|
|
|
Shmoocon 2016 - Exploiting Memory Corruption |
Si vous voulez bloquer ce service sur vos fils RSS
Si vous voulez nous contacter ou nous proposer un fil RSS
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Shmoocon 2016 - Exploiting Memory Corruption Par SecurityTube.NetLe [2016-04-14] à 14:55:50
Présentation : The platforms powering the growth of the Internet-of-Things include tried-and-true embedded Real-Time Operating Systems RTOSes . These lean OSes are designed for performance and reliability, but they force application developers to use C and often lack the exploit mitigations implemented in consumer OSes. This unforgiving environment places the burden of security entirely on the programmer and makes the risk of memory corruption vulnerabilities on these increasingly ubiquitous systems very real. This talk will focus on FreeRTOS as an example of an RTOS that has seen widespread adoption by vendors and developers for the IoT. We will present security-relevant internals of the OS, put common memory corruption vulnerabilities in context, explain the steps an attacker can take to achieve reliable exploitation, and make recommendations that can help developers build more secure systems. This research is based on experience code reviewing, fuzzing, and developing attacks against both vendor SDKs and open-source libraries. Attendees will understand the risks facing users of this new class of devices. Pentesters will learn how to review applications built for this operating system and determine the impact of bugs they identify. Defensive security practitioners will get an inside look at attacks against software written for this platform. Joel works as an independent security researcher and has recently focused on security in embedded systems. He was previously a Senior Security Consultant for Matasano Security part of NCC Group . Before joining Matasano s consulting team, he worked in the Network Safety and Network Security groups at Akamai Technologies, where he helped build and maintain distributed systems for security monitoring and defense. Credit and thanks to Siavash of NCC Group for suggesting Real-time Operating Systems as a research area. Siavash s research interests include the security of embedded systems and software defined networks, machine learning, malware analysis and wireless sensor networks. For More Information Please Visit - http shmoocon.org
Les mots clés de la revue de presse pour cet article : shmoocon memory
Les videos sur SecuObs pour les mots clés : shmoocon memory
Les éléments de la revue Twitter pour les mots clé : shmoocon memory
Les derniers articles du site "SecurityTube.Net" :
- TROOPERSCON - Crypto code the 9 circles of testing
- TROOPERSCON - Towards a LangSec Aware SDLC
- TROOPERSCON - Deep dive into SAP archive file formats
- TROOPERSCON - Thanks SAP for the vulnerabilities. Exploiting the unexploitable
- TROOPERSCON - An easy way into your multi-million dollar SAP systems An unknown default SAP account
- TROOPERSCON - One Tool To Rule Them All
- TROOPERSCON - Mind The Gap - Exploit Free Whitelisting Evasion Tactics
- TROOPERSCON - The Chimaera Processor
- TROOPERSCON - Lets Play Hide and Seek in the Cloud
- TROOPERSCON - Planes, Trains and Automobiles The Internet of Deadly Things
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Si vous voulez bloquer ce service sur vos fils RSS :
- avec iptables "iptables -A INPUT -s 88.190.17.190 --dport 80 -j DROP"
- avec ipfw et wipfw "ipfw add deny from 88.190.17.190 to any 80"
- Nous contacter par mail
| Mini-Tagwall des articles publiés sur SecuObs : | | | | sécurité, exploit, windows, attaque, outil, microsoft, réseau, audit, metasploit, vulnérabilité, système, virus, internet, usbsploit, données, source, linux, protocol, présentation, scanne, réseaux, scanner, bluetooth, conférence, reverse, shell, meterpreter, vista, rootkit, détection, mobile, security, malicieux, engineering, téléphone, paquet, trames, https, noyau, utilisant, intel, wishmaster, google, sysun, libre |
| Mini-Tagwall de l'annuaire video : | | | | curit, security, biomet, metasploit, biometric, cking, password, windows, botnet, defcon, tutorial, crypt, xploit, exploit, lockpicking, linux, attack, wireshark, vmware, rootkit, conference, network, shmoocon, backtrack, virus, conficker, elcom, etter, elcomsoft, server, meterpreter, openvpn, ettercap, openbs, iphone, shell, openbsd, iptables, securitytube, deepsec, source, office, systm, openssh, radio |
| Mini-Tagwall des articles de la revue de presse : | | | | security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone, server, inject, patch, apple, twitter, mobile, virus, ebook, facebook, vulnérabilité, crypt, source, linux, password, intel, research, virtual, phish, access, tutorial, trojan, social, privacy, firefox, adobe, overflow, office, cisco, conficker, botnet, pirate, sécurité |
| Mini-Tagwall des Tweets de la revue Twitter : | | | | security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall, network, twitter, vmware, windows, microsoft, compliance, vulnerability, python, engineering, source, kernel, crypt, social, overflow, nessus, crack, hacker, virus, iphone, patch, virtual, javascript, malware, conficker, pentest, research, email, password, adobe, apache, proxy, backtrack |
|
|
|
|
|
