hacking in c
play

Hacking in C hic 1 About this course: topics & goals - PowerPoint PPT Presentation

Oct 02, 2023 •980 likes •1.17k views

Hacking in C hic 1 About this course: topics & goals Standard ways in which software can be exploited understanding how such attacks work understanding what makes these attacks possible doing some attacks in practice

  1. Hacking in C hic 1

  2. About this course: topics & goals • Standard ways in which software can be exploited – understanding how such attacks work – understanding what makes these attacks possible – doing some attacks in practice • Root cause analysis: why are things so easy to hack? • This involves understanding – programming languages , compilers, and operating systems, and the abstractions that they provide – the languages, representations , and interpretations involved – the potential for trouble – in the form of software vulnerabilities - all this introduces hic 2

  3. Hacking in C • security problems in machine code compiled from C(++) source code running on standard CPU and operating system. • to understand this, we need to know how – the data representations involved – the memory management that the programmer has to do hic 3

  4. Prerequisites • Imperatief Programmeren – we won’t use C++, but C – biggest change: using printf instead of >> ? • Processoren – what is the functionality that a typical CPU offers, on which we have to run our software written in higher-level languages? Eg. fetch-execute cycle of the CPU, with Program Counter (PC) registers where in the code we are, which is modified for a JUMP instruction and incremented for the other instructions hic 4

  5. Lectures & lab sessions • Lectures Mondays 13:45-15:30 in HG00.304 • Lab sessions Thursdays 10:45-12:30 in HG00.137 & HG00.625 Aanstaande woensdag: als je al bekend met Linux command line ga dan naar HG00.625 • All course material will be on http://www.cs.ru.nl/~erikpoll/hic hic 5

  6. Lab exercises Weekly lab session with weekly programming/hacking exercise • Exercises to be done in pairs • Doing the exercises is obligatory to take part in the exam; • Exercises will be lightly graded to provide feedback, with nsi-regeling : you can have only one exercise niet-serieus-ingeleverd • You learn stuff in the exercises that you won't learn at the lectures, and vv. • Beware: exercises of one week will build on knowledge & skills from the previous week • Also: turning up for the lab sesions might be crucial to sort out practical problems (with C, gcc, Linux, ...) hic 6

  7. Lab exercises We use • C as programming language, not C++ • Linux from the command line aka shell • the compiler gcc So no fancy graphical user interfaces (GUIs) for the operating system (OS) or the compiler Why? • GUIs are nice, but hide what OS and compiler are doing • the command line is clumsy at first, – using commands instead of pointing & clicking but gives great power – we can write shell scripts: programs that interact with the OS hic 7

  8. ‘to hack’ NB several meaning and connotations, incl. 1. To write software in a clever way – to really exploit all the capabilities a system offers 2. To break into a computer system. 3. To fix some problem in a quickly & ugly way Focus of this course 1 & 2. hic 8

  9. How do you break into a computer system? Using user credentials – username/password 1. How do you get those? – default passwords hic 9

  10. Default passwords exploited by Mirai botnet hic 10

  11. Default passwords exploited by Mirai botnet hic 11

  12. How do you break into a computer system? Using user credentials – username/password 1. How do you get those? – default passwords – phishing – brute forcing – eavesdropping, • on unsecured network connection, • with keylogger hardware or software keylogger – using stolen password files • which may need to be brute forced, if passwords are hashed – ... 2 Using flaws in the software – Focus of this course & web security next quarter hic 12

  13. Security problems in software Terminology can be confusing: (security) weakness, flaw, vulnerability, bug, error, coding defect, ... Important distinction: 1. security weakness/flaw: something that is wrong or could be better 2. security vulnerability weakness/flaw that can actually be exploited by an attacker, This requires the flaw to be 1. accessible - attacker has to be able to get at it exploitable – attacker has to be able to do some damage with it 2. Eg by unplugging your network connection, many vulnerabilities become flaws Warning: there is no standardised terminology for the distinction above! hic 13

  14. Software security prices (2015) hic 14

  15. design vs implementation flaws Software vulnerabilities can be introduced at different “levels” • design flaws focus of – fundamental error in the design this course • implementation flaws or coding error – introduced when implementing The precise border is not precise it can be debatable whether a flaws is a design or implementation flaw To understand implementation flaws, we need to look 'under the hood' of how a programming language works hic 15

  16. To understand implementation flaws hic 16

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

ETHICAL HACKING Daniel Cloherty CAN HACKING BE ETHICAL? What makes hacking ethical?

