stack buffer overflows
play

Stack Buffer Overflows Deian Stefan Some slides adopted from Kirill - PowerPoint PPT Presentation

Sep 26, 2023 •230 likes •1.42k views

CSE 127: Computer Security Stack Buffer Overflows Deian Stefan Some slides adopted from Kirill Levchenko and Stefan Savage When is a program secure? When it does exactly what it should? Not more Not less But how do we know what

  1. 0xffffd0d8 $99 $88 $77 0x08049bbc 0xffffd0d8 %ebp $79 %esp

  2. 0xffffd0d8 $99 $88 $77 0x08049bbc 0xffffd0d8 %ebp $79 %esp

  3. 0xffffd0d8 $99 $88 $77 0x08049bbc 0xffffd0d8 %ebp $79 $91 %esp

  4. 0xffffd0d8 $99 $88 $77 0x08049bbc 0xffffd0d8 %ebp $79 $91 %esp

  5. 0xffffd0d8 $99 $88 $77 0x08049bbc 0xffffd0d8 %ebp $79 $91 $103 %esp

  6. 0xffffd0d8 $99 $88 $77 0x08049bbc 0xffffd0d8 %ebp $79 $91 $103 %esp

  7. 0xffffd0d8 $99 $88 $77 0x08049bbc 0xffffd0d8 %ebp $79 $91 $103 $293 %esp

  8. 0xffffd0d8 $99 $88 $77 0x08049bbc 0xffffd0d8 %ebp $79 $91 $103 $293 %esp

  9. 0xffffd0d8 $99 $88 $77 0x08049bbc 0xffffd0d8 %esp, %ebp $79 $91 $103 $293

  10. %ebp 0xffffd0d8 $99 $88 $77 0x08049bbc 0xffffd0d8 %esp $79 $91 $103 $293

  11. %esp, %ebp 0xffffd0d8 $99 $88 $77 0x08049bbc 0xffffd0d8 $79 $91 $103 $293 %eip = 0x08049bbc

  12. Example 1 argv argc #include <stdio.h> #include <string.h> saved ret int main( int argc, char **argv) { saved ebp char nice[] = "is nice."; %ebp char name[8]; nice[4-7] gets(name); printf("%s %s\n",name,nice); nice[0-3] return 0; name[4-7] } name[0-3] %esp

  13. Example 1 argv argc #include <stdio.h> #include <string.h> saved ret int main( int argc, char **argv) { saved ebp char nice[] = "is nice."; %ebp char name[8]; nice[4-7] gets(name); printf("%s %s\n",name,nice); nice[0-3] return 0; name[4-7] } name[0-3] %esp

  14. Example 1 argv argc #include <stdio.h> #include <string.h> saved ret int main( int argc, char **argv) { saved ebp char nice[] = "is nice."; %ebp char name[8]; nice[4-7] gets(name); printf("%s %s\n",name,nice); nice[0-3] return 0; name[4-7] } name[0-3] %esp

  15. Example 1 argv argc #include <stdio.h> #include <string.h> saved ret int main( int argc, char **argv) { saved ebp char nice[] = "is nice."; %ebp char name[8]; nice[4-7] gets(name); printf("%s %s\n",name,nice); nice[0-3] return 0; name[4-7] } name[0-3] %esp

  16. Example 1 argv argc #include <stdio.h> #include <string.h> saved ret int main( int argc, char **argv) { saved ebp char nice[] = "is nice."; %ebp char name[8]; nice[4-7] gets(name); printf("%s %s\n",name,nice); nice[0-3] return 0; name[4-7] } name[0-3] %esp What happens if we read a long name?

  17. Example 1 argv argc #include <stdio.h> #include <string.h> saved ret int main( int argc, char **argv) { saved ebp char nice[] = "is nice."; %ebp char name[8]; nice[4-7] gets(name); printf("%s %s\n",name,nice); nice[0-3] return 0; name[4-7] } name[0-3] %esp What happens if we read a long name?

