From Dev to InfoSec Part 4: Buffer Overflows Made My Brain Hurt

Viewing 2 reply threads
  • Author
    Posts
    • #169658
      Rey Bango
      Participant

      EH-Net - Bango - From Dev to InfoSec Part 4: Buffer Overflows Made My Brain Hurt - Arnold!While I’ve written a lot of code in my time, I don’t think I’ve ever firmly appreciated how complex it can be to write secure code. We go about our lives taking for granted that our apps will just work, and hopefully the programmers used the right techniques to not get us in trouble. Recently, I’ve started exploring buffer overflows (BOFs) as part of my Penetration Testing Professional (PTP) course by eLearnSecurity. I had heard the term “buffer overflow” and have actually seen it happen while using an application but never from a security angle. Generally, it appeared as an app crash that was resolved by restarting it, resolving my immediate issue and allowing me to carry on. But I always knew that there was much more happening underneath. This article is my braindump of my deeper exploration in an attempt to make reinforce this new knowledge in my own head. Hopefully it can help you, too.

      [See the full article at: From Dev to InfoSec Part 4: Buffer Overflows Made My Brain Hurt]

    • #169662
      Don Donzal
      Keymaster

      Ahnud!

    • #170032
      Michael J. Conway
      Participant

      I love the brain dump on BOFs. I was at a company sponsored class over the summer and wrote an exploit for Adobe flash the same way you just did. I hadn’t done one of those in a while and forgot how much fun it really is. For the class we had access to IDA Pro as well as another tool similar to the old Ollydbg, x64dbg. And while those tools certainly do help, having a tool for fuzzing is essential. And yes, some machine code experience also helps. Again thanks for the write-up.

Viewing 2 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?