Dünden Bugüne Exploit Dünyası
31
DÜNDEN BUGÜNE EXPLOIT DÜNYASI Onur ALANBEL
-
Upload
onur-alanbel -
Category
Presentations & Public Speaking
-
view
181 -
download
0
Transcript of Dünden Bugüne Exploit Dünyası
DÜNDEN BUGÜNE EXPLOIT DÜNYASI
Onur ALANBEL
$id -un• Bilgisayar Mühendisi (İYTE)
• Kurucu @cricomtr (cri.com.tr)
• Geliştirici @TaintAll (taintall.com)
• Uygulama Güvenliği Araştırmacısı
• Github: github.com/onura
• Twitter : @onuralanbel
• https://packetstormsecurity.com/search/?q=onur+alanbel
VULNERABILITY VS POC VS EXPLOIT
• Vulnerability: istismar edilebilir hata (bug).
VULNERABILITY VS POC VS EXPLOIT
• Vulnerability: istismar edilebilir hata (bug).
• PoC: Zafiyeti tetikleyen kod.
VULNERABILITY VS POC VS EXPLOIT
• Vulnerability: istismar edilebilir hata (bug).
• PoC: Zafiyeti tetikleyen kod.
• Exploit: Program akışını manipüle eden kod ve girdi birleşimi.
NEREDE BULUNURLAR?
NEDEN KULLANILIRLAR?
• Yetkisiz Erişim
• Yetki Yükseltme
SMASHING THE STACK1996-11-08
MORRIS WORM1988-11-02
MS08-067
• RPC RCE
• Conficker
DÜN VS BUGÜN
• SDLC (no stack overflow?)
DÜN VS BUGÜN
DÜN VS BUGÜN➤ Buffer Overrun
➤ Buffer Overflow
➤ Stack overflow
➤ Heap overflow
➤ UAF
➤ Double Free
➤ Memory Corruption
➤ Unbound Memory Read / Write
➤ Arbitrary Memory Read / Write
➤ Type Confusion
➤ Race Condition
➤ Logic Bugs
➤ ….
CODEProgram
Instructions
RX
STACKUserInput
RWX
CODEProgram
Instructions
RX
STACKUserInput
RWROP
ReturnOriented
Programming
Non-Executable Memory orDEP
CODE
ProgramInstructions
RX
STACKUserInput
RW
Address Space Layout RandomizationStackHeap
DLL BaseCode Base
ASLR BYPASS• Info Leak
• Partial PC Overwrite
• Non-ASLR Components/Libraries
• Heap Spray (Nop Sled)
• PLT Overwrite
• GOT Dereference
SANDBOX
Target Process
OS Components
Limited Access
Other Processes
Kernel
shellcode
UserProcess
Trigger aNULLPointer
Dereference
Kernel
shellcode
UserProcess
Run/Read
Kernel
PAGEZEROinaccessable
UserProcess
:(
Compatibility Issues
ROP
Kernel
Fake Stack
UserProcess
SMEP
Supervisor Mode Execution Prevention
ROPFake StackKernel User
Process
SMEP/SMAP
Supervisor Mode Access Prevention
KASLR BYPASS
• Info Leak
• Partial PC Overwrite
• Side Channel Attacks (Usually Time Based)
DIĞER KORUMALAR
• Stack Canaries/Cookies
• Memory Protector, Isolated heap
• Different Data/Code Caches
• …
PEGASUS OLAYI
• Milyon Dolarlık Exploit Nasıl Gözükür?
Kurban bir linke tıklar
UAF (CVE-2016-4657)
Arbitrary Read to Break ASLR
Arbitrary Write to Gain Code Execution
Fake NULL PointerDereference
Info Leak (CVE-2016-4655)Break KASLR
Kernel UAF (CVE-2016-4656) to Jailbreak
ARKASINDA KİM VAR?• NSO Group Technologies 2010 da kurulan İsrail çıkışlı
bir güvenlik firması.
• 200 çalışan, $40 milyon 2013, $150 milyon in 2015 yıllık gelir.
• İş tanımları: NSO Group provides "authorized governments with technology that helps them combat terror and crime”.
GÜNDEM
• Siber Silah
• Siber Caydırıcılık
• Aktif Siber Savaş
![[Exploit]Exception Handler](https://static.fdocument.pub/doc/165x107/563dbb0e550346aa9aa9e7d6/exploitexception-handler.jpg)
![Desarrollo de exploit para infraestructura crítica [GuadalajaraCON 2013]](https://static.fdocument.pub/doc/165x107/5595a24e1a28ab27748b458d/desarrollo-de-exploit-para-infraestructura-critica-guadalajaracon-2013.jpg)
![[Exploit]Stack Overflow - INSECT](https://static.fdocument.pub/doc/165x107/563dbb66550346aa9aacd50d/exploitstack-overflow-insect.jpg)
