Quiz 1 notes

pdf

School

New York University *

*We aren’t endorsed by this school

Course

MISC

Subject

Computer Science

Date

Apr 3, 2024

Type

pdf

Pages

33

Uploaded by DrOryxPerson763

Report
Quiz 1 “ime Limit: 1:30:00 Time Left:1:29.32 Purnachander Nunemunthala: Attempt 1 Page 1: Previous Page Next Pagn Page 10of 16 ' Question 1 (6.25 points) Page 2: Which countermeasures did we disable in Lab 1/Part 1 to facilitate the buffer overflow attack? 2 | | Stack Protection ¢—— || ASLR b (] RELRO B [ ] Fortify Source Page 4: 4 If needed, you may view the pre-recorded course lessons here. Page §: Previous Page Next Page Page 10f 16 m @ of 16 questions saved Page &: 6 Page 7: Quiz 1 ‘ime Limit: 1:30:00 Page 1: True Time Left:1:26:55 Purnachander Nunemunthala: Attempt 1 Previous Page Next Pagn Page 2 of 16 Question 2 (6.25 points) Khe EIP/RIP (Program Counter) register stores the address of the next instruction to be executed by the CPU. ) True ¢ False if needed, you may view the pre-recorded course lessons here, Previous Page Next Page Page 2 of 16 m 1 of 16 questions saved
Quiz 1 ‘ime Limit: 1:30:00 Time Left:1:19.57 Purnachander Nunemunthala: Attempt 1 Page 1: Previous Page Next Page Page 3of 16 Question 3 (6.25 points) Saved Page 2: If nyuappsec can exploit a SetUID program owned by root and execute a shell without calling setuid{0) in the shellcode, ... nyuappsec can obtain a root shell in dash. Page 3: () the SetUID will prevent nyuappsec from obtaining a shell, 3 () nyuappsec can obtain a root shell in zsh. root will be forced into an unprivileged shell in zsh, If needed, you may view the pre-recorded course lessons here. Previous Page Next Page Page 3of 16 Page &: m 3 of 16 questions saved Page 7: Quiz 1 “ime Limit: 1:30:00 Time Left:1:1503 Purnachander Nunemunthala: Attempt 1 Page 1: Previcus Page Next Page Page dof 16 ' Question 4 (6.25 points) Page 2: From lab 1/Part 1, what was the major obstacle described when transitioning from your 32-bit ' attack to your &4-bit attack? 0x%0 bytes. Page 3: () The offset. 9 (") Shelicode instructions. (JO0x00bytes. @ Page 4: P If needed, you may view the pre-recorded course lessons here. Page 5: Previous Page Next Page Page 4 of 16 Page &: m J of 16 questions saved Page 7: Shellcode
Quiz 1 “ime Limit: 1:30:00 Time Left: 10833 Purnachander Nunemunthala: Attempt 1 Page 1: Previous Page Next Pagn Page Sof 16 Question 5 (6.25 points) Saved The RBP/RSP register stores the address of the next instruction to be executed by the CPU. Page 2: 2 () True (e) False Page 3: 3 If needed, you may view the pre-recorded course lessons here. Page 4: Previous Page Next Page Page 5 of 16 Page 5: m 5 of 16 questions saved Previcus Page Next Pagn Page 6 of 16 Question 6 (6.25 points) Saved Which of the following could be the output of this program on a 64-bit Linux system? Int main() [ intvar = 97; printf("AS:%d-7\n", var); } (®) AS:97-7 () AS97-7 () AS90 AS:90 If needed, you may view the pre-recorded course lessons here. Previous Page Next Page Page 6 of 16 m & of 16 questions saved
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
- ‘ime Limit: 1:30:00 Time Left:1:02.05 Purnachander Nunemunthala: Attempt 1 Page 1: Previous Page Next Page Page 7 of 16 ) Question 7 (6.25 points) Saved Performed in Lab 1, what did the following command do? Page 2: R sudo /sbin/sysot]l -wv kernel.randomize_va_space=? ") Disabled ASLR Page 3: (@) Enabled ASLR 3 () Disabled Virtual Address Space Enabled Virtual Address Space Page 4: ees If needed, you may view the pre-recorded course lessons here. Page 5: ; Previous Page Next Page Page 7 of 16 Page &: m 7 of 16 questions saved 6 Page 7: Quiz 1 “ime Limit: 1:30:00 Time Left0:57.00 Purnachander Nunemunthala: Attempt 1 Page 1: Previcus Page Next Pagn Page 9 of 16 Question 9 (6.25 points) Saved What is true regarding static analysis tools and techniques? 2 (| They are for detecting memory leaks, () They require exercising of the application and interaction with the program features, i (®) They are ideal for drawing conclusions about a program without executing it. 4 () They are ideal for determining code coverage for a given input. Page 4: 4 If needed, you may view the pre-recorded course lessons here. Page 5: Previous Page Next Page Page 9 of 16 m 9 of 16 questions saved Page &
