cyber uc meeting 90
play

Cyber@UC Meeting 90 MBE: Basic Binary Exploitation If Youre New! - PowerPoint PPT Presentation

Mar 03, 2024 •291 likes •442 views

Cyber@UC Meeting 90 MBE: Basic Binary Exploitation If Youre New! Join our Slack: cyberatuc.slack.com Check out our website: cyberatuc.org Organization Resources on our Wiki: wiki.cyberatuc.org SIGN IN! (Slackbot will post

  1. Cyber@UC Meeting 90 MBE: Basic Binary Exploitation

  3. If You’re New! ● Join our Slack: cyberatuc.slack.com Check out our website: cyberatuc.org ● Organization Resources on our Wiki: wiki.cyberatuc.org ● ● SIGN IN! (Slackbot will post the link in #general every Wed@6:30) ● Feel free to get involved with one of our committees: Content Finance Public Affairs Outreach Recruitment Lab Ongoing work in our research lab! ●

  4. Announcements ● Bi-weekly lab events! Socket Programming! ○ ● Organization planning meeting Sunday, all are welcome to attend Dodgeball Thursday ● CTF team ●

  5. SATURDAY APRIL 20TH, 2019 FULL DAY EVENT WEDNESDAY APRIL 10TH, 11AM - 4PM 2019 VIDEO GAME + CTF = 🤰 GUEST SPEAKER: AARON MCCANTY COLUMBUS OH RE/VR AUTOMATION

  6. Weekly News

  7. Chinese national arrested carrying malware ● Charged with lying to a federal agent ● Carrying 4 Phones, 2 Chinese passports, a laptop, and a USB drive containing malware ● Event that she said she was attending was non existent Also said she was there to use ● the pool ● President was at the resort at the same time She did not actually use the pool ● https://www.nytimes.com/2019/04/02/us/mar-a-lago-zhang-chine se-secret-service.html

  8. Basic Binary Exploitation

  9. What are binary files? ● Source Code is plain text Source Code is compiled to Assembly which is also plain text ● Assembly is assembled to an Object file which is made of relocatable ● machine code ● Object Files are linked to each other and libraries into Binary Files Binary File have all dependencies resolved ●

  10. What are binary files? (cont.) ● Binary files are typically one of these formats: Portable Executable (PE) - used by Windows ○ ○ Executable and Linkable Format (ELF) - used by everything else ● Both formats have support for static linking and dynamic linking ELF uses object (.o) and shared object (.so) ○ ○ PE uses executable (.exe) and dynamic linking library (.dll)

  11. What are binary files? ●

  12. Tools Static Analysis (not running): strings - dumps “readable” data from a binary file ● file - identifies a file format based on magic ● ● md5sum - gets md5 sum of a file ● objdump - converts binaries to assembly binwalk - searches for files in files ● Dynamic Analysis: IDA/GHIDRA/BinNin/R2 - Disassembly / visualize binaries ● GDB - GNU Debugger ● ● GDB:GEF - Extension for GDB

  13. GDB:GEF Setup ● Installation from (github) ○ wget -O ~/.gdbinit-gef.py -q https://github.com/hugsy/gef/raw/master/gef.py ○ echo source ~/.gdbinit-gef.py >> ~/.gdbinit ● If you already have GDB:PEDA it’s similar but still actively developed so just use PEDA for today GEF adds a few UI improvements to keep you from repeating commands and ● extends the capabilities of GDB

  14. Crackme’s ● Files meant to be reverse engineered ○ Example: Battelle’s Goat challenge Search for “RPISEC MBE” then download the challenges.zip from the class ● site ○ http://security.cs.rpi.edu/courses/binexp-spring2015/

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Cyber@UC; Meeting 28 Cyber Kill Chain If Youre New! Join our Slack ucyber.slack.com

Cyber@UC; Meeting 28 Cyber Kill Chain If Youre New! Join our Slack ucyber.slack.com

Cyber@UC; Meeting 28 Cyber Kill Chain If Youre New! Join our Slack ucyber.slack.com Follow us on Twitter @UCyb3r and Facebook UC.yber; University of Cincinnati OWASP Chapter Feel free to get involved with one of our committees:

430 views • 23 slides
NSF Activities in Cyber Trust NSF Activities in Cyber Trust NSF Activities in Cyber Trust For

NSF Activities in Cyber Trust NSF Activities in Cyber Trust NSF Activities in Cyber Trust For

NSF Activities in Cyber Trust NSF Activities in Cyber Trust NSF Activities in Cyber Trust For ACM CCS I ndustry/ Govt Track Oct. 26, 2004 Carl Landwehr ( clandweh@nsf.gov ) Cyber Trust Coordinator National Science Foundation What s the

439 views • 17 slides
CYBER CYBER-SAFETY CYBER CYBER SAFETY SAFETY SAFETY BASICS BASICS Engineering Staff College