  18. Example 1 argv argc #include <stdio.h> #include <string.h> saved ret int main( int argc, char **argv) { saved ebp char nice[] = "is nice."; %ebp char name[8]; nice[4-7] gets(name); printf("%s %s\n",name,nice); nice[0-3] return 0; name[4-7] } name[0-3] %esp If not null terminated can read more of the stack

  19. Let's run this program!

  20. Example 2 #include <stdio.h> #include <string.h> void foo() { printf("hello all!!\n"); exit(0); } void func( int a, int b, char *str) { int c = 0xdeadbeef; char buf[4]; strcpy(buf,str); } int main( int argc, char **argv) { func(0xaaaaaaaa,0xbbbbbbbb,argv[1]); return 0; }

  21. Example 2 #include <stdio.h> #include <string.h> void foo() { printf("hello all!!\n"); exit(0); } void func( int a, int b, char *str) { int c = 0xdeadbeef; char buf[4]; strcpy(buf,str); } int main( int argc, char **argv) { func(0xaaaaaaaa,0xbbbbbbbb,argv[1]); return 0; }

  22. Example 2 #include <stdio.h> argv[1] #include <string.h> 0xbbbbbbbb void foo() { printf("hello all!!\n"); 0xaaaaaaaa exit(0); } saved ret void func( int a, int b, char *str) { saved ebp int c = 0xdeadbeef; 0xdeadbeef char buf[4]; strcpy(buf,str); buf[0-3] } int main( int argc, char **argv) { func(0xaaaaaaaa,0xbbbbbbbb,argv[1]); return 0; }

  23. Example 2 #include <stdio.h> argv[1] #include <string.h> 0xbbbbbbbb void foo() { printf("hello all!!\n"); 0xaaaaaaaa exit(0); } saved ret void func( int a, int b, char *str) { saved ebp int c = 0xdeadbeef; %ebp 0xdeadbeef char buf[4]; strcpy(buf,str); buf[0-3] } int main( int argc, char **argv) { func(0xaaaaaaaa,0xbbbbbbbb,argv[1]); return 0; }

  24. Example 2 #include <stdio.h> argv[1] #include <string.h> 0xbbbbbbbb void foo() { printf("hello all!!\n"); 0xaaaaaaaa exit(0); } saved ret void func( int a, int b, char *str) { saved ebp int c = 0xdeadbeef; %ebp 0xdeadbeef char buf[4]; strcpy(buf,str); buf[0-3] } %esp int main( int argc, char **argv) { func(0xaaaaaaaa,0xbbbbbbbb,argv[1]); return 0; }

  25. Example 2 #include <stdio.h> argv[1] #include <string.h> 0xbbbbbbbb void foo() { printf("hello all!!\n"); 0xaaaaaaaa exit(0); } saved ret void func( int a, int b, char *str) { saved ebp int c = 0xdeadbeef; %ebp 0xdeadbeef char buf[4]; strcpy(buf,str); buf[0-3] } %esp int main( int argc, char **argv) { func(0xaaaaaaaa,0xbbbbbbbb,argv[1]); return 0; }

  26. Example 2 #include <stdio.h> 0x41414141 #include <string.h> 0x41414141 void foo() { printf("hello all!!\n"); 0x41414141 exit(0); } 0x41414141 void func( int a, int b, char *str) { 0x41414141 int c = 0xdeadbeef; %ebp 0x41414141 char buf[4]; strcpy(buf,str); 0x41414141 } %esp int main( int argc, char **argv) { func(0xaaaaaaaa,0xbbbbbbbb,argv[1]); return 0; } If first argument to program is “AAAAAAAA…”

  27. Example 2 #include <stdio.h> 0x41414141 #include <string.h> 0x41414141 void foo() { printf("hello all!!\n"); 0x41414141 exit(0); } 0x41414141 void func( int a, int b, char *str) { 0x41414141 int c = 0xdeadbeef; %ebp 0x41414141 char buf[4]; strcpy(buf,str); 0x41414141 } %esp int main( int argc, char **argv) { func(0xaaaaaaaa,0xbbbbbbbb,argv[1]); return 0; }

  28. Example 2 #include <stdio.h> 0x41414141 #include <string.h> 0x41414141 void foo() { printf("hello all!!\n"); 0x41414141 exit(0); } 0x41414141 void func( int a, int b, char *str) { 0x41414141 int c = 0xdeadbeef; %esp, %ebp 0x41414141 char buf[4]; strcpy(buf,str); 0x41414141 } int main( int argc, char **argv) { func(0xaaaaaaaa,0xbbbbbbbb,argv[1]); return 0; }

