Dünden Bugüne Exploit Dünyası
-
Upload
onur-alanbel -
Category
Presentations & Public Speaking
-
view
181 -
download
0
Transcript of Dünden Bugüne Exploit Dünyası
$id -un• Bilgisayar Mühendisi (İYTE)
• Kurucu @cricomtr (cri.com.tr)
• Geliştirici @TaintAll (taintall.com)
• Uygulama Güvenliği Araştırmacısı
• Github: github.com/onura
• Twitter : @onuralanbel
• https://packetstormsecurity.com/search/?q=onur+alanbel
VULNERABILITY VS POC VS EXPLOIT
• Vulnerability: istismar edilebilir hata (bug).
• PoC: Zafiyeti tetikleyen kod.
VULNERABILITY VS POC VS EXPLOIT
• Vulnerability: istismar edilebilir hata (bug).
• PoC: Zafiyeti tetikleyen kod.
• Exploit: Program akışını manipüle eden kod ve girdi birleşimi.
DÜN VS BUGÜN➤ Buffer Overrun
➤ Buffer Overflow
➤ Stack overflow
➤ Heap overflow
➤ UAF
➤ Double Free
➤ Memory Corruption
➤ Unbound Memory Read / Write
➤ Arbitrary Memory Read / Write
➤ Type Confusion
➤ Race Condition
➤ Logic Bugs
➤ ….
CODEProgram
Instructions
RX
STACKUserInput
RWROP
ReturnOriented
Programming
Non-Executable Memory orDEP
CODE
ProgramInstructions
RX
STACKUserInput
RW
Address Space Layout RandomizationStackHeap
DLL BaseCode Base
ASLR BYPASS• Info Leak
• Partial PC Overwrite
• Non-ASLR Components/Libraries
• Heap Spray (Nop Sled)
• PLT Overwrite
• GOT Dereference
DIĞER KORUMALAR
• Stack Canaries/Cookies
• Memory Protector, Isolated heap
• Different Data/Code Caches
• …
Kurban bir linke tıklar
UAF (CVE-2016-4657)
Arbitrary Read to Break ASLR
Arbitrary Write to Gain Code Execution
Fake NULL PointerDereference
Info Leak (CVE-2016-4655)Break KASLR
Kernel UAF (CVE-2016-4656) to Jailbreak
ARKASINDA KİM VAR?• NSO Group Technologies 2010 da kurulan İsrail çıkışlı
bir güvenlik firması.
• 200 çalışan, $40 milyon 2013, $150 milyon in 2015 yıllık gelir.
• İş tanımları: NSO Group provides "authorized governments with technology that helps them combat terror and crime”.