Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
If you have some interesting news or want to throw up a link to discuss it, here's the place. Anything is okay, even shameless vendor launches (since that is often applicable to what we work on). 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Format String Vulnerabilities Video Primer
Posted by: ramaz
Date: June 04, 2009 10:50AM

Hello All,

After covering Assembly Language and Buffer Overflow ( ) basics in detail, I am now moving on to Format String Bugs. This will also be around a 8 part video series, so please bear with me. I will be posting the videos on this thread as I make them.

Video 1: The Basics

In this first video of the series, we will understand the basics of format strings and format functions and we will look at a simple case where information leakage happens due to a format string vulnerability being present.

http://securitytube.net/Format-String-Vulnerabilities-Primer-(Part-1-The-Basics)-video.aspx

Options: ReplyQuote
Re: Format String Vulnerabilities Video Primer
Posted by: ramaz
Date: June 05, 2009 12:33PM

Hello All,

Here is the next set of videos:

1. Format String Vulnerabilities Primer (Part 2 Understanding Format Functions)

In this video we will try to understand why functions such as Printf are susceptible to Format String attacks. This video is very hands on in nature - we will explore the stack of a vulnerable program using GDB and see how the Printf function interprets the format string to decide on the number of arguments it should pick from the stack.

http://securitytube.net/Format-String-Vulnerabilities-Primer-(Part-2-Understanding-Format-Functions)-video.aspx



2. Format String Vulnerabilities Primer (Part 3 Crashing the Program)

In this video we will look at how a Format String Vulnerability can be used to crash a program. This could be used by a remote attacker to launch a Denial of Service attack on a server running a vulnerable daemon.

http://securitytube.net/Format-String-Vulnerabilities-Primer-(Part-3-Crashing-the-Program)-video.aspx



3. Format String Vulnerabilities Primer (Part 4 Viewing the Stack)

In this video we will look at how a Format String Vulnerability can be used to view the program stack.

http://securitytube.net/Format-String-Vulnerabilities-Primer-(Part-4-Viewing-the-Stack)-video.aspx



Comments and Feedback welcome!

Options: ReplyQuote
Re: Format String Vulnerabilities Video Primer
Posted by: thrill
Date: June 05, 2009 10:54PM

@ramaz

I know a lot of people might not take the time to thank you, but I wanted to extend a sincere thanks for being such a contributing member of this board. Your videos and tutorials are amazingly helpful. Thank you!

--thrill

---

It is not the degrees you hold, but the mind you possess. - thrill

Options: ReplyQuote
Re: Format String Vulnerabilities Video Primer
Posted by: Gareth Heyes
Date: June 06, 2009 05:09AM

Yeah what thrill said, awesome stuff these videos rock. I'm going to watch every one

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
Re: Format String Vulnerabilities Video Primer
Posted by: ramaz
Date: June 07, 2009 01:35PM

@thrill and @Gareth Heyes,

Thanks a lot for the encouragement! I am really glad to hear you liked the videos! :)

Options: ReplyQuote
Re: Format String Vulnerabilities Video Primer
Posted by: Anonymous User
Date: June 07, 2009 04:04PM

Same for me - I even have to confess I downloaded all the mp4s in case sectube goes down :)

Great work ramaz!

Options: ReplyQuote


Sorry, only registered users may post in this forum.