Upload
shiniki-oriento
View
219
Download
0
Embed Size (px)
Citation preview
8/14/2019 Sec Tech Eng
1/24
Concept of Security Tech
Lecturer
Ijs and X-X-Y-S
8/14/2019 Sec Tech Eng
2/24
DefinitionHardwareLanguages
ExploitationReference
Question Time
Concept of Security TechPresentation Agenda
8/14/2019 Sec Tech Eng
3/24
Classification of Hacker
Professional ProgrammerHe/She specializes at various kinds of languages andmasters in using appropriate one to implement.
Communication and Network ExpertHe/She is familiar with TCP/IP, RFC, Wireless , VoIP,and Radio Frequency techniques.
Hardware &Firmware ModifierHe/She makes frequent changes to their electronicequipment and using canonical components or semi-cosmetic modifications.
Concept of Security TechDefinition
8/14/2019 Sec Tech Eng
4/24
Computer &HardwareOperating System
Windows Series 95 98 NT 2K XP 2K3 VistaLinux Series RedHat Mandriva Debian Gentoo
Unix Series Solaris SGI HPUX AIX AlphaBSD Series FreeBSD NetBSD OpenBSD
System ArchitectureBig-Endian Sun SPARC IBM PowerPCLittle-Endian IA 32/64 AMD 32/64Bi-Endian Hybrid ARM PowerPC Except PPC970/G5SPARC V9 DEC Alpha MIPS PA-RISC IA 64
Concept of Security TechHardware
8/14/2019 Sec Tech Eng
5/24
Big-Endian V.S. Little-Endian
Concept of Security TechEndianness Representation Diagram
8/14/2019 Sec Tech Eng
6/24
Computer &HardwareStack Segment
Property First In Last Out FILO .Definition Using Static Memory and Allocating via
Program.Instance Value of Local Variable Argument of SubRoutine.
Implementation Stack Structure in Data Structure.Characteristic Automatically Released Via Compiler.
Concept of Security TechMemory Allocation Stack V.S. Heap
8/14/2019 Sec Tech Eng
7/24
Computer &HardwareHeap Segment
Property First In First Out FIFO .Definition - Using Dynamic Memory and Allocating Via
Coder.Instance Address of Pointer Space of DynamicAllocation.Implementation Linked-List Full Binary Tree in DataStructure.Characteristic Manually Released Via Code orRecycled Via OS.
Concept of Security TechMemory Allocation Stack V.S. Heap
8/14/2019 Sec Tech Eng
8/24
Programming LanguageClient-Side Local
Definition The script worked that replied on platform,host of users computer and its up to modify.
Instance Ajax CSS HTML XML XHTML JavaScript VB Script WSH DOS Batch Shell Script.
Server-Side Remote
Definition The script run that based on daemonservice and accept request from users.Instance ASPx PHP JSP CGI SQL ActionScript Cold Fusion .Net Web-Based Script.
Concept of Security TechTypes Via Working Bench
8/14/2019 Sec Tech Eng
9/24
Programming LanguageHigh Level Languages
Instance Common Computer Languages.Note HLA Syntax is similar with Human Being
Grammatical Sentence Pattern.Low Level Languages
Instance Assembly and Machine Code.
Note LLA Memoric makes itself into two divisions.Protype 1 Machine Native Code.Constructed with 0 & 1 0101 0011 1011 0100.Protype 2 Op-Code + Operand MOV AH, 3FH .
Notation of Operating Code From Machine Code.
Concept of Security TechTypes Via Hierarchy
8/14/2019 Sec Tech Eng
10/24
Programming Language
Concept of Security TechCorresponding to Assembly and Op-Code
8/14/2019 Sec Tech Eng
11/24
Programming LanguageDeclared Languages
Alias - Imperative ProceduralInstance - C/C++ Java Basic Pascal
Note You Tell Computer What To Do, It will interactively accomplish.
Definitive LanguagesAlias - Declared Intelligent AIInstance - LISP Prolog Forth Haskell Scheme
Note You Tell Computer How To Do, It will automatically accomplish.
Functional LanguagesAlias - Commercial SpecifiedInstance Mat Lab X Spice Auto LISP
Concept of Security TechTypes Via Specialization
8/14/2019 Sec Tech Eng
12/24
Programming Language
Concept of Security TechFibonacci Recursive Sub Routine in C Code
8/14/2019 Sec Tech Eng
13/24
Programming Language
Concept of Security TechFibonacci Code in Haskell Implementation
8/14/2019 Sec Tech Eng
14/24
Programming LanguageCompiled Languages
Instance - C/C++ Java Visual Basic 5 + DelphiStatement Compiled Done then Executed Code.
Interpreted LanguagesInstance Ruby Perl Python Basic PascalStatement Compiled and Executed Simultaneously.
Assembly LanguagesInstance - 80x86 MIPS Sun SPARC HP PA-RISC
CISC - Intel 80x86/IA 32-64/IBM PCRISC ARM MPIS Sun SPARC HP PA-RISC
Concept of Security TechTypes Via Characteristic
8/14/2019 Sec Tech Eng
15/24
Programming Language
Concept of Security TechCompilation Procedure Diagram
8/14/2019 Sec Tech Eng
16/24
Exploitation TechniquesBuffer Overflow
Definition Usually coder doesnt inspect boundary thatresulted the program over-writing size of buffer.
Instance Stack Overflow Heap Overflow.Format String
Definition Usually occurred in that *printf( ) functions of
c language that resulted arbitrary code execution.ShellcodeDefinition A relocatable piece of machine code used asthe payload in the exploitation of a software bug.
Concept of Security TechSystem &Application Vulnerability
8/14/2019 Sec Tech Eng
17/24
Exploitation Techniques
Concept of Security TechDisassembly Function Screen
8/14/2019 Sec Tech Eng
18/24
Exploitation Techniques
Concept of Security TechHello World Shellcode Implementation
8/14/2019 Sec Tech Eng
19/24
Exploitation TechniquesPacket Flooding/Smurfing
Ping of Death Multitude of ICMP packets sent tospecified destination, but useless via HIPS dropping now.
DoS/DDoS Using a large amount of zombie, victim,botnet that requested destination synchronously.SYN Flood A form of DoS attack that attackers sent asuccession of SYN request to target host.
MITM Man In The Middle AttackMITM is that an attack is able to read, insert and modify at will,messages between two parties without either party knowing thatthe link between them has been compromised.
Concept of Security TechNetwork-Based Assaulting Methodology
8/14/2019 Sec Tech Eng
20/24
Exploitation Techniques
Concept of Security TechNormal TCP Connection
8/14/2019 Sec Tech Eng
21/24
Exploitation Techniques
Concept of Security TechSYN Flood Attacking
8/14/2019 Sec Tech Eng
22/24
Exploitation Techniques
Concept of Security TechMITM Attacking
8/14/2019 Sec Tech Eng
23/24
Hacking The Art of Exploitation Jon Erickson
Hack Attacks Revealed John ChirilloC/C++ Primer 5 th Stephen Prata
XFocus Team
Online Information From Google Search EngineWiki Encyclopaedia - http://en.wikipedia.org/
Hacker Concept
Operating SystemEndianness ConceptComputer LanguagesStack and Heap Concept
Concept of Security TechReference
8/14/2019 Sec Tech Eng
24/24
Concept of Security TechQuestion Time
Thanks for paying your attentionduring the class time!Please raise any doubt,argument, or question about thispresenting.