Raw Notes ~ Lecture 7.1
Heap
· Used when space you need is not known at runtime. It is less controlled and requires the user to free() the memory
Format Strings
· "%n" means write to memory
· "%x" means print out next byte and put out as a hexadecimal. It can print out the function innards of previously used functions.
Bug Bounties
· Finding a bug on a program and informing the company using a report. Monetary rewards are often given out.
· Relies on the following of scope - details elements of the program that can be touched and tampered
Process
1. Find target via recon
2. Hit target and find vulnerability
3. Write a report
4. Submit report to company
Fuzzing
· Provide program with continuous input and monitor output and anomalies
· Mutation-based: user provides sample input and fuzzer mutates the input
Pen Testing
Repercussions if not completed:
· Data breach
· Ransomware
Importance:
· Discover vulnerabilities in system before attacks occur
· Helps test security elements
Process
1. Recon
2. Planning exploitation
3. Exploitation
4. Post exploitation: establish persistence
Tools
· Kali
· NMAP
· BURP