Quiz 1 ‘ime Limit: 1:30:00 Time Left0:51:41 Purmachander Nunemunthala: Attempt 1 Page 1: Previcus Page Next Page Question 10 (6.25 points) Saved Page 2: 4 () buffer overflow ) format string b (®) use-before free (UBF) E ) double-free Page 4: N If needed, you may view the pre-recorded course lessons here. Page 5: Previous Page Next Page EETZR ooisvevios ot Page &: 6 Page 7: “ime Limit: 1:30:00 Time Left:0:51:10 Purnachander Nunemunthala: Attempt 1 Previcus Page Next Page Question 11 (6.25 points) Saved 8 bits can be use to represent values up to 1024K @ 256 () 64K 2048 If needed, you may view the pre-recorded course lessons here. Previous Page Next Page m 11 of 16 questions saved Memory safety-related bugs include all of the following, except... Page 10 of 16 Page 10 0of 16 Page 11 of 16 Page 11 0of 16
Quiz Submissions - Quiz 1 Purnachander Nunemunthala (username: pn2120) Attempt 1 Written: Oct 9, 2022 B:06 PM - Oct 9, 2022 B:55 PM Submission View Your quiz has been submitted successfully. Question 1 Which countermeasures did we disable in Lab 1/Part 1 to facilitate the buffer overflow attack? = . Stack Protection = % ASLR « RELRO v Fortify Source Question 4 From lab 1/Part 1, what was the major obstacle described when transitioning from your 32-bit attack to your é4-bit attack? 0x90 bytes. The offset. % » Shellcode instructions. w Ox00 bytes. Question 8 For the buffer overflow exploitation in Lab 1, the offset variable configured in exploitpy Is Quizl “ime Limit: 1:30:00 Time Left.0:4%9.55 Purnachander Nunemunthala: Attempt 1 Page 1: Previous Page Next Page Page 12 0f 16 ' Question 12 (6.25 points) - Saved Page 2: Address Space Layout Randomization (ASLR) protects applications by preventing buffers from ' overflowing ) (®) True () False <4 Page 3: if needed, you may view the pre-recorded course lessons here, 4 Previous Page Next Page Page 12 of 16 Page 5. » m 12 of 16 gquestions saved 3,125 / 6.25 points 0/ 6.25 points 0/ 6.25 points
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Page 1: Page 2: Page 3: Page 4: Page 6: o Page 1: Page 2: » Page 3: Page 5: Page &: “ime Limit: 1:30:00 Time Left:0:45.03 Purnachander Nunemunthala: Attempt 1 Previcus Page Next Pagn Page 13 of 16 Question 13 (6.25 points) Saved Peach Fuzzer is... (®) a smart fuzzer, is not a security-related tool, (_) a dumb fuzzer. also known as Zzuf, If needed, you may view the pre-recorded course lessons here. Previous Page Next Page Page 13 of 16 R oo Previous Page Next Page Page 6 of 16 Question 6 (6.25 points) Saved What is true regarding static analysis tools and techniques? () They are for detecting memory leaks. () They are ideal for determining code coverage for a given input. @ They are ideal for drawing conclusions about a program without executing it. ( : ) They require exercising of the application and interaction with the program features. If needed, you may view the pre-recorded course lessons here, Previous Page Nex!l‘h@ Page 6 of 16 m é of 16 questions saved
Uil L ime Limit: 1:30:00 Page 1: 4 Page 2: Page 3: [®) Page 4: Page 5: Page &: Quiz 1 “ime Limit: 1:30:00 Page 1: Time Lelt0:47.54 Purnachander Nunemunthala: Attempt 1 Previcus Page Next Page Question 14 (6.25 points) Saved Gitis a... (@) distributed version control system, () decentralized version control system. distributed software package management system. decentralized software package management system. If needed, you may view the pre-recorded course lessons here. Previous Page Next Page ETD oo Time Left0:47.01 Purmachander Nunemunthala: Attempt 1 Previcus Page Next Page Question 15 (6.25 points) Saved Page 150f 16 control is a category of processes and tools designed to keep track of multiple different versions of software, content, documents, websites and other information in development. ) Source Stack Git (®) Version If needed, you may view the pre-recorded course lessons here. Previous Page Next Page . J— Page 15 of 16 Page 14 of 16 Page 14 of 16
