Lead Image © Maksim Kabou, 123RF.com
From debugging to exploiting
Secure Code
A number of modern protections are used to make software a bit more secure. Some of these are kernel based, whereas others are compiler based. In this article, I present a proof of concept capable of bypassing protections and exploiting code.
Many published papers have focused on the exploitation of ELF (executable and linkable format) binaries – a Linux standard file format – which bypasses modern protection techniques. (Table 1 lists a few techniques discussed in this article.) However, in some scenarios in which security has not historically been in the forefront, these protections are never applied, or, if so, the software holds many flaws that can still lead to a successful exploitation.
Table 1
Security Techniques
| Acronym | Method |
|---|---|
| ASLR | Address space layout randomization |
| NX/DEP | No-execute bit/data execution prevention |
| RELRO | Relocation read-only |
| SSP | Stack smashing protector |
| PIE | Position-independent executable |
Modern
...
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
- CERN Announces Search for Dark Matter
-
How Open Source Helped CERN Find the Higgs Boson
CERN uses open source software to find the source code of our existence. -
Profiling Python code
Profiling your Python code – as a whole or by function – shows where you should spend time speeding up your programs. -
Profiling Python Code
Profiling Python code – as a whole or by function – shows where you should spend time speeding up your programs.
- CERN Announces an Effort to Update its Particle Physics Strategy