Learn Buffer Overflows from one of the masters - Stephen Sims - SANS instructor, course developer and well known reverse engineer with over 20 years of experience!
Big thanks to Brilliant for sponsoring this video! Get started with a free 30 day trial and 20% discount: https://brilliant.org/DavidBombal
// A bit about Stephen //
Stephen is an industry expert with over 20 years of experience in information technology and security. He's authored SANS most advanced course, SEC760: Advanced Exploit Development for Penetration Testers, was the 9th person in the world to earn the GIAC Security Expert certification (GSE), and co-author of the Gray Hat Hacking book series, as well as a keynote speaker who's appeared at RSA USA and APJ, OWASP AppSec, BSides events and more. On top of all this, Stephen is Curriculum Lead for SANS Offensive Operations.
// Stephen's Social //
Twitter: https://twitter.com/Steph3nSims
YouTube Live: https://www.youtube.com/@OffByOneSecurity/streams
YouTube videos: https://www.youtube.com/@OffByOneSecurity/videos
E-mail: Stephen(at)deadlisting.com
SANS: https://www.sans.org/profiles/stephen-sims/
// Stephen's Book //
Grey Hat Hacking: https://amzn.to/3B1FeIK
// David's Social //
Discord: https://discord.gg/davidbombal
X: https://www.twitter.com/davidbombal
Instagram: https://www.instagram.com/davidbombal
LinkedIn: https://www.linkedin.com/in/davidbombal
Facebook: https://www.facebook.com/davidbombal.co
TikTok: http://tiktok.com/@davidbombal
// Menu //
00:00 - Buffer overflows
00:50 - Sponsor
01:36 - Stephen Sims introduction
03:21 - Overview of buffer overflows
04:44 - Future of buffer overflows
09:17 - C program demo
14:14 - strcopy vulnerability
14:45 - Shell code role
18:45 - Rust vs C?
20:05 - Rust vs other languages
21:23 - Heap & stack memory
26:32 - SigRed vulnerability
29:02 - DNS query role
30:49 - Heap overflow cause
35:00 - No args program check
37:06 - Program overview
41:10 - Hex & Stack
42:29 - Buffer overflow demo
42:53 - Determining buffer size
45:03 - Authentication bypass
50:33 - ASLR & Exploitation
52:01 - Memory & Environment
// Detailed outline of video: //
00:00:01 - Buffer overflow intro
00:00:12 - Pattern tool importance
00:00:27 - Overwriting return point
00:00:38 - Return to system function
00:00:44 - Authentication bypass success
00:00:50 - Advert
00:01:58 - Stephen's intro & channel
00:03:21 - Stephen on buffer overflows
00:03:42 - Buffer overflow history
00:04:18 - Mitigations & shadow stacks
00:04:44 - Future of buffer overflows
00:05:54 - Shadow stack obstacles
00:06:04 - Understanding tech basics
00:06:19 - Microsoft & IoT implementations
00:06:27 - Buffer overflow concept
00:08:53 - Buffer overflow explanation
00:09:17 - C program demo
00:11:04 - User input handling
00:12:53 - 'A' letter in debugging
00:13:47 - Vulnerable program recap
00:14:14 - strcopy vulnerability
00:14:45 - Shell code role
00:15:42 - Stack overflow goal
00:15:58 - Mitigation techniques
00:16:18 - Data execution prevention
00:18:29 - Stack pop & language benefits
00:18:38 - Old-school attacks
00:18:45 - Rust vs C?
00:18:52 - Microsoft & Rust
00:19:20 - Rust benefits
00:19:37 - Transitioning to Rust
00:20:05 - Rust vs other languages
00:20:34 - C++ legacy queries
00:20:57 - Retraining devs
00:21:13 - Command line intro
00:21:23 - Heap & stack memory
00:21:42 - Memory code segment
00:22:03 - Stack memory understanding
00:22:37 - Dynamic memory usage
00:26:32 - SigRed vulnerability
00:27:13 - Disassembly importance
00:27:46 - Machine code relation
00:28:01 - Vulnerable code snippets
00:28:35 - Size argument complexity
00:29:02 - DNS query role
00:29:56 - Memory allocation in DNS
00:30:49 - Heap overflow cause
00:31:53 - Server-side vulnerability
00:32:18 - Explanation compliments
00:32:21 - Mitigation discussion
00:34:10 - Checking ID
00:34:16 - UID & processes
00:34:32 - C arguments
00:35:00 - No args program check
00:35:46 - Calling vulnerable function
00:36:05 - Creating checkpw function
00:37:06 - Program overview
00:37:55 - Buffer overflow talk
00:38:27 - Program compiling
00:41:10 - Hex & Stack
00:41:18 - checkpw vulnerability
00:41:44 - Buffer size
00:42:29 - Buffer overflow demo
00:42:53 - Determining buffer size
00:44:06 - Return pointer exploit
00:45:03 - Authentication bypass
00:46:47 - Return-to-libc & DEP
00:47:16 - System function manipulation
00:47:45 - Memory address exploit
00:49:23 - Command execution
00:50:33 - ASLR & Exploitation
00:52:01 - Memory & Environment
00:53:48 - Return-to-libc talk
buffer
buffer overflow
buffer overflow attack
windows
linux
exploits
Disclaimer: This video is for educational purposes only. I own all equipment used for this demonstration. No actual attack took place on any websites.
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
#bufferoverflow #linux #windows