[OWASP-Bangalore] More Info related to Bufferoverflow

Rajiv Vishwa rajivvishwa at gmail.com
Sun Jan 11 02:00:30 EST 2009

Hi Guys,

It was a wonderful discussion on BoF we had today.

I just wanted to share few links to gives more insight on the BoF

Smashing The Stack For Fun And Profit<http://insecure.org/stf/smashstack.html>:
URL: http://insecure.org/stf/smashstack.html

This is one good article which details about 'smashing the stack' process
with examples and other illustrations. Try this if you are keen in
understanding it thoroughly.

> `smash the stack` [C programming] n. On many C implementations
> it is possible to corrupt the execution stack by writing past
> the end of an array declared auto in a routine.  Code that does
> this is said to smash the stack, and can cause return from the
> routine to jump to a random address.  This can produce some of
> the most insidious data-dependent bugs known to mankind.
> Variants include trash the stack, scribble the stack, mangle
> the stack; the term mung the stack is not used, as this is
> never done intentionally  [Read More...<http://insecure.org/stf/smashstack.html>
> ]

Common Vulnerabilities and Exposures (CVE) <http://cve.mitre.org>
URL: http://cve.mitre.org

Vikas had mentioned about the CVE database, just thought of sharing the link

CVE(R) International in scope and free for public use, CVE is a dictionary of
> publicly known information security vulnerabilities and exposures.
> CVE's common identifiers enable data exchange between security products and
> provide a baseline index point for evaluating coverage of tools and
> services.

OllyDbg <http://www.ollydbg.de/>
URL: http://www.ollydbg.de/

This is one tool which can be used to perform run time overflows and
assembly level manipulations which I had mentioned. This tool can be
downloaded for free. *Note: Dont mess your executables with Ollydbg unless
you know what you are doing.* Next session we will have demo with this tool.

OllyDbg is a 32-bit assembler level analysing debugger for Microsoft(R)
> Windows(R). Emphasis on binary code analysis makes it particularly useful in
> cases where source is unavailable

*Timestamp: Sun, 11 Jan 2009 12:23:24**

Follow me in Twitter <http://twitter.com/rajivvishwa>

On Sat, Jan 10, 2009 at 10:30 PM,
<owasp-bangalore-request at lists.owasp.org>wrote:

> Send OWASP-Bangalore mailing list submissions to
>        owasp-bangalore at lists.owasp.org
> To subscribe or unsubscribe via the World Wide Web, visit
>        https://lists.owasp.org/mailman/listinfo/owasp-bangalore
> or, via email, send a message with subject or body 'help' to
>        owasp-bangalore-request at lists.owasp.org
> You can reach the person managing the list at
>        owasp-bangalore-owner at lists.owasp.org
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of OWASP-Bangalore digest..."
> Today's Topics:
>   1. Gentle Remainder : Jan Meet on 11th @ ICH (Sundar N)
> ----------------------------------------------------------------------
> Message: 1
> Date: Sat, 10 Jan 2009 10:48:58 +0530
> From: "Sundar N" <suntracks at gmail.com>
> Subject: [OWASP-Bangalore] Gentle Remainder : Jan Meet on 11th @ ICH
> To: owasp-bangalore at lists.owasp.org
> Message-ID:
>        <c1e982c50901092118p73720afbtcebc558ab4cf1a25 at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
> Hello Everyone,
> It is Scheduled on Jan 11th @ 9.00 AM, India Coffee house, 1st Floor, MG
> Road.
> Also a session on 'Buffer Overflow' by Sumit.
> Looking Forward to meet you all there.
> Sundar.
> ------------------------------
> _______________________________________________
> OWASP-Bangalore mailing list
> OWASP-Bangalore at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-bangalore
> End of OWASP-Bangalore Digest, Vol 14, Issue 5
> **********************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-bangalore/attachments/20090111/f3207526/attachment.html 

More information about the OWASP-Bangalore mailing list