ETHICAL HACKING Daniel Cloherty CAN HACKING BE ETHICAL? What makes hacking ethical?

ETHICAL HACKING Daniel Cloherty CAN HACKING BE ETHICAL? What makes hacking ethical? Legality VS Ethics State Sanctioned hacking BLACK HAT - Stereotypical Hacker -Stealing data for personal gain -Obviously not ethical -Using

1.17k views • 10 slides
Hacking Reinforcement Learning Guillem Duran Ballester Guillemdb @Miau_DB A tale about hacking

Hacking Reinforcement Learning Guillem Duran Ballester Guillemdb @Miau_DB A tale about hacking

Hacking Reinforcement Learning Guillem Duran Ballester Guillemdb @Miau_DB A tale about hacking AI-Corp Hacking RL 1. Information gathering 2. Scanning 3. Exploitation & privilege escalation 4. Maintaining access & covering tracks

960 views • 62 slides
Hacking SecondLife Michael Thumann Hacking SecondLife by Michael Thumann 2/24/08 1

Hacking SecondLife Michael Thumann Hacking SecondLife by Michael Thumann 2/24/08 1

Hacking SecondLife Michael Thumann Hacking SecondLife by Michael Thumann 2/24/08 1 Disclaimer Everything you are about to see, hear, read and experience is for educational purposes only. No warranties or guarantees implied or

692 views • 47 slides
Drone Hacking Basics Intro to UAS Architectures, Attack Vectors and RF Hacking Matt Koskela June

Drone Hacking Basics Intro to UAS Architectures, Attack Vectors and RF Hacking Matt Koskela June

Drone Hacking Basics Intro to UAS Architectures, Attack Vectors and RF Hacking Matt Koskela June 15, 2017 Outline Drone Architectures RF Basics Information Gathering RF Hacking Tools Exploits & Demos Q&A Why? Wrights Law

485 views • 27 slides
Hacking, Hacktivism, and Counterhacking April 22, 2015 Outline Vocabulary Hacking motivated by

Hacking, Hacktivism, and Counterhacking April 22, 2015 Outline Vocabulary Hacking motivated by

Hacking, Hacktivism, and Counterhacking April 22, 2015 Outline Vocabulary Hacking motivated by benign purposes Hacktivism Counterhacking Case Studies Site defacement Network exploration / Port scanning / SQL injection / . . .

522 views • 18 slides
Hacking Copenhagen ITS World Congress, Copenhagen 2018 Hacking Copenhagen Digitalising (life in)

Hacking Copenhagen ITS World Congress, Copenhagen 2018 Hacking Copenhagen Digitalising (life in)

ECF gratefully acknowledges financial support from the European Commission. Hacking Copenhagen ITS World Congress, Copenhagen 2018 Hacking Copenhagen Digitalising (life in) the city of Copenhagen using bicycles. Bicycle-as-a-Sensor 1.

278 views • 11 slides
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 10 Hacking Web Servers

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 10 Hacking Web Servers

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 10 Hacking Web Servers Objectives After reading this chapter and completing the exercises, you will be able to: Describe Web applications Explain Web application

530 views • 9 slides
Pulp Google Hacking The Next Generation Search Engine Hacking Arsenal 3 August 2011 Black Hat

Pulp Google Hacking The Next Generation Search Engine Hacking Arsenal 3 August 2011 Black Hat

Pulp Google Hacking The Next Generation Search Engine Hacking Arsenal 3 August 2011 Black Hat 2011 Las Vegas, NV Presen sented ed b by: Francis Brown Rob Ragan Stach & Liu, LLC www.stachliu.com Agenda O V E R V I E W