CYBER CYBER-SAFETY CYBER CYBER SAFETY SAFETY SAFETY BASICS BASICS Engineering Staff College

3/29/2012 CYBER CYBER-SAFETY CYBER CYBER SAFETY SAFETY SAFETY BASICS BASICS Engineering Staff College of India I N T R O D U C T I O N What is Cyber-safety Consequences Threats of Inaction Cyber-safety? Cyber-safety Cyber-safety at

215 views • 7 slides
What is Cyber Crime? Cyber Enabled Crime Cyber Dependant Crime Traditional crime that is

What is Cyber Crime? Cyber Enabled Crime Cyber Dependant Crime Traditional crime that is

R egional C yber C rime U nit DC Louise Gibson Prepare, Prevent & Protect What is Cyber Crime? Cyber Enabled Crime Cyber Dependant Crime Traditional crime that is enhanced in scale or Crimes that can only be committed solely reach by use

316 views • 9 slides
Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework Reporting Objectives Executive Summary Information Assess Current Cyber Security Posture Measure Progress Toward Improvement Assess

634 views • 5 slides
The Cyber Threat: Securing Cyber Infrastructure Overview What are the FBIs Priorities?

The Cyber Threat: Securing Cyber Infrastructure Overview What are the FBIs Priorities?

The Cyber Threat: Securing Cyber Infrastructure Overview What are the FBIs Priorities? What is the FBIs Cyber Structure? HQ Division Dedicated Cyber squads in all 56 field offices, including satellite locations overseas.

1.54k views • 14 slides
Strategic Priorities Assurance Board Cyber and Cyber Enabled Crime Introduction Cyber

Strategic Priorities Assurance Board Cyber and Cyber Enabled Crime Introduction Cyber

Strategic Priorities Assurance Board Cyber and Cyber Enabled Crime Introduction Cyber Dependent crime examples of these offences are Distributed Denial of Service attack (DDOS), Account Compromise (hacking), Malware (virus) and

237 views • 7 slides
FEMA Region III Cyber Security Program Maryland Cyber Security Workshop (January 16, 2019)

FEMA Region III Cyber Security Program Maryland Cyber Security Workshop (January 16, 2019)

FEMA Region III Cyber Security Program Maryland Cyber Security Workshop (January 16, 2019) (Presented again at the October 16, 2018, meeting of the Maryland Cybersecurity Council and published with permission.) Overview Current Landscape

560 views • 23 slides
Cyber Security February - 2016 Agenda Overview of Cyber Crime The top cyber threats to UK

Cyber Security February - 2016 Agenda Overview of Cyber Crime The top cyber threats to UK

Cyber Security February - 2016 Agenda Overview of Cyber Crime The top cyber threats to UK businesses and how to remain safe What help is available Further reading Setting the scene 21.2bn The cost of fraud to the

304 views • 19 slides
Mark Fernandes Principal, Cyber Risk Services + FUTURE OF CYBER CYB CYBER SINGU GULAR ARIT

Mark Fernandes Principal, Cyber Risk Services + FUTURE OF CYBER CYB CYBER SINGU GULAR ARIT

Mark Fernandes Principal, Cyber Risk Services + FUTURE OF CYBER CYB CYBER SINGU GULAR ARIT ITY How cyber is becoming a key aspect of the ubiquity generation. CYBER SUMMIT More to come 3 2018 Deloitte Cyber Risk Services 4 2018

514 views • 19 slides
Latest in Cyber Security November 7, 2013 TCIPG Annual Meeting Douglas Maughan Division

Latest in Cyber Security November 7, 2013 TCIPG Annual Meeting Douglas Maughan Division

Homeland Security Advanced Research Projects Agency A View from Washington: The Latest in Cyber Security November 7, 2013 TCIPG Annual Meeting Douglas Maughan Division Director http://www.dhs.gov/cyber-research Presentation Outline

794 views • 32 slides
CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY

CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY

CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY HAPPEN London June 2019 INTRODUCTION Cyber Security The activity or process, ability or capability, or state whereby information and

735 views • 24 slides
Cy Cyber ber La Lay of the he La Land nd What the Numbers Tell Us Cyber r Lay of f the

Cy Cyber ber La Lay of the he La Land nd What the Numbers Tell Us Cyber r Lay of f the

Cy Cyber ber La Lay of the he La Land nd What the Numbers Tell Us Cyber r Lay of f the Land: : Wh What t the Numbe mbers rs Tell l Us Visit www.advisenltd.com at the end of this webinar to download: Copy of these slides

722 views • 31 slides
Cyber@UC Meeting 35 Exploit ALL the vulnerabilities! If Youre New! Join our Slack

Cyber@UC Meeting 35 Exploit ALL the vulnerabilities! If Youre New! Join our Slack