  29. Example 2 #include <stdio.h> 0x41414141 #include <string.h> 0x41414141 void foo() { printf("hello all!!\n"); 0x41414141 exit(0); } 0x41414141 void func( int a, int b, char *str) { 0x41414141 int c = 0xdeadbeef; %esp 0x41414141 char buf[4]; strcpy(buf,str); 0x41414141 } int main( int argc, char **argv) { func(0xaaaaaaaa,0xbbbbbbbb,argv[1]); return 0; } %ebp = 0x41414141

  30. Example 2 #include <stdio.h> 0x41414141 #include <string.h> 0x41414141 void foo() { printf("hello all!!\n"); 0x41414141 exit(0); } 0x41414141 void func( int a, int b, char *str) { 0x41414141 int c = 0xdeadbeef; %esp 0x41414141 char buf[4]; strcpy(buf,str); 0x41414141 } int main( int argc, char **argv) { func(0xaaaaaaaa,0xbbbbbbbb,argv[1]); return 0; } %ebp = 0x41414141 %eip = 0x41414141

  31. Example 2 #include <stdio.h> 0x41414141 #include <string.h> 0x41414141 void foo() { printf("hello all!!\n"); 0x41414141 exit(0); } 0x41414141 void func( int a, int b, char *str) { 0x41414141 int c = 0xdeadbeef; %esp 0x41414141 char buf[4]; strcpy(buf,str); 0x41414141 } int main( int argc, char **argv) { func(0xaaaaaaaa,0xbbbbbbbb,argv[1]); return 0; } %ebp = 0x41414141 %eip = 0x41414141

  32. Stack Buffer Overflow • If source string of strcpy controlled by attacker (and destination is on the stack) ➤ Attacker gets to control where the function returns by overwriting the return address ➤ Attacker gets to transfer control to anywhere! • Where do you jump?

  33. Existing functions #include <stdio.h> 0x41414141 #include <string.h> 0x41414141 void foo() { printf("hello all!!\n"); 0x41414141 exit(0); } 0x08049b95 void func( int a, int b, char *str) { 0x41414141 int c = 0xdeadbeef; %ebp 0x41414141 char buf[4]; strcpy(buf,str); 0x41414141 } %esp int main( int argc, char **argv) { func(0xaaaaaaaa,0xbbbbbbbb,argv[1]); return 0; }

  34. Existing functions #include <stdio.h> 0x41414141 #include <string.h> 0x41414141 void foo() { printf("hello all!!\n"); 0x41414141 exit(0); } 0x08049b95 void func( int a, int b, char *str) { 0x41414141 int c = 0xdeadbeef; %esp, %ebp 0x41414141 char buf[4]; strcpy(buf,str); 0x41414141 } int main( int argc, char **argv) { func(0xaaaaaaaa,0xbbbbbbbb,argv[1]); return 0; }

  35. Existing functions #include <stdio.h> 0x41414141 #include <string.h> 0x41414141 void foo() { printf("hello all!!\n"); 0x41414141 exit(0); } 0x08049b95 void func( int a, int b, char *str) { 0x41414141 int c = 0xdeadbeef; %esp 0x41414141 char buf[4]; strcpy(buf,str); 0x41414141 } int main( int argc, char **argv) { func(0xaaaaaaaa,0xbbbbbbbb,argv[1]); return 0; } %ebp = 0x41414141

  36. Existing functions #include <stdio.h> 0x41414141 #include <string.h> 0x41414141 void foo() { printf("hello all!!\n"); 0x41414141 exit(0); } 0x08049b95 void func( int a, int b, char *str) { 0x41414141 int c = 0xdeadbeef; %esp 0x41414141 char buf[4]; strcpy(buf,str); 0x41414141 } int main( int argc, char **argv) { func(0xaaaaaaaa,0xbbbbbbbb,argv[1]); return 0; } %ebp = 0x41414141 %eip = 0x08049b95

  37. Existing functions #include <stdio.h> 0x41414141 #include <string.h> 0x41414141 void foo() { printf("hello all!!\n"); 0x41414141 exit(0); } 0x08049b95 void func( int a, int b, char *str) { 0x41414141 int c = 0xdeadbeef; %esp 0x41414141 char buf[4]; strcpy(buf,str); 0x41414141 } int main( int argc, char **argv) { func(0xaaaaaaaa,0xbbbbbbbb,argv[1]); return 0; } %ebp = 0x41414141 %eip = 0x08049b95