‘ime Limit: 1:30:00 Time Left:0:45.40 Purnachander Nunemunthala: Attempt 1 Page 1: Previcus Page Next Page Page 16 of 16 Question 16 (6.25 points) Saved If you want to find a format string vulnerability in a very big project, fuzzing is a better Page 2: technigue than static analysis. (®) True () False Page 3: 4+— 3 Page &: if needed, you may view the pre-recorded course lessons here, . Previsus Page Next Page Page 16 of 16 Page 5: : B o oo Page &: content |[offsetioffset + L) = (ret).to bytes(L,byteorder~'little’) with open( badfile’ , 'wb') as £: f.write(contant) The number of bytes between EIP and EBP. = The number of bytes between the vulnerable buffer and the return address stored in the stack frame, % « The number of bytes between the vulnerable buffer and EBP. EBP + 112 Question 12 0/ 6.25 points Address Space Layout Randomization (ASLR) protects applications by preventing buffers from tverflowlng x * True - Falee Question 16 0/ 6.25 points If you want to find a format string vulnerability in a very big project, fuzzing is a better technigue than static analysis. x * True - Falee Attempt Score:71.88 / 100 - C- Overall Grade (highest attempt):71.88 / 100 - C-
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Nikita Quiz 1 “ime Limit: 1:30:00 Page 1: Page 2: Page 3: W Page 4: Quiz 1 “ime Limit: 1:30:00 Page 1: Page 2: Page 4: Page 5: Page 6: Time Left:1:28:37 Nikita Bhargava: Attempt 1 s Page Next Page Page 1 of 16 Question 1 (6.25 points) Saved Which is not a version control system? (®) MakeKeeper (7) Concurrent Version System () Bazaar If needed, you may view the pre-recorded course lessons here. s Page Nm@n Page 1 of 16 m 1 of 16 guestions saved Time Left:1:25:26 Nikita Bhargava: Attempt 1 Previous Page Next Page Page 2 of 16 Question 2 (6.25 points) Saved In Return-Oriented Programming (ROP), malicious control of the program is obtained by overwriting the return address on the stack. (®) True dl | If needed, you may view the pre-recorded course lessons here. Previous Page Next Page Page 2 of 16 m 2 of 16 guestions saved
wuiz 1 “ime Limit: 1:30:00 Page 1: Page 2: Page 3: Page 4: Page 5: w Page 6: Quiz 1 ime Limit: 1:30:00 Page 1: Page 2: Page 3: Page 4: Page 5: Time Left:1:22:50 Nikita Bhargava: Attempt 1 Previous Page Next Page Page 3 of 16 Question 3 (6.25 points) Saved Which is not a benefit of CI/CD automation? () Faster and Easier Testing ;j'_f,. Increased Code Coverage () Scalability @ Compacted Information (Cl) If needed, you may view the pre-recorded course lessons here., Previous Page Nex@ge Page 3 of 16 m 3 of 16 questions saved Time Left:1:21:24 Nikita Bhargava: Attempt 1 Previous Page Next Page Page 4 of 16 Question 4 (6.25 points) Saved Place the build steps that a compiler takes to compile C code in order (4 o ' Locator L | - Preprocessing | b (3 o Compiling 'L -4 « | Linker ; If needed, you may view the pre-recorded course lessons here.
T e e e e R e e eeem———— Page 1: = Previous Page Next Page Page 5 of 16 Question 5 (6.25 points) Saved Page 2: Code coverage is the percentage of code which is covered by automated tests 9 True () False Page 3: 3 If needed, you may view the pre-recorded course lessons here, Page 4: Previous Page Next Page Page 5 of 16 Page 5: m 5 of 16 questions saved 5 N Page 6: ime Limit: 1:30:00 Time Left:1:19:13 Nikita Bhargava: Attempt 1 Page 1: - Previous Page Next Page Page 7 of 16 Question 7 (6.25 points) Saved Page 2: The two major types of fuzzers include... dumb ] dynamic Page 3: f_‘| static 3 (v) smart Page 4: .- 4 If needed, you may view the pre-recorded course lessons here, Previous Page Next Page Page 7 of 16 Page 5: m 7 of 16 questions saved Page A:
