From Dev to InfoSec Part 4: Buffer Overflows Made My Brain Hurt

EH-Net - Bango - From Dev to InfoSec Part 4: Buffer Overflows Made My Brain Hurt - Arnold!While I’ve written a lot of code in my time, I don’t think I’ve ever firmly appreciated how complex it can be to write secure code. We go about our lives taking for granted that our apps will just work, and hopefully the programmers used the right techniques to not get us in trouble. Recently, I’ve started exploring buffer overflows (BOFs) as part of my Penetration Testing Professional (PTP) course by eLearnSecurity. I had heard the term “buffer overflow” and have actually seen it happen while using an application but never from a security angle. Generally, it appeared as an app crash that was resolved by restarting it, resolving my immediate issue and allowing me to carry on. But I always knew that there was much more happening underneath. This article is a braindump of my deeper exploration into buffer overflows in an attempt to reinforce this new knowledge in my own head. Hopefully it can help you, too.