  38. Let’s look at this in GDB (w/ GEF)

  39. Better Hijacking Control argv[1] 0xbbbbbbbb • Jump to attacker-supplied code 0xaaaaaaaa • Where? We have control of saved ret saved ebp string! %ebp 0xdeadbeef ➤ Put code in string buf[0-3] %esp ➤ Jump to start of string

  40. Better Hijacking Control shellcode • Jump to attacker-supplied code • Where? We have control of hijacked ret string! %ebp ➤ Put code in string %esp ➤ Jump to start of string

  41. Shellcode • Shellcode: small code fragment that receives initial control in an control flow hijack exploit ➤ Control flow hijack: taking control of instruction ptr • Earliest attacks used shellcode to exec a shell ➤ Target a setuid root program, gives you root shell

  42. Shellcode void main() { char *name[2]; name[0] = "/bin/sh"; name[1] = NULL; execve(name[0], name, NULL); }

  43. Shellcode • Can we just take output from gcc/clang?

  44. 
 
 
 Shellcode • There are some restrictions ➤ 1. Shellcode cannot contain null characters ‘\0’ ➤ Why not? ➤ Fix: use different instructions and NOPs to eliminate \0 ➤ 2. If payload is via gets() must also avoid line-breaks 


  45. How do we make this robust? shellcode • 3. Exact address of shellcode &shellcode[0] start not always easy to guess %ebp ➤ Miss? SEGFAULT! • Fix: NOP-sled %esp

  46. How do we make this robust? shellcode • 3. Exact address of shellcode ~&shellcode[0] start not always easy to guess %ebp ➤ Miss? SEGFAULT! • Fix: NOP-sled %esp

  47. How do we make this robust? shellcode NOP-sled • 3. Exact address of shellcode ~&shellcode[0] start not always easy to guess %ebp ➤ Miss? SEGFAULT! • Fix: NOP-sled %esp

  48. Metasploit helps!

  49. Buffer Overflow Defenses • Avoid unsafe functions • Stack canary • Separate control stack • Address Space Layout Randomization (ASLR) • Memory writable or executable, not both (W^X) • Control flow integrity (CFI)

  50. Avoiding Unsafe Functions • strcpy, strcat, gets, etc. • Plus: Good idea in general • Minus: Requires manual code rewrite • Minus: Non-library functions may be vulnerable ➤ E.g. user creates their own strcpy • Minus: No guarantee you found everything • Minus: alternatives are also error-prone

  51. Even printf is tricky If buf is under control of attacker 
 is: printf(“%s\n”, buf) safe?

Recommend

Smashing The Stack A detailed look at buffer overflows as described in Smashing the Stack for

Smashing The Stack A detailed look at buffer overflows as described in Smashing the Stack for

Smashing The Stack A detailed look at buffer overflows as described in Smashing the Stack for Fun and Profit by Aleph One Summer 2017 Roadmap 1 Process Memory Organization Text Fixed by program Includes code and read-only data

257 views • 22 slides
Buffer Overflows with Content 2 A Process Stack Buffer Overflow Common Techniques employed

Buffer Overflows with Content 2 A Process Stack Buffer Overflow Common Techniques employed

1 Buffer Overflows with Content 2 A Process Stack Buffer Overflow Common Techniques employed in buffer overflow exploits to create backdoors Execution of additional network services via the INETD daemon The addition of new users

497 views • 30 slides
On the effectiveness of NX, SSP, RenewSSP and ASLR against stack buffer overflows Hector

On the effectiveness of NX, SSP, RenewSSP and ASLR against stack buffer overflows Hector

On the effectiveness of NX, SSP, RenewSSP and ASLR against stack buffer overflows Hector Marco On the effectiveness of NX, SSP, RenewSSP and ASLR against stack buffer overflows Hector Marco-Gisbert , Ismael Ripoll Universit` at Polit` ecnica

528 views • 35 slides
Introduction Buffer Overflows Buffer overflows were the most common form of security

Introduction Buffer Overflows Buffer overflows were the most common form of security

Introduction Buffer Overflows Buffer overflows were the most common form of security vulnerability in the 90s. Buffer overflows dominate in the area of remote network penetration vulnerabilities. CS 465 They represent one of the

651 views • 4 slides
Lab 2: Buffer Overflows Fengwei Zhang SUSTech CS 315 Computer Security 1 Buffer Overflows

