Advanced Buffer Overflow Techniques presented at BlackHatAsia 2000

by Greg Hoglund,

Summary : This is a technical talk aimed at people who have already been exposed to buffer overflows and want to learn more. The talk assumes the audience has at least some knowledge of CPU's and Processes. For those of you who already understand buffer overflows, this talk will be a refreshing discourse on technique. We will show how the injection method can be decoupled from the payload. We then explore the details and challenges of injecting code into a remote process. We will also explore the payload, the encoding methods, and how to dynamically load new functions. Lastly, we discuss the possible effects of a payload, including network worms, virus, and rootkits.