Back to Cptr427Winter2010

Hacking Exposed Chapter 10: Hacking Code

Common exploit techniques

Buffer Overflows and Design Flaws

Input Validation Attacks

Stack Buffer Overflows

• Easiest and most devastating buffer overrun
• A stack is the computer memory used when functions call other functions.
• Occurs when a program writes to a memory address on the program's stack outside of the intended data structure

Countermeasures

• Practice safe and secure coding standards.
• Check your code.
• Consider prohibiting the use of old C runtime buffer functions.
• Employ stack execution protection.
• Use compiler tools.
• Eavesdropping on network password exchange
  • Countermeasures
• Man-in-the-middle attacks
  • Countermeasures

Remote Unauthenticated Exploits

• Network Service Exploits
  • Countermeasures
• End-User Application Exploits
  • Countermeasures
• Device Driver Exploits
  • Countermeasures

Authenticated Attacks

• Privilege Escalation
  • Countermeasures

Extracting and Cracking passwords

• Grabbing the Password Hashes (with pwdump)
  • Countermeasures
• Cracking passwords
  • Countermeasures
• Dumping cached Passwords
  • Countermeasures

Remote Control and Back doors

• Command-line Remote control tools
• Graphical Remote control

Covering Tracks

• Disable Auditing
• Clear event log
• Hiding files
  • Alternative Data Streams (ADS)
  • Countermeasures

General countermeasures

• Filenames: Look for suspicious filenames left over
• Registry Entries: Hunt down any rogue registry entries
• Processes: Look for unnecessary processes running
• Ports: Look for rogue connections

Windows Security Features

• Firewall
• Automated updates
• Security center
• Security policy and group policy
• Bitlocker and the Encrypted File System (EFS)

Windows Resource Protection

• Integrity Levels, UAC, and LoRIE
• Data Execution Prevention (DEP)

Service Hardening

• Service Resource Isolation
• Least Privilege Services
• Service Refactoring