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Quiz 1 “ime Limit: 1:30:00 Page 1: Page 2: Page 3: Page 4: Page 5: Page 6: Quiz 1 “ime Limit: 1:30:00 Page 1: Page 2: Page 3: Page 4: Page 5: w Time Left:1:18:20 Nikita Bhargava: Attempt 1 Previous Page Next Page Page 8 of 16 Question 8 (6.25 points) Saved Which of the following commands will upload your local repository contents to a remote repository, using Git? () git clone -u origin main () git pull -u origin main () git add -u origin main (@ sit pu{'_’ju origin main If needed, you may view the pre-recorded course lessons here, Previous Page Next Page Page 8 of 16 m 8 of 16 questions saved Time Left:1:15:45 Nikita Bhargava: Attempt 1 Previous Page Next Page Page 9 of 16 Question 9 (6.25 points) Saved What is 0x907? An assembly language pneumonic that represents ‘no operation. () The decimal value, 90, converted to hexadecimal format. () ACPU opcode that represents 'execute shellcode! (@) A CPU opcode instruction that represents 'no operation. If needed, you may view the pre-recorded course lessons here, Previous Page Next Page Page 9 of 16 m 9 of 16 questions saved
Quiz 1 “ime Limit: 1:30:00 Page 1: Page 2: Page 3: Page 4: Page 5: Page 6: o Quiz 1 ime Limit: 1:30:00 Page 1: Page 2: Page 3: Page 4: Time Left:1:10:47 Nikita Bhargava: Attempt 1 Question 10 (6.25 points) Saved What is this? const char var[] = "Ax31\xc@\ x50 \x68 \x2f \x 21\ x73\x68\x68 \x2f" "\x62\x69 \x6e \x89 \xe3\x50\x53 \x89 \xel1\x31" "\xd2\x31\xc8\xba\x80 \xcd\x80"; () SetUID Syscall ) Assembly Code () Source Code 3. Shell Code If needed, you may view the pre-recorded course lessons here., Previous Page Next Page Page 10 of 16 m 10 of 16 questions saved Time Left:1:08:40 Nikita Bhargava: Attempt 1 Previous Page Next Page Page 11 of 16 Question 11 (6.25 points) Saved Netcat (nc) can be used to read and write data across a network connection True () False If needed, you may view the pre-recorded course lessons here, Previous Page Next Page Page 11 of 16 m 11 of 16 questions saved
Quiz 1 “ime Limit: 1:30:00 Page 1: Page 2: Page 3: Quiz 1 “ime Limit: 1:30:00 Page 1: Page 2: Page 3: Page 4: Page 5: Time Left:1:07:01 Nikita Bhargava: Attempt 1 - Previous Page Next Page Page 12 of 16 Question 12 (6.25 points) Saved What countermeasure, specific to the dash shell, did we have to defeat to obtain a root shell during T (SO PN GIET GO ELE N B - T & () Stack Protection (Canaries) @ Address Space Layout Randomization () EUID vs UID Privilege Comparison ¢—— () No eXecution (NX) Bit If needed, you may view the pre-recorded course lessons here. Previous Page Next Page Page 12 of 16 Time Left:1:02:51 Nikita Bhargava: Attempt 1 Previous Page Next Page Page 13 of 16 Question 13 (6.25 points) Saved chmod 4755 a.out command turns on the SetUID bit. How does configuring the SetUID bit on a file change its execution? " ) It will be executed as root. It will be executed as the user that owns the file. () It will be executed as zsh or dash, depenz@ on the shell. () It will be executed as the group that owns the file. If needed, you may view the pre-recorded course lessons here. Previous Page Next Page Page 13 of 16
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Quiz 1 ime Limit: 1:30:00 Page 1: Page 5: el: el: ed: ed: e5: e 6: Time Left:0:57:06 Nikita Bhargava: Attempt 1 Previous Page Next Page Page 14 of 16 Question 14 (6.25 points) Saved What does %n represent, as a printf specifier? () The modulus of a number () Astring :f_') A series of NOP (No-Operation) instructions, or a nopsled :fé) The number of characters written If needed, you may view the pre-recorded course lessons here, Previous Page Next Page Page 14 of 16 - Previous Page Next Page Page 16 of 16 Question 16 (6.25 points) Saved A function's stack frame on a 64-bit system is generally between which two pointer locations? 7)) RIP and RBP (e) RBP and RSP () RIP and HEAP () RIP and RSP If needed, you may view the pre-recorded course lessons here, Previous Page Next Page Page 16 of 16 15 of 16 questions saved
