Control-Flow Attacks

Topics and Goals

• Basics of buffer overflow attacks
  • Identify and exploit a basic buffer overflow
• Format String Attacks
  • Identify and exploit format-string vulnerabilities

Buffer Overflows

• What is a control flow highjack?
• What enables buffer overflows?
• What can they accomplish?
• How does a basic buffer overflow work?
• What makes buffer overflows more challenging in practice?
  • How can attacker overcome these challenges

Format String Attacks

• How do variadic functions work?

• Which format specifiers can be abused in an attack?

• How can we use a format-string vulnerability to:

  • View a specific memory address?
    • Why is this useful?
  • Write to a specific memory address?
    • Why is this useful?
  • Write a specific value to a specific memory address?