer Overflows with Content 2 A Process Stack Buffer Overflow Common Techniques employed in buffer overflow exploits to create backdoors Execution of additional network services via the INETD daemon The addition of new users

497 views • 30 slides
External buffer Raslan Darawsheh Mellanox External buffer First was introduced by Olivier

External buffer Raslan Darawsheh Mellanox External buffer First was introduced by Olivier

x External buffer Raslan Darawsheh Mellanox External buffer First was introduced by Olivier in his presentation in 2016. The support for External buffer has been there since DPDK 18.05 2 External buffer: Contd 3 External

544 views • 12 slides
Lab 2: Buffer Overflows Fengwei Zhang SUSTech CS 315 Computer Security 1 Buffer Overflows

Lab 2: Buffer Overflows Fengwei Zhang SUSTech CS 315 Computer Security 1 Buffer Overflows

Lab 2: Buffer Overflows Fengwei Zhang SUSTech CS 315 Computer Security 1 Buffer Overflows One of the most common vulnerabilities in software Programming languages commonly associated with buffer overflows including C and C++

1.14k views • 17 slides
Buffer Overflows and Defenses CS 419: Computer Security Lecture 10 and 11 Buffer Overflow a

Buffer Overflows and Defenses CS 419: Computer Security Lecture 10 and 11 Buffer Overflow a

Buffer Overflows and Defenses CS 419: Computer Security Lecture 10 and 11 Buffer Overflow a very common attack mechanism from 1988 Morris Worm to Code Red, Slammer, Sasser and many others prevention techniques known still of major concern

873 views • 53 slides
TinyOS Determine when Fill message Specify Pass buffer message buffer Network Communication

TinyOS Determine when Fill message Specify Pass buffer message buffer Network Communication

Inter-Node Communication General idea: Sender: TinyOS Determine when Fill message Specify Pass buffer message buffer Network Communication buffer with data Recipients to OS can be reused Computer Network Receiver:

176 views • 3 slides
Week 03 Lectures PostgreSQL Buffer Manager 1/95 PostgreSQL buffer manager: provides a shared

Week 03 Lectures PostgreSQL Buffer Manager 1/95 PostgreSQL buffer manager: provides a shared

Week 03 Lectures PostgreSQL Buffer Manager 1/95 PostgreSQL buffer manager: provides a shared pool of memory buffers for all backends all access methods get data from disk via buffer manager Buffers are located in a large region of shared

505 views • 25 slides
Riparian Buffer or Riparian Forest Buffer Equivalency Demonstration and Offsetting Water

Riparian Buffer or Riparian Forest Buffer Equivalency Demonstration and Offsetting Water

Implementation of Act 162 of 2014 Riparian Buffer or Riparian Forest Buffer Equivalency Demonstration and Offsetting Water Resources Advisory Committee August 12, 2015 Tom Wolf, Governor John Quigley, Secretary Agenda 1. Overview of Act 162

530 views • 37 slides
Chapter 10 Buffer Overflow Buffer Overflow Common attack mechanism first wide use by

Chapter 10 Buffer Overflow Buffer Overflow Common attack mechanism first wide use by

Chapter 10 Buffer Overflow Buffer Overflow Common attack mechanism first wide use by the Morris Worm in 1988 Prevention techniques known NX bit, stack canaries, ASLR Still of major concern Recent examples:

354 views • 21 slides
Buffer Trees Lars Arge. The Buffer Tree: A New Technique for Optimal I/O Algorithms . In

Buffer Trees Lars Arge. The Buffer Tree: A New Technique for Optimal I/O Algorithms . In

Buffer Trees Lars Arge. The Buffer Tree: A New Technique for Optimal I/O Algorithms . In Proceedings of Fourth Workshop on Algorithms and Data Structures (WADS), Lecture Notes in Computer Science Vol. 955, Springer-Verlag, 1995, 334-345. 1

518 views • 27 slides
AKC Education Webinar Series: Social Media Resources Buffer: What Is It? Buffer is a software

AKC Education Webinar Series: Social Media Resources Buffer: What Is It? Buffer is a software

AKC Education Webinar Series: Social Media Resources Buffer: What Is It? Buffer is a software application for the web and mobile, designed to manage accounts in social networks, by providing the means for a user to schedule posts to Twitter,

506 views • 35 slides
More Vulnerabilities (buffer overreads, format string, integer overflow, heap overflows) Chester

More Vulnerabilities (buffer overreads, format string, integer overflow, heap overflows) Chester

More Vulnerabilities (buffer overreads, format string, integer overflow, heap overflows) Chester Rebeiro Indian Institute of Technology Madras Buffer Overreads 2 Buffer Overread Example 3 Buffer Overread Example len read from command line

906 views • 76 slides
Buffer Software Security overflows and other memory safety vulnerabilities Buffer overflow

Buffer Software Security overflows and other memory safety vulnerabilities Buffer overflow

Last time We continued By launching our 1st section: Buffer Software Security overflows and other memory safety vulnerabilities Buffer overflow fundamentals This time We will finish up By looking at Buffer Overflow overflows