Cyber@UC Meeting 35 Exploit ALL the vulnerabilities! If Youre New! Join our Slack ucyber.slack.com Follow us on Twitter @UCyb3r and Facebook UC.yber; University of Cincinnati OWASP Chapter Feel free to get involved with one of

563 views • 11 slides
Cyber@UC Meeting 59 Actually Doing Star Night! If Youre New! Join our Slack:

Cyber@UC Meeting 59 Actually Doing Star Night! If Youre New! Join our Slack:

Cyber@UC Meeting 59 Actually Doing Star Night! If Youre New! Join our Slack: ucyber.slack.com SIGN IN! (Slackbot will post the link in #general) Feel free to get involved with one of our committees: Content Finance Public

525 views • 23 slides
Cyber@UC Meeting 63 Contributing to the Website If Youre New! Join our Slack:

Cyber@UC Meeting 63 Contributing to the Website If Youre New! Join our Slack:

Cyber@UC Meeting 63 Contributing to the Website If Youre New! Join our Slack: ucyber.slack.com SIGN IN! (Slackbot will post the link in #general every Wed@6:30) Feel free to get involved with one of our committees: Content

491 views • 14 slides
Multithreading in Qt Doing it wrong, debugging it, doing it right David Faure

Multithreading in Qt Doing it wrong, debugging it, doing it right David Faure

Multithreading in Qt Doing it wrong, debugging it, doing it right David Faure <david.faure@kdab.com> Outline QThread Debugging race conditions Debugging deadlocks Unit-testing for thread-safety How to use QThread A busy

167 views • 16 slides
C, Pointers, gdb 6.S081 Lecture 2 Fall 2020 My First Memory Bug one = 1 abc = [a,

C, Pointers, gdb 6.S081 Lecture 2 Fall 2020 My First Memory Bug one = 1 abc = [a,

C, Pointers, gdb 6.S081 Lecture 2 Fall 2020 My First Memory Bug one = 1 abc = [a, b, c] two = one abcdef = abc two += 1 abcdef += [d, e, f] print(one) print(abc) print(two) print(abcdef)

370 views • 17 slides
Linux Kernel Debugging Linux Kernel Debugging Advanced Operating Systems 2018/2019

Linux Kernel Debugging Linux Kernel Debugging Advanced Operating Systems 2018/2019

Linux Kernel Debugging Linux Kernel Debugging Advanced Operating Systems 2018/2019 http://d3s.mff.cuni.cz CHARLES UNIVERSITY IN PRAGUE faculty of mathematjcs and physics faculty of mathematjcs and physics Vlastimil Babka vbabka@suse.cz

1.6k views • 62 slides
gdb or sws1 gdb g Gnu debugger, for several languages, incl. C and C++ It It

gdb or sws1 gdb g Gnu debugger, for several languages, incl. C and C++ It It

1 what to do when my program segfaults? gdb or sws1 gdb g Gnu debugger, for several languages, incl. C and C++ It It allows you to inspect what a program is doing at points during ll t i t h t i d i t i t d i execution

537 views • 12 slides
gRPC Python, C Extensions, and AsyncIO Discord channel: #talk-grpc-and-asyncio About us

gRPC Python, C Extensions, and AsyncIO Discord channel: #talk-grpc-and-asyncio About us

gRPC Python, C Extensions, and AsyncIO Discord channel: #talk-grpc-and-asyncio About us Lidi Zheng Software Engineer at Google Maintainer of gRPC Python Pau Freixes Former Senior Software Engineer at Skyscanner

348 views • 24 slides
Puppy Raising Community: Raisers, Sitters and Volunteers What is a Community? Online

Puppy Raising Community: Raisers, Sitters and Volunteers What is a Community? Online

Puppy Raising Community: Raisers, Sitters and Volunteers What is a Community? Online platform using the internet browser of your choice. Log in anywhere using a computer, tablet or smartphone- no app required! Get access to

942 views • 22 slides
User Level DB: a Debugging API for User- Level Thread Libraries Kevin Pouget, Marc Prache,

User Level DB: a Debugging API for User- Level Thread Libraries Kevin Pouget, Marc Prache,

User Level DB: a Debugging API for User- Level Thread Libraries Kevin Pouget, Marc Prache, Patrick Carribault, and Herv Jourdren kevin.pouget@gmail.com, {marc.perache,patrick.carribault,herve.jourdren}@cea.fr CEA, DAM, DIF, F-91297 Arpajon,

895 views • 34 slides
Control flow Condition codes Conditional and unconditional jumps Loops Switch statements 1

Control flow Condition codes Conditional and unconditional jumps Loops Switch statements 1

Control flow Condition codes Conditional and unconditional jumps Loops Switch statements 1 Conditionals and Control Flow Two key pieces 1. Comparisons and tests: check conditions 2. Transfer control: choose next instruction Processor

2.09k views • 36 slides

More recommend