Last Stage Of Delirium Research Group UNIX Assembly Codes Development for Vulnerabilities
2Last Stage of Delirium Research Group
UNIX assembly codes development for vulnerabilities illustration purposes
The main goal of this presentation is to provide a brief introduction into the development of low-level assembly routines, used in proof of concept codes for specific class of vulnerabilities such as buffer overflow and format strings. These assembly routines (with shellcode execution as the simplest example) seem to play the critical role in such attacks and their preparation often requires using appropriate techniques specific for a given operating system. In our presentation we will focus mainly on RISC-based commercial operating systems such as Irix/MIPS, Solaris/SPARC, HP-UX/PA-RISC and Aix/PowerPC/POWER.
In the following sections of our presentation we will discuss different aspects of creating forementioned assembly routines. At the beginning we will present the functionality of various routines, in the context of active/passive and local/remote attacks. Next, we will provide the comparative look of each of the discussed operating system platform in the context of a given processor architecture and its machine language specifics. Then, we will try to present the main problems involved with a development of such assembly routines for selected operating systems along with appropriate solutions that may be used in such cases. As the presentation will be done from the code developers' point of view, it will be enriched with some illustrative examples.
At the end, we will provide some sort of summary and discuss the motivations for developing such codes. Along with the presentation, an accompanying technical document will be provided, containing more detailed discussion concerning presented techniques with regard to larger set of operating systems/platforms. This paper should be considered as a sort of complementary material to our presentation. In its appendix, the ready to use sample codes for every discussed system will be also included.
Last Stage of Delirium Research Group is a non-profit organization established in 1996 in Poland. Its main fields of activity cover various aspects of modern network and information security, with special emphasis on analysis of technologies for gaining unauthorized accesses to systems (including the actual search for vulnerabilities, developing reverse engineering tools, proof of concept codes as well as general technologies for exploitation of vulnerabilities). The group has significant experience in performing penetration tests (based upon own codes, tools and techniques) as well as in design and deployment of security solutions for complex network infrastructures including experiments with Intrusion Detection and Prevention Systems.
The group consists of four members, all graduates (M.Sc.) of Computer Science from the Poznan University of Technology. For the last six years they have been working as Security Team at Poznan Supercomputing and Networking Center. As the LSD Research Team, they have also discovered several vulnerabilities for commercial systems and provided proof of concept codes for many others. More information including samples of their work can be found at the LSD website.
Black Hat - USA - 2001 Hacking conference
#hacking, #hackers, #infosec, #opsec, #IT, #UNIX