Lab 2: Buffer Overflows Fengwei Zhang SUSTech CS 315 Computer Security 1 Buffer Overflows

Lab 2: Buffer Overflows Fengwei Zhang SUSTech CS 315 Computer Security 1 Buffer Overflows One of the most common vulnerabilities in software Programming languages commonly associated with buffer overflows including C and C++

1.14k views • 17 slides
Buffer overflows (a security interlude) Address space layout the stack discipline + C's lack of

Buffer overflows (a security interlude) Address space layout the stack discipline + C's lack of

Buffer overflows (a security interlude) Address space layout the stack discipline + C's lack of bounds-checking HUGE PROBLEM x86-64 Linux Memory Layout ... ... 0x00007fffffffffff Stack not drawn to scale Caller Frame Extra Arguments

325 views • 16 slides
ECS 153 Discussion Section April 6, 2015 1 What Well Cover Goal : To

ECS 153 Discussion Section April 6, 2015 1 What Well Cover Goal : To

ECS 153 Discussion Section April 6, 2015 1 What Well Cover Goal : To discuss buffer overflows in detail Stack-based buffer overflows Smashing the stack: execution from the stack

620 views • 37 slides
Computer Security Buffer Overflows Denial of Service MIE456 Joseph Kong Overview Program

Computer Security Buffer Overflows Denial of Service MIE456 Joseph Kong Overview Program

Computer Security Buffer Overflows Denial of Service MIE456 Joseph Kong Overview Program Exploitation Buffer Overflows Memory Declaration Smashing The Stack TCP/IP Three Way Handshake Denial of Service SYN Flooding

403 views • 13 slides
Buffer overflows (a security interlude) IA32 Linux Memory Layout ...

Buffer overflows (a security interlude) IA32 Linux Memory Layout ...

11/20/15 Buffer overflows (a security interlude) IA32 Linux Memory Layout ... FF ... How address space layout, the stack discipline, and C's lack of Stack

726 views • 4 slides
Stack buffer overflows Deian Stefan Some slides adopted from Kirill Levchenko and Stefan Savage

Stack buffer overflows Deian Stefan Some slides adopted from Kirill Levchenko and Stefan Savage

CSE 127: Computer Security Stack buffer overflows Deian Stefan Some slides adopted from Kirill Levchenko and Stefan Savage When is a program secure? Formal approach: When it does exactly what it should Not more Not less But how

1.5k views • 92 slides
Lab 2: Buffer Overflows Fengwei Zhang Wayne State University Course: Cyber Security Prac@ce 1

Lab 2: Buffer Overflows Fengwei Zhang Wayne State University Course: Cyber Security Prac@ce 1

Lab 2: Buffer Overflows Fengwei Zhang Wayne State University Course: Cyber Security Prac@ce 1 Buffer Overflows One of the most common vulnerabili@es in soEware Programming languages commonly associated with buffer overflows including

199 views • 17 slides
Lab 2: Buffer Overflows Fengwei Zhang Wayne State University CSC 5991 Cyber Security PracCce 1

Lab 2: Buffer Overflows Fengwei Zhang Wayne State University CSC 5991 Cyber Security PracCce 1

Lab 2: Buffer Overflows Fengwei Zhang Wayne State University CSC 5991 Cyber Security PracCce 1 Buffer Overflows One of the most common vulnerabiliCes in soGware Programming languages commonly associated with buffer overflows including

195 views • 17 slides
CPSC 213 2.8 Textbook Procedures, Out-of-Bounds Memory References and Buffer Overflows

CPSC 213 2.8 Textbook Procedures, Out-of-Bounds Memory References and Buffer Overflows

Reading Companion CPSC 213 2.8 Textbook Procedures, Out-of-Bounds Memory References and Buffer Overflows 3.7, 3.12 Introduction to Computer Systems Unit 1e Procedures and the Stack 1 2 Local Variables of a Procedure

248 views • 7 slides
Buffer Software Security overflows and other memory safety vulnerabilities Buffer overflow

Buffer Software Security overflows and other memory safety vulnerabilities Buffer overflow

Last time We continued By launching our 1st section: Buffer Software Security overflows and other memory safety vulnerabilities Buffer overflow fundamentals This time We will finish up By looking at Buffer Overflow overflows

