Yuji Ukai: Environment Dependencies In Windows Exploitation(Japanese) Black Hat Briefings, Japan 2004 [Audio] Presentations From The Security Conference podcast

Black Hat and Jeff Moss에서 제공하는 콘텐츠입니다. 에피소드, 그래픽, 팟캐스트 설명을 포함한 모든 팟캐스트 콘텐츠는 Black Hat and Jeff Moss 또는 해당 팟캐스트 플랫폼 파트너가 직접 업로드하고 제공합니다. 누군가가 귀하의 허락 없이 귀하의 저작물을 사용하고 있다고 생각되는 경우 여기에 설명된 절차를 따르실 수 있습니다 https://ko.player.fm/legal.

Black Hat Briefings, Japan 2004 [Audio] Presentations from the security conference
Yuji Ukai: Environment Dependencies in Windows Exploitation(Japanese)

18y ago 41:58

MP3•에피소드 홈

"In the case of vulnerabilities which allow the execution of arbitrary machine code, the reliability of exploitation is swayed by the type of vulnerability, the conditions surrounding the vulnerable code, and the attack vector, among other considerations. The reliability of exploitation an important factor for those attempting to exploit a vulnerability'especially so for worm and virus writers'so therefore it is also an important consideration for the threat analysis of security vulnerabilities. In Japan, some public institutions and non-governmental enterprises are providing detailed information and threat analyses of vulnerabilities, exploits, and worms. Because the majority of the systems in Japan run the Japanese version of Windows, the analysis and consideration of language-specific dependencies are very important factors for both the providers and consumers of such information in Japan, especially in case of the worms. Since one of highest priorities of a worm is to propagate as far as possible, some recent worms have employed techniques that avoid language and version dependencies, such as choosing return addresses that can be used across multiple language versions of Windows. In this presentation, the discussion of detailed and practical techniques to achieve environment independence will be avoided, but, at least understanding the technical overview and potentiality of these techniques is important for both providing proper threat analyses, and understanding them in depth. In Black Hat USA 2004, as part of our threat analysis research, we discussed return address discovery using context-aware machine code emulation'namely, our EEREAP project' which is intended to help prove whether universal return addresses exist. In Black Hat Japan 2004, we will expand on this presentation, and we will both explore the risk factors that aid in the avoidance of language and version dependencies, and show how to mitigate these risks. Yuji Ukai is a researcher and senior software engineer with eEye Digital Security. After completing his Ph.D. in computer science at the National University of Tokushima, he began his employment at an appliance vendor in Japan where he developed embedded operating systems. Over the last several years he has discovered several important security holes affecting various software products (Workstation Service and LSASS for Windows, etc) as well as pioneered new trends in wireless security technologies."

22 에피소드