Help Me !!

Why do sec. courses no teach how to bypass buffer overflow protections?

This topic contains 2 replies, has 2 voices, and was last updated by  xenofrog 3 years, 5 months ago.

  • Author
    Posts
  • #9623

    redmond
    Participant

    For the past couple of months I’ve been learning about exploiting buffer overflows. It’s taken a while due to gaps in knowledge and not being able to dedicate much time toward learning.
    I’ve gone through numerous guides, videos, papers etc and none of them really mentioned that the old school methods of exploiting buffer overflows will no longer work on modern operating systems due to various protections i.e: canaries, ASLR, DEP etc.
    Yesterday was the first time I’d heard about ROP (Return Orientated Programming).
    Why do modern security courses not teach this? The guides/books I’ve read tell you to turn off address randomization beforehand. But, this makes no sense to me because exploiting in a real environment or over a network, such things are not possible.
    Does anyone know of any up to date resources that go into more detail on bypassing BOF protection mechanisms and ROP?
    Ps. apologies for typo in title.

  • #9624

    redmond
    Participant

    apologies for typo in title.

  • #9625

    xenofrog
    Participant

    Two main reasons. The first is that you need to build up your knowledge. Imagine trying to jump into ROP (pun intended), heap spraying etc without first understanding what problem it’s trying to fix. When I teach exploitation, I take this approach. You’re able to apply each protections and see how it affects your payload. You can then change technique in an attempt to bypass the protections, one at a time.
    The other reason, is some people stop learning exploitation after buffer overflows. It’s a fairly simple technique and much of the material out there is outdated and the author never kept up with modern exploitation techniques.
    It’s frustrating, but keep going and never stop learning!

You must be logged in to reply to this topic.


Back to Top ↑