About Exploit Exercises
exploit-exercises.com provides a variety of virtual machines, documentation and challenges that can be used to learn about a variety of computer security issues such as privilege escalation, vulnerability analysis, exploit development, debugging, reverse engineering.
Nebula takes the participant through a variety of common (and less than common) weaknesses and vulnerabilities in Linux. It takes a look at
SUID files
Permissions
Race conditions
Shell meta-variables
$PATH weaknesses
Scripting language weaknesses
Binary compilation failures
At the end of Nebula, the user will have a reasonably thorough understanding of local attacks against Linux systems, and a cursory look at some of the remote attacks that are possible.
Protostar introduces the following in a friendly way:
Network programming
Byte order
Handling sockets
Stack overflows
Format strings
Heap overflows
The above is introduced in a simple way, starting with simple memory corruption and modification, function redirection, and finally executing custom shellcode. Address Space Layout Randomisation and Non-Executable memory has been disabled.
Fusion is the next step from the protostar setup, and covers more advanced styles of exploitation, and covers a variety of anti-exploitation mechanisms such as:
Address Space Layout Randomisation
Position Independent Executables
Non-executable Memory
Source Code Fortification (_DFORTIFY_SOURCE=)
Stack Smashing Protection (ProPolice / SSP)
In addition to the above, there are a variety of other challenges and things to explore, such as:
Cryptographic issues
Timing attacks
Variety of network protocols (such as Protocol Buffers and Sun RPC)
At the end of Fusion, the participant will have a through understanding of exploit prevention strategies, associated weaknesses, various cryptographic weaknesses, numerous heap implementations.
A disfrutar.
0 comentarios :
Publicar un comentario
Nota: solo los miembros de este blog pueden publicar comentarios.