1.07k views • 72 slides
ZIGDIGGITY ZIGBEE HACKING TOOLKIT AUGUST 7-11, 2019 http://zigdiggity.c om NEW ZIGBEE HACKING

ZIGDIGGITY ZIGBEE HACKING TOOLKIT AUGUST 7-11, 2019 http://zigdiggity.c om NEW ZIGBEE HACKING

ZIGDIGGITY ZIGBEE HACKING TOOLKIT AUGUST 7-11, 2019 http://zigdiggity.c om NEW ZIGBEE HACKING TOOLKIT FREE, OPEN-SOURCE WHAT IS ZIGDIGGITY??? + = RaspBee radio + Raspberry Pi ZigDiggity - GitHub Code http://zigdiggity.com BISHOPFOX

617 views • 23 slides
Hacking C# CONTACT@ADAMFURMANEK.PL HTTP://BLOG.ADAMFURMANEK.PL FURMANEKADAM 1 19.08.2020

Hacking C# CONTACT@ADAMFURMANEK.PL HTTP://BLOG.ADAMFURMANEK.PL FURMANEKADAM 1 19.08.2020

Hacking C# CONTACT@ADAMFURMANEK.PL HTTP://BLOG.ADAMFURMANEK.PL FURMANEKADAM 1 19.08.2020 HACKING C# - ADAM FURMANEK About me Experienced with backend, frontend, mobile, desktop, ML, databases. Blogger, public speaker. Author of .NET

481 views • 37 slides
Ethical Hacking Finse 2019 Cyber Security Winter school Universitetet i Oslo Laszlo Erddi

Ethical Hacking Finse 2019 Cyber Security Winter school Universitetet i Oslo Laszlo Erddi

Ethical Hacking Finse 2019 Cyber Security Winter school Universitetet i Oslo Laszlo Erddi From Myself Associate Professor at UiO Teaching Ethical Hacking since 2012 Lecturer of the IN5290 Ethical Hacking at UiO Leader

878 views • 66 slides
Innovation through the www.linkedin.com/pulse/climate-change-healthcare-lucien- hacking

Innovation through the www.linkedin.com/pulse/climate-change-healthcare-lucien- hacking

CLIMATE CHANGE IN HELTHCARE : Driving Innovation through the www.linkedin.com/pulse/climate-change-healthcare-lucien- hacking engelen GIB DE MEDEIROS, PH.D. Digital Hospital Transformation Forum at HIC 2017 Brisbane, Australia HACKING

644 views • 27 slides
Hacking Telco equipment The HLR/HSS Laurent Ghigonis Security researcher at P1 Security Hacking

Hacking Telco equipment The HLR/HSS Laurent Ghigonis Security researcher at P1 Security Hacking

Hacking Telco equipment The HLR/HSS Laurent Ghigonis Security researcher at P1 Security Hacking Telco equipment: The HLR/HSS Laurent Ghigonis P1 Security 2014, Hackito Ergo Sum - Security Conference What are we talking about ? A mobile

724 views • 59 slides
Hacking in Popular Culture Week 2 Frank Chen | Spring 2017 Agenda Administrative Review

Hacking in Popular Culture Week 2 Frank Chen | Spring 2017 Agenda Administrative Review

Mr. Robot, an Emmy Award-winning TV drama starring a vigilante hacker CS 88S Hacking in Popular Culture Week 2 Frank Chen | Spring 2017 Agenda Administrative Review last weeks material Hack Hollywood Hacking: The Good, The

718 views • 45 slides
Hacking Russia: Inside an Hacking Russia: Inside an unprecedented prosecution of organized

Hacking Russia: Inside an Hacking Russia: Inside an unprecedented prosecution of organized

Hacking Russia: Inside an Hacking Russia: Inside an unprecedented prosecution of organized cybercrime Joseph Menn Agenda Agenda Why Russia matters (and differs from China) Why Russia matters (and differs from China) How three hackers got

