Exploit Development: Looking Unknown Vulnerabilities Stack Buffer Overflow LAB Part 2

HomeOther ContentExploit Development: Looking Unknown Vulnerabilities Stack Buffer Overflow LAB Part 2
Channel: InfoSecAddicts Sourced: Youtube Published 3 years ago
Exploit Development: Looking Unknown Vulnerabilities Stack Buffer Overflow LAB Part 2
Exploit Development: Looking Unknown Vulnerabilities Stack Buffer Overflow LAB Part 2
If you want to venture into Exploit Development and learn how to look for Unknown Vulnerabilities as a SOC TIER 3 analyst would do, understanding the classical buffer overflow exploits where an input buffer overwrites the stack, the function return address that is saved on the stack, and upper memory regions (where you usually place the shellcode) is very important. While many methods for writing exploits exist today, stack-based buffer overflows provided the original exploit vector. However, an abundance of these exploits exist today and continue to grow.
Let’s continue with the second part of this lab. Full explanations of buffer overflows are always a great way to demonstrate how you should think about security.

00:00 Exploit Development: Looking Unknown Vulnerabilities.
00:47 What is the Extended Instruction Pointer?
01:55 Step 5
Calculate the distance to the EIP Register
03:24 Why do we need Endianness?
Big-endian (BE) & Little-Endian (LE)
ASCII code
05:15 Step 6
Redirect Program Execution
JMP ESP
09:26 Step 7
Implementing Shellcode
10:29 Steps: Rapid review
Stack Buffer Overflow Part 1 & 2

THANK YOU!!

Interesting Infosecaddicts Blogpost:

Click Here:
https://infosecaddicts.com/pentestbox-a-great-set-of-tools-to-start-tests/
Click Here:
https://infosecaddicts.com/free-advanced-network-pen-testing-webinar/
Click Here for other posts:
https://infosecaddicts.com/

Join Our Free 21 Day hack-a-thon

Register Here: https://infosecaddicts.com/free-21-day-hack-a-thon

Some Courses you may be interested in

Defensive Cyber
Malware Analysis [https://mailchi.mp/infosecaddicts/malware-analysis]
Incident Response
Reverse Engineering [https://mailchi.mp/infosecaddicts/reverse-engineering]

Offensive Cyber
Network Penetration Tester [https://mailchi.mp/infosecaddicts/network-penetration-tester]
Web App Penetration Tester [https://mailchi.mp/infosecaddicts/web-app-penetration-tester]
Red Team professional

Joe has some free challenges available if you’re interested in joining in you can contact us using this link https://infosecaddicts.com/contact-us/.

You can also sign up for a customized plan https://infosecaddicts.com/customized-program/ if you need help/guidance in your career or in learning something new.

If you would like to learn more about our mentorship program, you can sign up here https://mailchi.mp/infosecaddicts/mentorship.

SOCIAL NETWORKS

️Like /”InfosecAddicts/” on Facebook HERE: http://bit.ly/2WQCK9a

️Follow InfosecAddicts on Twitter HERE: http://bit.ly/2JbIsxJ.

Connect with us on LinkedIn http://bit.ly/LinkedIn_InfosecAddicts
—————————————————————————————-
This content is for educational purposes only. InfosecAddicts focuses on training and preparing professionals and enthusiasts, to perform Ethical Hacking, penetration testing tasks concentrate on prevention and security, and developing the advancement and discussion of the Cybersecurity Field.

TRADEMARK LEGAL NOTICE: All product names, logos, videos, and brands are the property of their respective owners in the United States and other countries. All company, product and service names used in this video are for identification purposes only. The use of these names, logos, and brands does not imply endorsement.

#ExploitDevelopment #SOCTier #StackBufferOverflow

Take the opportunity to connect and share this video with your friends and family if you find it useful.

No Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Privacy Policy | Terms of Services | Contact us | DMCA

We adhere to fair use guidelines when quoting from other sources. We provide brief excerpts and proper attribution.

©1998-2023 Interbots