NIKILd DNargdva \usermame: npoLsv) Attempt 1 Written: Oct 9, 2022 8:59 PM - Oct 9, 2022 9:41 PM Submission View Your quiz has been submitted successfully. Question 2 0/ 6.25 points In Return-Oriented Programming (ROP), malicious control of the program is obtained by overwriting the return address on the stack. ) (e True = False Question 4 0 / 6.25 points Place the build steps that a compiler takes to compile C code in order % _ 1 (4) Locator x _2 (1) Prl)rocessing ® __3 _(2) Compiling ®x __4 _(3) Linker Question 12 0 / 6.25 points What countermeasure, specific to the dash shell, did we have to defeat to obtain a root shell during buffer overflow exploitation in Lab 1 Part 1? Stack Protection (Canaries) % (e Address Space Layout Randomization - EUID vs UID Privilege Comparison Previous Page Next Page Page 1 of 16 Question 1 (6.25 points) Saved Which of the following commands is suitable to send the contents of file.txt to a server with IP 10.9.9.10 that is listening on TCP/80807? (@) nc 10.9.9.10 8080 > cat file.txt () catfile.txt > nc 10.9.9.10 8080 () cat file.txt | nc 10.9.9.10 8080 () nc 10.9.9.10 8080 | cat file.txt If needed, you may view the pre-recorded course lessons here. Previous Page Next Page Page 1of 16
Previous Page Next Page Page 5 of 16 Question 5 (6.25 points) . Saved What countermeasure, specific to the dash shell, did we have to defeat to obtain a root shell during buffer overflow exploitation in Lab 1 Part 1? () Stack Protection (Canaries) (") Address Space Layout Randomization (@) EUID vs UID Privilege Comparison () No eXecution (NX) Bit If needed, you may view the pre-recorded course lessons here. Previous Page Next Page Page 5 of 16 Previous Page Next Page Page 6 of 16 Question 6 (6.25 points) . Saved The EIP/RIP (Program Counter) register stores the address of the next instruction to be executed by the CPU. (@) True () False If needed, you may view the pre-recorded course lessons here. Previous Page Next Page Page 6 of 16 m 4 of 14 auestions saved
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Previous Page Next Page Page 7 of 16 Question 7 (6.25 points) Saved Netcat (nc) can be used to read and write data across a network connection. (@) True () False If needed, you may view the pre-recorded course lessons here. Previous Page Next Page Page 7 of 16 m 7 of 16 questions saved Previous Page Next Page Page 9 of 16 Question 9 (6.25 points) - Saved 16 bits can be used to represent values up to (:) 1024K (:) 2048 () 256 (o) 64K If needed, you may view the pre-recorded course lessons here. Previous Page Next Page Page 9 of 16
Previous Page Next Page Question 13 (6.25 points) Saved StackGuard is a memory protection mechanism based on canaries. (@) True () False If needed, you may view the pre-recorded course lessons here. Previous Page Next Page m 13 of 16 questions saved Question 14 (6.25 points) Saved e is a defense against heap spraying attacks. (") Address Sanitizer 4 (®) Heap Canary (") Heap Token () Use-After-Free (UAF) If needed, you may view the pre-recorded course lessons here. Previous Page Next Page Page 13 of 16 Page 13 of 16 U A W oA Page 14 of 16
Previous Page Next Page Page 15 of 16 Question 15 (6.25 points) Saved If you want to find a format string vulnerability in a very big project, fuzzing is a better technique than static analysis. () True (o) False If needed, you may view the pre-recorded course lessons here. Previous Page Next Page Page 15 of 16 m 15 of 16 questions saved Jay Amin (username: ja4298) Attempt 1 Written: Oct 9, 2022 9:43 PM - Oct 9, 2022 10:01 PM Submission View Your quiz has been submitted successfully. Question 1 0/ 6.25 points Which of the following commands is suitable to send the contents of file.txt to a server with IP 10.9.9.10 that is listening on TCP/80807? % (@) nc 10.9.9.10 8080 > cat file.txt cat file.txt > nc 10.9.9.10 8080 = cat file.txt | nc 10.9.9.10 8080 nc 10.9.9.10 8080 | cat file.txt Question 2 0/ 6.25 points Which countermeasures did we disable in Lab 1/Part 1 to facilitate the buffer overflow attack? = .~ Stack Protection % | RELRO % || Fortify Source = % | ASLR Question 14 0/ 6.25 points __________ is a defense against heap spraying attacks. = Address Sanitizer % (o) Heap Canary Heap Token Use-After-Free (UAF)
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