557 views • 12 slides
Google Hacking against Privacy Emin Islam Tatl tatli@th.informatik.uni-mannheim.de

Google Hacking against Privacy Emin Islam Tatl tatli@th.informatik.uni-mannheim.de

Outline Google Hacking Privacy Searches Countermeasures Future Work Conclusion Google Hacking against Privacy Emin Islam Tatl tatli@th.informatik.uni-mannheim.de Department of Computer Science, University of Mannheim (on leave to the

389 views • 21 slides
Computer and Information Security Fall 2019 Endpoint security Tyler Bletsch Duke University

Computer and Information Security Fall 2019 Endpoint security Tyler Bletsch Duke University

ECE590 Computer and Information Security Fall 2019 Endpoint security Tyler Bletsch Duke University Overview How do you configure endpoints for better security? 1. Updates 2. Correct settings 3. Reduce attack surface 4. Limit privilege 5.

477 views • 19 slides
Databases Databases Software that stores data on disk Runs as a server and is communicated

Databases Databases Software that stores data on disk Runs as a server and is communicated

Databases Databases Software that stores data on disk Runs as a server and is communicated with via TCP sockets Provides an API to store/retrieve data The software handles the low-level file IO Allows us to think about our data,

177 views • 15 slides
Vulnerability Management Spring 2020 Jay Chen What is a vulnerability? A vulnerability is a

Vulnerability Management Spring 2020 Jay Chen What is a vulnerability? A vulnerability is a

Vulnerability Management Spring 2020 Jay Chen What is a vulnerability? A vulnerability is a cybersecurity flaw in a system that leave it open to attack. A vulnerability may also refer to any type of weakness in a computer system

407 views • 16 slides
Claim your Baruch accounts before the Baruch Honors Orientation Through this Tutorial, you will

Claim your Baruch accounts before the Baruch Honors Orientation Through this Tutorial, you will

Claim your Baruch accounts before the Baruch Honors Orientation Through this Tutorial, you will learn how to retrieve your: Baruch Username Baruchmail Student Email Account Update the email listed in Blackboard Please note, the default

459 views • 8 slides
Cisco Passwords - Enforcing Minimum Password Length Common Types of Password Attacks Brute-Force

Cisco Passwords - Enforcing Minimum Password Length Common Types of Password Attacks Brute-Force

Cisco Passwords - Enforcing Minimum Password Length Common Types of Password Attacks Brute-Force Attack - tries every possible character combination as a password. To recover a single-letter password would require up to 26 combinations. A

415 views • 8 slides
Securing Linux John Kristoff jtk@depaul.edu http://condor.depaul.edu/~jkristof/ +1 312 362-5878

Securing Linux John Kristoff jtk@depaul.edu http://condor.depaul.edu/~jkristof/ +1 312 362-5878

Securing Linux John Kristoff jtk@depaul.edu http://condor.depaul.edu/~jkristof/ +1 312 362-5878 DePaul University Chicago, IL 60604 NWU Security Day John Kristoff - DePaul University 1 Starting comments A mish-mash of

678 views • 32 slides
Setting up an edge cloud in four commands Tytus Kurek, Product Manager Ryan Beisner, Engineering

Setting up an edge cloud in four commands Tytus Kurek, Product Manager Ryan Beisner, Engineering

Setting up an edge cloud in four commands Tytus Kurek, Product Manager Ryan Beisner, Engineering Manager 2019 Agenda Evolution of the edge computing paradigm Introduction to MicroStack MicroStack - use cases MicroStack -

431 views • 15 slides
Multi-Factor Authentication (MFA) for the NCEdCloud IAM Service - Part 2 - (MFA for additional

Multi-Factor Authentication (MFA) for the NCEdCloud IAM Service - Part 2 - (MFA for additional

Multi-Factor Authentication (MFA) for the NCEdCloud IAM Service - Part 2 - (MFA for additional NCEdCloud Privileged Accounts) - Mark Scheible, MCNC MFA for All NCEdCloud Privileged Users As a part of continuing efforts to enhance the security

479 views • 14 slides

More recommend