[OWASP-Bangalore] More Info related to Bufferoverflow
rajivvishwa at gmail.com
Sun Jan 11 02:00:30 EST 2009
It was a wonderful discussion on BoF we had today.
I just wanted to share few links to gives more insight on the BoF
Smashing The Stack For Fun And Profit<http://insecure.org/stf/smashstack.html>:
This is one good article which details about 'smashing the stack' process
with examples and other illustrations. Try this if you are keen in
understanding it thoroughly.
> `smash the stack` [C programming] n. On many C implementations
> it is possible to corrupt the execution stack by writing past
> the end of an array declared auto in a routine. Code that does
> this is said to smash the stack, and can cause return from the
> routine to jump to a random address. This can produce some of
> the most insidious data-dependent bugs known to mankind.
> Variants include trash the stack, scribble the stack, mangle
> the stack; the term mung the stack is not used, as this is
> never done intentionally [Read More...<http://insecure.org/stf/smashstack.html>
Common Vulnerabilities and Exposures (CVE) <http://cve.mitre.org>
Vikas had mentioned about the CVE database, just thought of sharing the link
CVE(R) International in scope and free for public use, CVE is a dictionary of
> publicly known information security vulnerabilities and exposures.
> CVE's common identifiers enable data exchange between security products and
> provide a baseline index point for evaluating coverage of tools and
This is one tool which can be used to perform run time overflows and
assembly level manipulations which I had mentioned. This tool can be
downloaded for free. *Note: Dont mess your executables with Ollydbg unless
you know what you are doing.* Next session we will have demo with this tool.
OllyDbg is a 32-bit assembler level analysing debugger for Microsoft(R)
> Windows(R). Emphasis on binary code analysis makes it particularly useful in
> cases where source is unavailable
*Timestamp: Sun, 11 Jan 2009 12:23:24**
Follow me in Twitter <http://twitter.com/rajivvishwa>
On Sat, Jan 10, 2009 at 10:30 PM,
<owasp-bangalore-request at lists.owasp.org>wrote:
> Send OWASP-Bangalore mailing list submissions to
> owasp-bangalore at lists.owasp.org
> To subscribe or unsubscribe via the World Wide Web, visit
> or, via email, send a message with subject or body 'help' to
> owasp-bangalore-request at lists.owasp.org
> You can reach the person managing the list at
> owasp-bangalore-owner at lists.owasp.org
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of OWASP-Bangalore digest..."
> Today's Topics:
> 1. Gentle Remainder : Jan Meet on 11th @ ICH (Sundar N)
> Message: 1
> Date: Sat, 10 Jan 2009 10:48:58 +0530
> From: "Sundar N" <suntracks at gmail.com>
> Subject: [OWASP-Bangalore] Gentle Remainder : Jan Meet on 11th @ ICH
> To: owasp-bangalore at lists.owasp.org
> <c1e982c50901092118p73720afbtcebc558ab4cf1a25 at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
> Hello Everyone,
> It is Scheduled on Jan 11th @ 9.00 AM, India Coffee house, 1st Floor, MG
> Also a session on 'Buffer Overflow' by Sumit.
> Looking Forward to meet you all there.
> OWASP-Bangalore mailing list
> OWASP-Bangalore at lists.owasp.org
> End of OWASP-Bangalore Digest, Vol 14, Issue 5
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Bangalore