.pf{position:relative;background-color:#fff;overflow:hidden;margin:0;border:0}.pc{position:absolute;border:0;padding:0;margin:0;top:0;left:0;width:100%;height:100%;overflow:hidden;display:block;transform-origin:0 0;-ms-transform-origin:0 0;-webkit-transform-origin:0 0}.bi{position:absolute;border:0;margin:0}.c{position:absolute;border:0;padding:0;margin:0;overflow:hidden;display:block}.t{position:absolute;white-space:pre;font-size:1px;transform-origin:0 100%;-ms-transform-origin:0 100%;-webkit-transform-origin:0 100%;unicode-bidi:bidi-override;-moz-font-feature-settings:"liga" 0}.t:after{content:''}.t:before{content:'';display:inline-block}.t span{position:relative;unicode-bidi:bidi-override}._{display:inline-block;color:transparent;z-index:-1}.pi{display:none}@media screen{.pf{margin:13px auto;box-shadow:1px 1px 3px 1px #333;border-collapse:separate}}.ff1{font-family:ff1;line-height:1.432;font-style:normal;font-weight:400;visibility:visible}.ff2{font-family:ff2;line-height:.966797;font-style:normal;font-weight:400;visibility:visible}.ff3{font-family:ff3;line-height:1.432;font-style:normal;font-weight:400;visibility:visible}.ff4{font-family:ff4;line-height:.941406;font-style:normal;font-weight:400;visibility:visible}.m0{transform:matrix(.320260,0,0,.320260,0,0);-ms-transform:matrix(.320260,0,0,.320260,0,0);-webkit-transform:matrix(.320260,0,0,.320260,0,0)}.ls1{letter-spacing:-.072800px}.ls0{letter-spacing:0}.sc0{text-shadow:-.015em 0 transparent,0 .015em transparent,.015em 0 transparent,0 -.015em transparent}@media screen and (-webkit-min-device-pixel-ratio:0){.sc0{-webkit-text-stroke:.015em transparent;text-shadow:none}}.ws1{word-spacing:-12.27648px}.ws0{word-spacing:-12.203680px}.ws2{word-spacing:0}._0{margin-left:-1.059840px}._1{width:1.305600px}._2{width:45.002240px}._3{width:131.707520px}.fc0{color:#000}.fs0{font-size:44.16px}.y1{bottom:0}.y2c{bottom:126.392685px}.y2b{bottom:144.988284px}.y2a{bottom:163.589008px}.y0{bottom:179.345819px}.y29{bottom:182.189731px}.y28{bottom:200.94418px}.y27{bottom:219.544903px}.y26{bottom:238.145627px}.y25{bottom:256.746351px}.y24{bottom:275.53923px}.y23{bottom:294.139954px}.y22{bottom:312.740677px}.y21{bottom:331.341401px}.y20{bottom:349.942124px}.y1f{bottom:368.696573px}.y1e{bottom:387.297296px}.y1d{bottom:405.898020px}.y1c{bottom:424.498743px}.y1b{bottom:443.253192px}.y1a{bottom:461.853916px}.y19{bottom:480.480260px}.y18{bottom:499.080983px}.y17{bottom:517.681707px}.y16{bottom:536.436155px}.y15{bottom:555.036879px}.y14{bottom:573.637602px}.y13{bottom:592.238326px}.y12{bottom:610.839050px}.y11{bottom:629.593498px}.y10{bottom:648.194222px}.yf{bottom:666.794945px}.ye{bottom:685.395669px}.yd{bottom:704.188548px}.yc{bottom:722.789272px}.yb{bottom:741.389995px}.ya{bottom:759.990719px}.y9{bottom:778.591443px}.y8{bottom:797.345891px}.y7{bottom:815.946615px}.y6{bottom:834.547338px}.y5{bottom:853.148062px}.y4{bottom:871.902510px}.y3{bottom:890.503234px}.y2{bottom:909.129578px}.h1{height:19.856144px}.h2{height:49.68px}.h3{height:50.69568px}.h0{height:1014.58492px}.w1{width:221.620191px}.w2{width:783.997426px}.w0{width:783.997438px}.x1{left:.000012px}.x2{left:92.265726px}.x3{left:115.324474px}.x4{left:138.378098px}.x0{left:164.613841px}

CSE 127 Lecture 6: L6 10/11/18

If the attacker doesn"t know where in memory their shellcode is stored, then it"s hard to make the processor jump there. Add a random offset to stack base. Assumption: hard for attackers to guess the location of their shellcode on the stack. Information leak: reveals where things are in the stack. Longer nop sled: sled all the way to my shellcode. Aslr extends the concept to other sections of process memory. Requires compiler, linker, and loader support! (quite expensive) Allocate jizillions of copies of the shellcode (w/ big nop sleds) and then jump blindly into the heap. Stopping malicious code injection doesn"t stop malicious code from being executed! B/c of the fixed width, it is possible to overflow or wrap max expressible # for the type used. I. e. -1: it"ll be treated as unsigned (all 1"s, so super large malloc()) If (buf == null) return; void *concatbytes( void *buf1, unsigned int len1, char *buf2, unsigned int len2)

United States

Introduction to Computer Security

Computer Science and Engineering

Savage, Stefan

University of California - San Diego

Organismic and Evolutionary Biology

Computer Networks

Database Systems Applications

Introduction to Modern Cryptography

Programming Languages: Principles and Paradigms

Introduction to Artificial Intelligence: Search and Reasoning

Online Database Analytics Applications

Database System Principles

Principles of Computer Operating Systems

Introduction to Computer Architecture

Topics in Computer Science and Engineering

Computer Graphics

Rome, Christianity, and the Middle Ages

Renaissance, Reformation, and Early Modern Europe

Language, Culture, and Education

Networked Services

Software Engineering

Web Client Languages

All Subjects

Accounting

Mathematics

Statistics

Computer Science

Calculus

Psychology

Management

Biology

Physics

Chemistry

Electrical Engineering

Mechanical Engineering

Marketing

Music

History

Project Management

Business

Architecture

Geography

Science

Nursing

Information Technology

Engineering

English

Finance

Philosophy

Astronomy

Communications

Sociology

Anthropology

Prealgebra

Algebra

Precalculus

Ethics

Geometry

Probability

Economics

CSE 127 Lecture 6: L6 10/11/18

Document Summary

Get access