VCS » Multiple people working on the same code at the same time * How can we: - Keep the code synced - Undo problematic code - Work on different features concurrently ¢ Basic unit: commit Features can be developed simultaneously on branches - Norm: one branch per new feature Commits and branches are synchronized with the remote repositories via: - push - pull
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Branches * Separate version of the repository - Usually for developing a new feature * Allows for development of multiple features without overwriting other’s code * Reviewed after completion of feature * Merge into main Types of Testing . Dynamic : - Interacting with the compiled program . Static - Interacting with source code - Not running the program 00:03:26 / 010 =
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
r e BB QA 9 ®O© s/t KA MO - B B 24 Fuzzing . Dynamic Testing . Two types ~Mutation Based / Dumb ~-Generation Based / Smart . Recommendation: ~AFL ~Peach Fuzzing . Normally black box . Can be white box \ ~Infer protocol from program execution . Or gray box -Evolutionary fuzzing
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Fuzzing .Supplement writing tests -STILL NEED TESTS! .Helps with finding test cases a programmer may not think about .Smart fuzzing can be labor intensive Static Analysis White box -Requires some form of code .Complete Code Coverage .False Positives Slow fi
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
ke B QA 0 ®O© v/e MMOO® w- @B P B 24 Concolic Testing . Hybrid method . Use Symbolic execution + constraint solver . Generates inputs for dynamic testing . Paths with different constraints are “more interesting to be fuzzed” Symbolic Execution . White box . Label paths with \ constraints that describe how to get there . Based on things like SAT solvers . Fewer false positives . Only things internal to the 0024 01-0 =
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
F *RB A OO i ADHOO m- BT B LM Linting . Fix things like style, etc. . Finds simple bugs . Free up developer time Code Reviews . Most effective . Structured vs Unstructured . Reduces error rate by more than 80%
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
2nea oo 1000 - o r o Code Reviews . Different between orgs . Meant to be dialogue . Help new developers 0-:47-04 / 0 fil”flifi%fl Code Reviews . . Code analysis . Suggestions for improvement . Changes implemented m
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
2noa 00 1000 - o 0. Code Review Tips . Simple workflow . Review 1in iterations . Average of two reviewers . Review often ' Q-0 Mn nu‘rmiig‘m Testing Libraries
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Attacks .Stack Based -Buffer Overflow -Integer Overflow -Format Strings... -Heap Based ~%‘Stack o -Heap Spraying | -Use After Free A -Double Free... Heap Data Code Buftfer Overflow .Have a static size buffer int main(int argc, char ** JInput is user controlled argv) { -Not validated char buf[128]; strcpy(buf, argv[l]\); -User enters more than the buffer can take . Can cause arbitrary code execution ~ © o - Overwrite return address - Privilege Escalate - More
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Buffer Overtlow argument: str return address stack frame pointer char buf [128] *str 4 NOP Slide .How do we trigger the code we want? -Need to jump to code in Memory .Attach NOPs to the shell code to make it a larger target.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Buftfer Overtlow strncpy(buf, argv[1], .Stack Canary sizeof (buf))) ASIR .Bounds checking Integer Overflow .Problems with Bounds Checking .Check size of string -PCs have a largest integer «What if bounds check overflows? ~Buffer Overflow succeeds
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Heap Spray With NOP slides it’s still a small chance .Spray a ton of shell code .Point to a random address .More memory to spray, higher chance of succeeding! Defenses .Detection Mitigation .Avoiding the bugs that cause it -Tools like Valgrind
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

