EVERNICK & RUINA :: Windows System Hacking Techinique

Windows System Hacking Technique - Stack Exploit Tutorial Contents 1 - Classic Technique Review.pdf

Windows System Hacking Technique - Stack Exploit Tutorial Contents 1 - Classic Technique Review.pdf

Windows System Hacking Technique - Stack Exploit Tutorial Contents 2 - Win32ShellCode & About Defence Technique.pdf

Windows System Hacking Technique - Stack Exploit Tutorial Contents 2 - Win32ShellCode & About Defence Technique.pdf

Windows System Hacking Technique - Stack Exploit Tutorial Contents 3 - SEH & SEH Handler Overwrite.pdf

Windows System Hacking Technique - Stack Exploit Tutorial Contents 3 - SEH & SEH Handler Overwrite.pdf

Windows System Hacking Technique - Stack Exploit Tutorial Contents 4 - RPL & ROP.pdf

Windows System Hacking Technique - Stack Exploit Tutorial Contents 4 - RTL & ROP.pdf

Windows System Hacking Technique - Stack Exploit Tutorial Contents 5 - Heap & Heap Spray.pdf

Windows System Hacking Technique - Stack Exploit Tutorial Contents 5 - Heap & Heap Spray.pdf

Windows System Hacking Technique - Stack Exploit Tutorial Contents 6 - ByPass Defence Technique Win7.pdf

Windows System Hacking Technique - Stack Exploit Tutorial Contents 6 - ByPass Defence Technique Win7.pdf

※ 용량 상 분할해서 올립니다.

설명

윈도우즈 환경의 기본적인 버퍼 오버플로우 취약점부터 현재 Windows 7 환경까지의 널리 알려진 공격 기법 및 보호 기법을 예제와 프로그램을 통해 습득하기 위해 작성되었습니다.

문서는 총 6개의 문서로 제작되었으며, 문서에 문제가 있는 부분은 메일이나 덧글을 통해 연락주시면 감사하겠습니다.

Table of Contents(목차)

0. Testing Environment

0.1 Testing Environment

1. Software Vulnerability Review

1.1 Buffer OverFlow

1.2 Format String Bug

1.3 Integer OverFlow(추가해야함)

2. Classic Technique Review

2.1 Writing RET Based Buffer OverFlow Exploits

2-1-1. Direct-RET

2-1-2. Trampoline

2-1-3. Real Application Attack(A-PDF All to MP3)

3. Win32 ShellCode

3-1. Making Win32 ShellCode

3-2. Win32 ShellCode Unicode Problem

3-3. Making Universal ShellCode

3-4. Using Metasploit Payload and Encoder

4. About Defence Technique

4-1. GS(Stack Guard)

4-2. SafeSEH(SEH Handler Validation Check)

4-3. DEP(Data Execution Prevension)

4-4. ASLR(Address Space Layout Randomization)

4-5. SEHOP(Structured Error Handling Overwrite Protection)

5. SEH(Structured Error Handling)

5-1. SEH(Structured Error Handling)?

5-2. Debugging SEH Chain

5-2-1. Using OllyDbg

5-2-2. Using WinDbg

5-3. Debugging Stack View On The SEH Chain

5-3-1. Build Visual Studio 6.0(SEH3)

5-3-2. Build Visual Studio 2005(SEH4)

6. Writing SEH Based Buffer OverFlow Exploits

6-1. SEH Handler OverWrite

6-1-1. Debugging GS Option Enable

6-1-2. Check SafeSEH

6-1-3. Writing Exploit

6-2. Real Application Attack(MP3 CD Converter)

7. RTL(Return To Library)

7-1. About DEP

7-2. RTL(Return To Library)

7-3. Chaining RTL

7-4. Problem Of RTL?

8. ROP(Return Oriented Programming)

8-1. ROP(Return Oriented Programming)?

8-2. Gadjet

8-3. Weapon

8-3-1. API Chain

8-3-2. Function Parameter

8-3-3. Weapon Test by DEP Policy(OptOut, AlwaysOn)

8-4. Flowing Going To ROP

8-4-1. RET Based

8-4-2. SEH Based

8-5. ROP Based Exploit Composition

8-5-1. StackPivot

8-5-2. ROP Chain(General-purpose Registers or Stack?)

8-6. Training ROP Based Exploit ROP by POC Code

8-7. Universal ROP Exploit

8-8. Using mona.py Plug-in

8-9. RET Based ROP - BlazeDVD - DEP(OptOut)

8-10. SEH Based ROP - WireShark - DEP(AlwaysOn)

9. Heap

9-1. About Heap

9-2. Debugging Heap

10. Heap Spray Part 1 : Basic Scripting

10-1. Heap Spray?

10-2. Debugging String Allocation by JavaScript

10-2-1. Basic String Allocation

10-2-2. String Allocation by Unescape()

10-3. Heap Spray Memory Layout

10-3-1. Desired Heap Spray Memory Layout

10-3-2. Heap Spray Script by Exploit-DB(IE6)

10-3-3. Heap Spray Script by Exploit-DB(IE7)

10-4. Reliability Pointer Verification by Heap Spray Code(IE6 and IE7)

10-5. Exploit by Heap Spray - RSP MP3 Player(OCX ActiveX BOF)

10-6. Non Browser Heap Spray

10-6-1. Adobe PDF Reader - JavaScript

10-6-2. Adobe Flash Player - Action Script

10-6-3. MS Office - VB Script

11. Heap Spray Part 2 : ROP Heap Spray

11-1. Internet Explorer 8 Problem

11-2. ByPass DEP by Heap Spray Composition

11-2-1. ROP Heap Spray Memory Layout

11-2-2. Flowing Going To ROP Chain

11-3. Converting Exploit Code – RSP MP3 Player

11-4. [ETC] Corelan Team FF/IE8/IE9/IE10 Heap Spray Script

12. ByPass Defence Technique of Windows 7

11-1. ASLR(Address Space Layout Randomization)

11-1-1. Debugging ASLR

11-1-2. ByPass ASLR with DEP - BlazeDVD

11-2. SEHOP(Structured Error Handling Overwirte Protection)

11-2-1. Debugging SEHOP Enable

11-2-2. Execution Condition by _except_handler3()

11-2-3. ByPass SEHOP - AudioTran - SEH Scope Table Overwrite

'Documents > Writing Documents' 카테고리의 다른 글

리눅스 버퍼오버플로우 기초 (0)	2016.03.13
리버스 엔지니어링 기초 (2)	2016.03.13
리눅스 기초 문서 (1)	2016.03.13
침해 사고가 발생한 서버를 분석하여 시나리오 재구성[진행 중] (0)	2015.12.17
시나리오로 알아보는 APT (0)	2015.12.17

일	월	화	수	목	금	토
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30

EVERNICK & RUINA

Windows System Hacking Techinique - Stack Exploit Tutorial 문서

'Documents > Writing Documents' 카테고리의 다른 글

티스토리툴바

'Documents > Writing Documents' 카테고리의 다른 글

검색

티스토리툴바