Computer Systems

Attacks

Software Exploits

Table of Contents

Buffer Overflow Attacks

C/C++ is used for most systems programs and operating systems, but the compilers don’t check array bounds.

buffer-overflow

Data execution prevention

Code Reuse Attack

Non-control flow diverting attacks

Format-string attacks

int main(int argc, char **argv) {
    int i = 0;
    printf("Hello %nworld\n", &i);
    printf("i=%d\n", i);
}
// outputs:
// Hello World!
// 6

Dangling Pointers

Null Pointer Dereference Attacks

Integer Overflow Attacks

Command Injection Attack

printf("enter destination: ");
gets(dst);
strcat(cmd, dst);
system(cmd);

Time of Check to Time of Use

int fd;
if (access("./my_document", W_OK) != 0) {
    exit(1);
}

fd = open("./my_document", O_WRONLY);
write(fd, user_input, sizeof(user_input));

Insider Attacks

Logic Bomb

Back Door

Login spoofing

Malware

Viruses

Companion virus

Executable Program Virus

parasitic-virus

Memory Resident Virus

Boot sector viruses

Device Driver viruses

Macro Viruses

Source code viruses

#include <virus.h>

run_virus()

Spyware

Rootkit

rootkit


Edit this page.