Sachin veldi APCS-P ModuleSixLessonTwoActivityGuide.docx
LAB 1 EC2-3_09_03_2023 (1).docx
Lab3_S3-1.docx
HW8_SQL_AdvQueries.docx
Assignment 4.docx
quiz1spring23.pdf
Exam_1_spring_2024_solutions.pdf
SWEN90016_S1_2023_T06_Instructions_Sprint.docx
Food Systems CLD Worksheet.docx
OPIM 3103 009 Final Project 2023.docx
Lesson 09 - Reinforcement Exercise.docx
Lesson 08 - Case Study Assignment.docx
Recommended textbooks for you
Text book image
C++ Programming: From Problem Analysis to Program...
Computer Science
ISBN:9781337102087
Author:D. S. Malik
Publisher:Cengage Learning
Text book image
LINUX+ AND LPIC-1 GDE.TO LINUX CERTIF.
Computer Science
ISBN:9781337569798
Author:ECKERT
Publisher:CENGAGE L
Text book image
Systems Architecture
Computer Science
ISBN:9781305080195
Author:Stephen D. Burd
Publisher:Cengage Learning
Text book image
Programming Logic & Design Comprehensive
Computer Science
ISBN:9781337669405
Author:FARRELL
Publisher:Cengage
Text book image
Oracle 12c: SQL
Computer Science
ISBN:9781305251038
Author:Joan Casteel
Publisher:Cengage Learning
Text book image
Operations Research : Applications and Algorithms
Computer Science
ISBN:9780534380588
Author:Wayne L. Winston
Publisher:Brooks Cole
SEE MORE TEXTBOOKS
Recommended textbooks for you
Text book image
C++ Programming: From Problem Analysis to Program...
Computer Science
ISBN:9781337102087
Author:D. S. Malik
Publisher:Cengage Learning
Text book image
LINUX+ AND LPIC-1 GDE.TO LINUX CERTIF.
Computer Science
ISBN:9781337569798
Author:ECKERT
Publisher:CENGAGE L
Text book image
Systems Architecture
Computer Science
ISBN:9781305080195
Author:Stephen D. Burd
Publisher:Cengage Learning
Text book image
Programming Logic & Design Comprehensive
Computer Science
ISBN:9781337669405
Author:FARRELL
Publisher:Cengage
Text book image
Oracle 12c: SQL
Computer Science
ISBN:9781305251038
Author:Joan Casteel
Publisher:Cengage Learning
Text book image
Operations Research : Applications and Algorithms
Computer Science
ISBN:9780534380588
Author:Wayne L. Winston
Publisher:Brooks Cole
SEE MORE TEXTBOOKS