Buffer Overflow Hacking Tutorial (Bypass Passwords)

Learn Buffer Overflows from one of the masters - Stephen Sims - SANS instructor, course developer and well known reverse engineer with over 20 years of experience! Big thanks to Brilliant for sponsoring this video! Get started with a free 30 day trial and 20% discount: https://brilliant.org/DavidBombal // A bit about Stephen // Stephen is an industry expert with over 20 years of experience in information technology and security. He's authored SANS most advanced course, SEC760: Advanced Exploit Development for Penetration Testers, was the 9th person in the world to earn the GIAC Security Expert certification (GSE), and co-author of the Gray Hat Hacking book series, as well as a keynote speaker who's appeared at RSA USA and APJ, OWASP AppSec, BSides events and more. On top of all this, Stephen is Curriculum Lead for SANS Offensive Operations. // Stephen's Social // Twitter: https://twitter.com/Steph3nSims YouTube Live: https://www.youtube.com/@OffByOneSecurity/streams YouTube videos: https://www.youtube.com/@OffByOneSecurity/videos E-mail: Stephen(at)deadlisting.com SANS: https://www.sans.org/profiles/stephen-sims/ // Stephen's Book // Grey Hat Hacking: https://amzn.to/3B1FeIK // David's Social // Discord: https://discord.gg/davidbombal X: https://www.twitter.com/davidbombal Instagram: https://www.instagram.com/davidbombal LinkedIn: https://www.linkedin.com/in/davidbombal Facebook: https://www.facebook.com/davidbombal.co TikTok: http://tiktok.com/@davidbombal // Menu // 00:00 - Buffer overflows 00:50 - Sponsor 01:36 - Stephen Sims introduction 03:21 - Overview of buffer overflows 04:44 - Future of buffer overflows 09:17 - C program demo 14:14 - strcopy vulnerability 14:45 - Shell code role 18:45 - Rust vs C? 20:05 - Rust vs other languages 21:23 - Heap & stack memory 26:32 - SigRed vulnerability 29:02 - DNS query role 30:49 - Heap overflow cause 35:00 - No args program check 37:06 - Program overview 41:10 - Hex & Stack 42:29 - Buffer overflow demo 42:53 - Determining buffer size 45:03 - Authentication bypass 50:33 - ASLR & Exploitation 52:01 - Memory & Environment // Detailed outline of video: // 00:00:01 - Buffer overflow intro 00:00:12 - Pattern tool importance 00:00:27 - Overwriting return point 00:00:38 - Return to system function 00:00:44 - Authentication bypass success 00:00:50 - Advert 00:01:58 - Stephen's intro & channel 00:03:21 - Stephen on buffer overflows 00:03:42 - Buffer overflow history 00:04:18 - Mitigations & shadow stacks 00:04:44 - Future of buffer overflows 00:05:54 - Shadow stack obstacles 00:06:04 - Understanding tech basics 00:06:19 - Microsoft & IoT implementations 00:06:27 - Buffer overflow concept 00:08:53 - Buffer overflow explanation 00:09:17 - C program demo 00:11:04 - User input handling 00:12:53 - 'A' letter in debugging 00:13:47 - Vulnerable program recap 00:14:14 - strcopy vulnerability 00:14:45 - Shell code role 00:15:42 - Stack overflow goal 00:15:58 - Mitigation techniques 00:16:18 - Data execution prevention 00:18:29 - Stack pop & language benefits 00:18:38 - Old-school attacks 00:18:45 - Rust vs C? 00:18:52 - Microsoft & Rust 00:19:20 - Rust benefits 00:19:37 - Transitioning to Rust 00:20:05 - Rust vs other languages 00:20:34 - C++ legacy queries 00:20:57 - Retraining devs 00:21:13 - Command line intro 00:21:23 - Heap & stack memory 00:21:42 - Memory code segment 00:22:03 - Stack memory understanding 00:22:37 - Dynamic memory usage 00:26:32 - SigRed vulnerability 00:27:13 - Disassembly importance 00:27:46 - Machine code relation 00:28:01 - Vulnerable code snippets 00:28:35 - Size argument complexity 00:29:02 - DNS query role 00:29:56 - Memory allocation in DNS 00:30:49 - Heap overflow cause 00:31:53 - Server-side vulnerability 00:32:18 - Explanation compliments 00:32:21 - Mitigation discussion 00:34:10 - Checking ID 00:34:16 - UID & processes 00:34:32 - C arguments 00:35:00 - No args program check 00:35:46 - Calling vulnerable function 00:36:05 - Creating checkpw function 00:37:06 - Program overview 00:37:55 - Buffer overflow talk 00:38:27 - Program compiling 00:41:10 - Hex & Stack 00:41:18 - checkpw vulnerability 00:41:44 - Buffer size 00:42:29 - Buffer overflow demo 00:42:53 - Determining buffer size 00:44:06 - Return pointer exploit 00:45:03 - Authentication bypass 00:46:47 - Return-to-libc & DEP 00:47:16 - System function manipulation 00:47:45 - Memory address exploit 00:49:23 - Command execution 00:50:33 - ASLR & Exploitation 00:52:01 - Memory & Environment 00:53:48 - Return-to-libc talk buffer buffer overflow buffer overflow attack windows linux exploits Disclaimer: This video is for educational purposes only. I own all equipment used for this demonstration. No actual attack took place on any websites. Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! #bufferoverflow #linux #windows