1.33k views • 103 slides
Buffer Overflows and Defenses CS 419: Computer Security Lecture 10 and 11 Buffer Overflow a

Buffer Overflows and Defenses CS 419: Computer Security Lecture 10 and 11 Buffer Overflow a

Buffer Overflows and Defenses CS 419: Computer Security Lecture 10 and 11 Buffer Overflow a very common attack mechanism from 1988 Morris Worm to Code Red, Slammer, Sasser and many others prevention techniques known still of major concern

873 views • 53 slides
ASLR &amp; DEP DAVID HEAVERN Problem Statement Security Issues Buffer Overflows

ASLR &amp; DEP DAVID HEAVERN Problem Statement Security Issues Buffer Overflows

ASLR &amp; DEP DAVID HEAVERN Problem Statement Security Issues Buffer Overflows Buffer overflows are the source of many of the common vulnerabilities in modern software Caused by not checking the source length when writing to a

1.88k views • 130 slides
CSE 484 / CSE M 584 Computer Security: Buffer Overflows

CSE 484 / CSE M 584 Computer Security: Buffer Overflows

CSE 484 / CSE M 584 Computer Security: Buffer Overflows II TA: Viktor Farkas vfarkas@cs Original slides by Franzi Lab 1 Deadline Reminders Lab

373 views • 11 slides
More Vulnerabilities (buffer overreads, format string, integer overflow, heap overflows) Chester

More Vulnerabilities (buffer overreads, format string, integer overflow, heap overflows) Chester

More Vulnerabilities (buffer overreads, format string, integer overflow, heap overflows) Chester Rebeiro Indian Institute of Technology Madras Buffer Overreads 2 Buffer Overread Example 3 Buffer Overread Example len read from command line

906 views • 76 slides
1 Connection Establishment Data Exchange Clients connect to an SSH server on port Once

1 Connection Establishment Data Exchange Clients connect to an SSH server on port Once

Where in the stack is security? Attacks can be targeted at any layer of the 16: protocol stack Application layer: Password and data sniffing, Forged Exploits and Defenses Up and transactions, Security holes, Buffer Overflows?

1.15k views • 9 slides
CS 241 Data Organization Buffer Overflows December 4, 2018 The Problem Exploitation Use

CS 241 Data Organization Buffer Overflows December 4, 2018 The Problem Exploitation Use

CS 241 Data Organization Buffer Overflows December 4, 2018 The Problem Exploitation Use large strings (or other datatypes) to overflow a buffer Craft input to make the server do whatever you want Easy to crash a program Harder

256 views • 11 slides
CSE 351 Section 5 More Stack Stuff (selected slides by Tom Bergan) Written HW #2 Due

CSE 351 Section 5 More Stack Stuff (selected slides by Tom Bergan) Written HW #2 Due

CSE 351 Section 5 More Stack Stuff (selected slides by Tom Bergan) Written HW #2 Due tomorrow at 5PM Try not to use late days on the written assignments, save them for the labs Questions? Stack review Lab 3 - Buffer Overflows

575 views • 31 slides
Security: Buffer Overflows and Defenses CS 416: Operating Systems Design Department of Computer

Security: Buffer Overflows and Defenses CS 416: Operating Systems Design Department of Computer

Security: Buffer Overflows and Defenses CS 416: Operating Systems Design Department of Computer Science Rutgers University http://www.cs.rutgers.edu/~vinodg/416 Buffer Overflow a very common attack mechanism from 1988 Morris Worm to Code Red,

950 views • 55 slides
Buffer Overflows: What They Are, and How to Avoid Them Ricardo J. Rodr guez All wrongs

Buffer Overflows: What They Are, and How to Avoid Them Ricardo J. Rodr guez All wrongs

Buffer Overflows: What They Are, and How to Avoid Them Ricardo J. Rodr guez All wrongs reversed rj.rodriguez@unileon.es @RicardoJRdez www.ricardojrodriguez.es Research Institute of Applied Sciences in Cybersecurity University of

825 views • 50 slides
Computer Security Sec4on Week 2: Buffer Overflows TA:

Computer Security Sec4on Week 2: Buffer Overflows TA:

CSE 484 / CSE M 584 Computer Security Sec4on Week 2: Buffer Overflows TA: Thomas Crosley tcrosley@cs Thanks to Franzi Roesner, Adrian

502 views • 14 slides

More recommend