15
Софтверски сигурностни пропусти – детекција и превенција Даме Јованоски

Vulnerability Discovery (MK)

Embed Size (px)

DESCRIPTION

Откривање на ранливости

Citation preview

Page 1: Vulnerability Discovery (MK)

Софтверски сигурностни пропусти – детекција и превенција

Даме Јованоски

Page 2: Vulnerability Discovery (MK)

Предизвици Pwn2own – Предизвик за пронаоѓање на

пропусти во пребарувачите(IE,Mozzila Firefox и Google Chrome)

Награда:$100,000. Hex-Rays –пронаоѓање на сигурностни

пропусти во нивните продукти Награда: $3000. Google предизвик за наоѓање на

сигурностни пропусти во Chrome Награда:$20,000.

Page 3: Vulnerability Discovery (MK)

Факти

Page 4: Vulnerability Discovery (MK)

IEEE Computer Magazine

Page 5: Vulnerability Discovery (MK)

Geekonomics: The Real Cost of Insecure Software

The Real Cost of Insecure Software •   In 1996, software defects in a Boeing 757 caused a crash that

killed 70 people… •   In 2003, a software vulnerability helped cause the largest U.S.

power outage in decades… •   In 2004, known software weaknesses let a hacker invade T-

Mobile, capturing everything from passwords to Paris Hilton’s photos…

•   In 2005, 23,900 Toyota Priuses were recalled for software errors that could cause the cars to shut down at highway speeds…

•   In 2006 dubbed “The Year of Cybercrime,” 7,000 software vulnerabilities were discovered that hackers could use to access private information…

•   In 2007, operatives in two nations brazenly exploited software vulnerabilities to cripple the infrastructure and steal trade secrets from other sovereign nations…

Page 6: Vulnerability Discovery (MK)

Stuxnet – компјутерски црв (цел на напад – SCADA

системи)

Page 7: Vulnerability Discovery (MK)

Срцето на Stuxnet црвот

Page 8: Vulnerability Discovery (MK)

Циклус на развој на програми кои ги користат софтверските

пропусти

Процес или циклус на развој на програми кои ги искористуваат софтверските сигурностни пропусти

Page 9: Vulnerability Discovery (MK)

Целта на напѓачот Напаѓачот има за

цел да пристапи до системот којшто го напаѓа ескалирање за придобивање на привилегии т.е ring0.

Page 10: Vulnerability Discovery (MK)

Најчести и најпознати видови на софтверски сигурностни

пропусти

Buffer overflow String overflow Integer overflow Heap overflow

Листа на останати видови на сигурностни пропусти:http://www.owasp.org/index.php/Category:Vulnerability

Page 11: Vulnerability Discovery (MK)

Дебагери Microsoft Windows платформа: OllyDbg Immunity Debugger WinDbg

Linux платформа: gdb edb

Page 12: Vulnerability Discovery (MK)

Безбедностни механизми (Microsoft Windows)

Page 13: Vulnerability Discovery (MK)

Безбедностни механизми (Microsoft Windows)

Page 14: Vulnerability Discovery (MK)

Резултат на искористување на ранливост

Page 15: Vulnerability Discovery (MK)

Th3 3nd


KRACK & ROCA - HITCON · KRACK & ROCA 吳忠憲1,3 ... ROCA Return of Coppersmith’s Attack –A vulnerability in the implementation of RSA ... 20 HITCON PACIFIC 2017/12/07 MK =

KRACK & ROCA - HITCON · KRACK & ROCA 吳忠憲1,3 ... ROCA Return of Coppersmith’s Attack –A vulnerability in the implementation of RSA ... 20 HITCON PACIFIC 2017/12/07 MK =

Documents
Vulnerability PK Aggarwal

Vulnerability PK Aggarwal

Documents
Kemudahterancaman (Vulnerability) Penduduk Terhadap

Kemudahterancaman (Vulnerability) Penduduk Terhadap

Documents
Infrastructure Vulnerability Assessment - · PDF fileInfrastructure Vulnerability Assessment ... • Testing Network Security ... • Presentation Protocol Models

Infrastructure Vulnerability Assessment - · PDF fileInfrastructure Vulnerability Assessment ... • Testing Network Security ... • Presentation Protocol Models

