Computer Security : Memory Controlr Overflow

Initially the Linux (Ubuntu) is run on an virtual machine using VMWARE. The attack performed is on the IP address of the Linux OS.

the server binds the socket S to a local address, which is optional for a client. The server then

After initial intrusion malicious software is installed on victim host that is re-ferred as RAT (remote access Trojan). RAT takes the responsibility to connect with attacker and regularly performed the actions that instructed by attacker. At this intruder take the full command and control (C2) over target host. The fact is that the initial connection is established by victim host, not by the attacker [6]. This will happens mainly for two reasons: (i) organizations firewall usually allows the connections initialized by internal hosts, and (ii) this will help the attacker to not to detected easily. Because intrusion detection systems [7] can easily detect the extremely suspicious activity such as downloads from outside hosts.

The attack is carried out on a closed environment using a local web server to host the

The Shellshock bug in GNU Bash also known as CVE-2014-6271 is an exploit where an attacker can execute arbitrary commands to a victims system. These commands can perform remote code execution on vulnerable machines. The vulnerability is present in Bash version 4.3 and under. The bug was has been in the wild for about 20 years and it was discovered by Stephane Chazelas. One of the exploits CVE-2014-6271 causes is remote code execution via CGI scripting. Common Gateway Scripting is a common method used to generate dynamic content on Web pages and Web applications.

We will first look at some known flaws in Windows 7 and Windows 8. An Information Security Engineer at Google had decided to reveal a flaw that affected two of Microsoft’s newest operating systems that allowed attackers to obtain higher privileges on an unpatched computer. The vulnerability was caused due to an error within the ‘win32k.sys’ when it processes

On April 4th of this year, Microsoft issued security bulletin MS15-034; this security bulletin explains a vulnerability that “could allow remote code execution if an attacker sends a specially crafted HTTP request to an affected Windows system.” Later, on June 9th, Microsoft issued another security bulletin, MS15-056; this security bulletin explains a vulnerability that “could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who

Instead of having one physical piece of hardware that could fail, setup virtualization with redundancy. Virtualization platforms today have the ability to shift

Which tool and application were used to exploit the identified vulnerability on the targeted Microsoft® Windows 2003 XP server?

This would mean programmers would have to edit their code every time they changed machines or added more memory (Lemley, 1999). Early computers had small amounts of RAM because storage technology was very expensive. Programmers had to store master copies of programs on a secondary storage system and pull pieces into RAM as needed. The process of deciding which pieces to pull and which parts of RAM to replace was called “overlaying” (Denning, 2012). “It was estimated that most programmers spent half to two-thirds of their time planning overlay sequences. A reliable method of automating it had potential to increase programmer productivity and reduce debugging by several fold” (Denning, 2012). Thus, the concept of virtual memory was born. This concept makes use of the computer’s hard drive when main memory runs out. However, the hard drive is significantly slower than RAM so we want to keep most of the program functioning in RAM thus specialized hardware and software is needed to give the illusion of unlimited available fast memory (Lemley, 1999). This hardware converts a “virtual” address to a physical address in memory. Aside from virtually increasing memory size, virtual memory also provided three additional benefits, “it isolated users from each other, it allowed dynamic relocation of program pieces within RAM, and it provided read – write access control to individual pieces” (Denning, 2012). It is for these

System/application attacks fall within three categories: denial or destruction, alteration, and disclosure. This paper will cover some common system/application domain vulnerabilities: unauthorized physical and logical access to resources, weaknesses in server operating system and application software, and data loss.

Processes can communicate using any of the traditional UNIX-type mechanisms, where, the Linux permissions still apply. Android also provides Inter Process Communication (IPC) mechanisms: [4]

An exploit module executes a sequence of commands to target a specific vulnerability found in a system or application. An exploit module takes advantage of a vulnerability to provide access to the target system. Exploit modules include buffer overflow, code injection, and web application exploits.

Mechanisms should be in place at the endpoint to ensure that only known and authorized application code (whitelist) including binaries, scripts, libraries are allowed to execute on the endpoint to prevent the endpoint from being compromised by malicious code. All other execution attempts should be halted, logged and reported. The security management system may update the

When an “application A” need to work with another “application B” which already have a sandbox environment created (therefore without access to other system resources), “application B” will exchange its resources located in the sandbox area with “application A” without interaction with other resources. (Schreuders, McGill, and Payne. 2013)