Artwork

İçerik Black Hat and Jeff Moss tarafından sağlanmıştır. Bölümler, grafikler ve podcast açıklamaları dahil tüm podcast içeriği doğrudan Black Hat and Jeff Moss veya podcast platform ortağı tarafından yüklenir ve sağlanır. Birinin telif hakkıyla korunan çalışmanızı izniniz olmadan kullandığını düşünüyorsanız burada https://tr.player.fm/legal özetlenen süreci takip edebilirsiniz.
Player FM - Podcast Uygulaması
Player FM uygulamasıyla çevrimdışı Player FM !

Yuji Ukai: Environment Dependencies in Windows Exploitation(Japanese)

41:58
 
Paylaş
 

Manage episode 155121172 series 1146743
İçerik Black Hat and Jeff Moss tarafından sağlanmıştır. Bölümler, grafikler ve podcast açıklamaları dahil tüm podcast içeriği doğrudan Black Hat and Jeff Moss veya podcast platform ortağı tarafından yüklenir ve sağlanır. Birinin telif hakkıyla korunan çalışmanızı izniniz olmadan kullandığını düşünüyorsanız burada https://tr.player.fm/legal özetlenen süreci takip edebilirsiniz.
"In the case of vulnerabilities which allow the execution of arbitrary machine code, the reliability of exploitation is swayed by the type of vulnerability, the conditions surrounding the vulnerable code, and the attack vector, among other considerations. The reliability of exploitation an important factor for those attempting to exploit a vulnerability'especially so for worm and virus writers'so therefore it is also an important consideration for the threat analysis of security vulnerabilities. In Japan, some public institutions and non-governmental enterprises are providing detailed information and threat analyses of vulnerabilities, exploits, and worms. Because the majority of the systems in Japan run the Japanese version of Windows, the analysis and consideration of language-specific dependencies are very important factors for both the providers and consumers of such information in Japan, especially in case of the worms. Since one of highest priorities of a worm is to propagate as far as possible, some recent worms have employed techniques that avoid language and version dependencies, such as choosing return addresses that can be used across multiple language versions of Windows. In this presentation, the discussion of detailed and practical techniques to achieve environment independence will be avoided, but, at least understanding the technical overview and potentiality of these techniques is important for both providing proper threat analyses, and understanding them in depth. In Black Hat USA 2004, as part of our threat analysis research, we discussed return address discovery using context-aware machine code emulation'namely, our EEREAP project' which is intended to help prove whether universal return addresses exist. In Black Hat Japan 2004, we will expand on this presentation, and we will both explore the risk factors that aid in the avoidance of language and version dependencies, and show how to mitigate these risks. Yuji Ukai is a researcher and senior software engineer with eEye Digital Security. After completing his Ph.D. in computer science at the National University of Tokushima, he began his employment at an appliance vendor in Japan where he developed embedded operating systems. Over the last several years he has discovered several important security holes affecting various software products (Workstation Service and LSASS for Windows, etc) as well as pioneered new trends in wireless security technologies."
  continue reading

22 bölüm

Artwork
iconPaylaş
 
Manage episode 155121172 series 1146743
İçerik Black Hat and Jeff Moss tarafından sağlanmıştır. Bölümler, grafikler ve podcast açıklamaları dahil tüm podcast içeriği doğrudan Black Hat and Jeff Moss veya podcast platform ortağı tarafından yüklenir ve sağlanır. Birinin telif hakkıyla korunan çalışmanızı izniniz olmadan kullandığını düşünüyorsanız burada https://tr.player.fm/legal özetlenen süreci takip edebilirsiniz.
"In the case of vulnerabilities which allow the execution of arbitrary machine code, the reliability of exploitation is swayed by the type of vulnerability, the conditions surrounding the vulnerable code, and the attack vector, among other considerations. The reliability of exploitation an important factor for those attempting to exploit a vulnerability'especially so for worm and virus writers'so therefore it is also an important consideration for the threat analysis of security vulnerabilities. In Japan, some public institutions and non-governmental enterprises are providing detailed information and threat analyses of vulnerabilities, exploits, and worms. Because the majority of the systems in Japan run the Japanese version of Windows, the analysis and consideration of language-specific dependencies are very important factors for both the providers and consumers of such information in Japan, especially in case of the worms. Since one of highest priorities of a worm is to propagate as far as possible, some recent worms have employed techniques that avoid language and version dependencies, such as choosing return addresses that can be used across multiple language versions of Windows. In this presentation, the discussion of detailed and practical techniques to achieve environment independence will be avoided, but, at least understanding the technical overview and potentiality of these techniques is important for both providing proper threat analyses, and understanding them in depth. In Black Hat USA 2004, as part of our threat analysis research, we discussed return address discovery using context-aware machine code emulation'namely, our EEREAP project' which is intended to help prove whether universal return addresses exist. In Black Hat Japan 2004, we will expand on this presentation, and we will both explore the risk factors that aid in the avoidance of language and version dependencies, and show how to mitigate these risks. Yuji Ukai is a researcher and senior software engineer with eEye Digital Security. After completing his Ph.D. in computer science at the National University of Tokushima, he began his employment at an appliance vendor in Japan where he developed embedded operating systems. Over the last several years he has discovered several important security holes affecting various software products (Workstation Service and LSASS for Windows, etc) as well as pioneered new trends in wireless security technologies."
  continue reading

22 bölüm

Tüm bölümler

×
 
Loading …

Player FM'e Hoş Geldiniz!

Player FM şu anda sizin için internetteki yüksek kalitedeki podcast'leri arıyor. En iyi podcast uygulaması ve Android, iPhone ve internet üzerinde çalışıyor. Aboneliklerinizi cihazlar arasında eş zamanlamak için üye olun.

 

Hızlı referans rehberi