Documents
Vulnerability samlet

Vulnerability samlet

Business
Vulnerability Appert Chapelon

Vulnerability Appert Chapelon

Documents
Quantifyin Social Vulnerability

Quantifyin Social Vulnerability

Documents
Pencari Kerentantan (Pencakar) - Vulnerability Search

Pencari Kerentantan (Pencakar) - Vulnerability Search

Internet
IIS Tilde Enumeration Vulnerability

IIS Tilde Enumeration Vulnerability

Technology
[2010 CodeEngn Conference 04] passket - Taint analysis for vulnerability discovery

[2010 CodeEngn Conference 04] passket - Taint analysis for vulnerability discovery

Technology
Web Application Vulnerability Testing with Nessus - · PDF fileWeb Application Vulnerability Testing with Nessus ... There are four navigation tabs at the top ... Web Application Vulnerability

Web Application Vulnerability Testing with Nessus - · PDF fileWeb Application Vulnerability Testing with Nessus ... There are four navigation tabs at the top ... Web Application Vulnerability

Documents
Vulnerability scaning keamanan jaringan

Vulnerability scaning keamanan jaringan

Documents
ROSKO14 - Vulnerability

ROSKO14 - Vulnerability

Presentations & Public Speaking
Web vulnerability seminar2

Web vulnerability seminar2

Art & Photos
Web vulnerability seminar3

Web vulnerability seminar3

Documents
Toward large-scale vulnerability discovery using Machine ... large-scale... · Toward large-scale vulnerability discovery using Machine Learning Gustavo Grieco x gg@cifasis-conicet.gov.ar

Toward large-scale vulnerability discovery using Machine ... large-scale... · Toward large-scale vulnerability discovery using Machine Learning Gustavo Grieco x [email protected]

Documents
Presentación rcen qualys vulnerability management

Presentación rcen qualys vulnerability management

Technology
ds discovery ah po 1 · 2020. 10. 30. · 2 Linha Discovery Características Técnicas Especificações Técnicas Discovery 400 Discovery 560 Discovery 760 Discovery 1000 Discovery

ds discovery ah po 1 · 2020. 10. 30. · 2 Linha Discovery Características Técnicas Especificações Técnicas Discovery 400 Discovery 560 Discovery 760 Discovery 1000 Discovery

Documents
MK 1000A MK 233A MK 203A MK 204A - Mikro Sdn Bhd · MK 1000A MK 233A MK 234A MK 203A MK 204A MK 231A MK 232A ... Overcurrent Relay Earth Fault Relay ... Mikro® reserves the …

MK 1000A MK 233A MK 203A MK 204A - Mikro Sdn Bhd · MK 1000A MK 233A MK 234A MK 203A MK 204A MK 231A MK 232A ... Overcurrent Relay Earth Fault Relay ... Mikro® reserves the …

Documents
EM1 Vulnerability Adaptation

EM1 Vulnerability Adaptation

Documents
fg.workshop: Software vulnerability

fg.workshop: Software vulnerability

Engineering
Pattern-Based Vulnerability Discovery - Startseite – … Vulnerability Discovery Dissertation zur Erlangung des mathematisch-naturwissenschaftlichen Doktorgrades \Doctor rerum naturalium"

Pattern-Based Vulnerability Discovery - Startseite – … Vulnerability Discovery Dissertation zur Erlangung des mathematisch-naturwissenschaftlichen Doktorgrades \Doctor rerum naturalium"

Documents
Windows vulnerability: Oh My Kernel!

Windows vulnerability: Oh My Kernel!

Software
COASTAL VULNERABILITY PREDICTION TO CLIMATE …

COASTAL VULNERABILITY PREDICTION TO CLIMATE …

Documents
Vulnerability of PWID

Vulnerability of PWID

Documents
Acunetix - Web Vulnerability Scanner

Acunetix - Web Vulnerability Scanner

Software
System Hacking Tutorial #1 - Introduction to Vulnerability and Type of Vulnerability

System Hacking Tutorial #1 - Introduction to Vulnerability and Type of Vulnerability

Software
QualysGuard InfoDay 2014 - Vulnerability management

QualysGuard InfoDay 2014 - Vulnerability management

Internet
Τρωτότητα - VULNERABILITY METHODS_PRESK

Τρωτότητα - VULNERABILITY METHODS_PRESK

Documents
Vulnerability samlet 2

Vulnerability samlet 2

Business