1.33k views • 103 slides
k + -buffer: Fragment Synchronized k-buffer I3D 2014 Andreas A. Vasilakis & Ioannis Fudos {

k + -buffer: Fragment Synchronized k-buffer I3D 2014 Andreas A. Vasilakis & Ioannis Fudos {

k + -buffer: Fragment Synchronized k-buffer I3D 2014 Andreas A. Vasilakis & Ioannis Fudos { abasilak,fudos } @cs.uoi.gr Department of Computer Science & Engineering, University of Ioannina, Greece 16 March 2014 Introduction

782 views • 44 slides
Database Systems IIB: DBMS-Implementation Chapter 5: The Buffer Cache Prof. Dr. Stefan Brass

Database Systems IIB: DBMS-Implementation Chapter 5: The Buffer Cache Prof. Dr. Stefan Brass

Storage Hierarchy, Buffer Manager Disk/Buffer Performance in Oracle Database Systems IIB: DBMS-Implementation Chapter 5: The Buffer Cache Prof. Dr. Stefan Brass Martin-Luther-Universit at Halle-Wittenberg Wintersemester 2019/20

623 views • 50 slides
CS-527 Software Security Practical Defenses Asst. Prof. Mathias Payer Department of Computer

CS-527 Software Security Practical Defenses Asst. Prof. Mathias Payer Department of Computer

CS-527 Software Security Practical Defenses Asst. Prof. Mathias Payer Department of Computer Science Purdue University TA: Kyriakos Ispoglou https://nebelwelt.net/teaching/17-527-SoftSec/ Spring 2017 Fixing and Patching Vulnerabilities

419 views • 26 slides
On Adaptive Attacks to Adversarial Example Defenses Florian Tramr USENIX ScAINet August 10 th

On Adaptive Attacks to Adversarial Example Defenses Florian Tramr USENIX ScAINet August 10 th

On Adaptive Attacks to Adversarial Example Defenses Florian Tramr USENIX ScAINet August 10 th , 2020 Joint work with Nicholas Carlini, Wieland Brendel and Aleksander Madry What Are Adversarial Examples? 88% Tabby Cat 99% Guacamole Biggio

360 views • 21 slides
FOSAD07 Low-level Software Security: Attacks and Defenses lfar Erlingsson Microsoft

FOSAD07 Low-level Software Security: Attacks and Defenses lfar Erlingsson Microsoft

FOSAD07 Low-level Software Security: Attacks and Defenses lfar Erlingsson Microsoft Research, Silicon Valley and Reykjavk University, Iceland An example of a real-world attack Exploits a vulnerability in the GDI+ rendering of

1.26k views • 113 slides
Memory Exploits & Defenses Presenter: Kevin Snow What is the threat? How do we defend

Memory Exploits & Defenses Presenter: Kevin Snow What is the threat? How do we defend

Memory Exploits & Defenses Presenter: Kevin Snow What is the threat? How do we defend ourselves? What is the threat? Stack Smashing Return-to-libc Format String Error Heap Overflow Generic Stack Frame Caller Callee Stack

1.12k views • 79 slides
Clickjacking Credit: paper (Clickjacking: Attacks and Defenses Huang et al.) and most slide

Clickjacking Credit: paper (Clickjacking: Attacks and Defenses Huang et al.) and most slide

Clickjacking Credit: paper (Clickjacking: Attacks and Defenses Huang et al.) and most slide content (Vern Paxson) Misleading users Browser assumes that clicks and keystrokes = clear indication of what the user wants to do Constitutes

567 views • 24 slides
Lecture 08 Control-flow Hijacking Defenses Stephen Checkoway University of Illinois at

Lecture 08 Control-flow Hijacking Defenses Stephen Checkoway University of Illinois at

Lecture 08 Control-flow Hijacking Defenses Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides adapted from Miller, Bailey, and Brumley Control Flow Hijack: Always control + computation shellcode (aka payload)

652 views • 36 slides
Hash-flooding DoS reloaded: Hash flooding begins? attacks and defenses July 1998 article

Hash-flooding DoS reloaded: Hash flooding begins? attacks and defenses July 1998 article

Hash-flooding DoS reloaded: Hash flooding begins? attacks and defenses July 1998 article Jean-Philippe Aumasson, Designing and attacking Kudelski Security (NAGRA) port scan detection tools by Solar Designer (Alexander D. J. Bernstein,

1.83k views • 164 slides
Defense Against Adversarial Images using Web-Scale Nearest-Neighbor Search Abhimanyu Dubey,

Defense Against Adversarial Images using Web-Scale Nearest-Neighbor Search Abhimanyu Dubey,

Defense Against Adversarial Images using Web-Scale Nearest-Neighbor Search Abhimanyu Dubey, Laurens van der Maaten, I. Zeki Yalniz, Yixuan Li and Dhruv Mahajan Adversarial Images adversarial swan pelican perturbation

457 views • 8 slides

More recommend