Learn Buffer Overflows from one of the masters - Stephen Sims - SANS instructor, course developer and well known reverse engineer with over 20 years of experience! Big thanks to Brilliant for sponsoring this video! Get started with a free 30 day trial and 20% discount: brilliant.org/DavidBombal // A bit about Stephen // Stephen is an industry expert with over 20 years of experience in information technology and security. He's authored SANS most advanced course, SEC760: Advanced Exploit Development for Penetration Testers, was the 9th person in the world to earn the GIAC Security Expert certification (GSE), and co-author of the Gray Hat Hacking book series, as well as a keynote speaker who's appeared at RSA USA and APJ, OWASP AppSec, BSides events and more. On top of all this, Stephen is Curriculum Lead for SANS Offensive Operations. // Stephen's Social // Twitter: twitter.com/Steph3nSims RUclips Live: www.youtube.com/@OffByOneSecurity/streams RUclips videos: www.youtube.com/@OffByOneSecurity/videos E-mail: Stephen(at)deadlisting.com SANS: www.sans.org/profiles/stephen-sims/ // Stephen's Book // Grey Hat Hacking: amzn.to/3B1FeIK // David's Social // Discord: discord.gg/davidbombal X: twitter.com/davidbombal Instagram: instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal // Menu // 00:00 - Buffer overflows 00:50 - Sponsor 01:36 - Stephen Sims introduction 03:21 - Overview of buffer overflows 04:44 - Future of buffer overflows 09:17 - C program demo 14:14 - strcopy vulnerability 14:45 - Shell code role 18:45 - Rust vs C? 20:05 - Rust vs other languages 21:23 - Heap & stack memory 26:32 - SigRed vulnerability 29:02 - DNS query role 30:49 - Heap overflow cause 35:00 - No args program check 37:06 - Program overview 41:10 - Hex & Stack 42:29 - Buffer overflow demo 42:53 - Determining buffer size 45:03 - Authentication bypass 50:33 - ASLR & Exploitation 52:01 - Memory & Environment buffer buffer overflow buffer overflow attack windows linux exploits Disclaimer: This video is for educational purposes only. I own all equipment used for this demonstration. No actual attack took place on any websites. Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
Thank you, David, for these very useful videos for us. I wish you would have another channel in which the videos would be dubbed into Arabic so that they would benefit the Arab community. Thank you once again. ❤❤
Anytime I see Stephen I know we're in for a technical treat. His channel is fantastic for anyone who wants to get into the specifics of different types of attacks.
That was just genius, masterclass-level stuff. I will be watching this many times. In my final quarter at Uni I had a malware analysis class where whe dug into the registers, the stack frame, instruction pointers, the PE header, and using olly debug to RE some malware was the Final. I did great, but one quarter was not enough lol. Not nearly. A lot of this was familiar, but reinvigorated my curiosity. This dude is clearly an absolutely incredible instructor. Looking forward to the re-watches of this one. !
Yeah, Stephen Sims is the real deal. Guess that is why those Sans courses are big $ 😂 I knew I recognized the name; years ago I had some bootleg sans coursework in pdf and the exploit dev module (SANS 760 iirc) was written by him. Just recently discovered his RUclips content and I’m excited. Very hard to find genuinely great intermediate to advanced tutorial knowledge. Feels like sometimes everything is geared toward beginners and once you get past the basics all other info is buried in a sea of “hello world” videos. Great to see quality teaching of more advanced topics in tech!
Amazing! Pro stuff Stephen and David. Can Stephen return to this channel with some basic intros into Buffer overflow, the reverse shell, and all the cool stuff we've seen here? Or if you could share some pointers to his work in case this content already exists?
Very cool. I have used Ghedria to do this but this is the first time I have seen it done with gef. This really helped with my understanding of these overflows. I understood the process but not really all the details. More like this please.
I remember demonstrating a buffer overflow in my University course back in 2007. I demonstrated a buffer overflow in a Microsoft Access by opening the CD Drive when you opened a malformed Microsoft Access file. Are buffer overflows still relevant today?
So instead of making the stack pointer only writable to control statements, you mark data as not executable, so when due to lack of bounds checking the stack pointer is overwritten, it's not executable, which it wasn't in the first place, so execution resumes with your data, which can't be executed due to DEP, so use the executable heap memory instead of the stack and poorly-written code to overwrite the heap pointer with a known function and your choice of parameter such as a path to an executable into a popen.
are all these things that you all present possible on new cisco systems, palo alto systems etc, since you made an emphasys on cisco firewall being a massive box?
1. I may have learned more from watching things NOT go according to plan than I would have if everything went smoothly. 2. I have a deep love for anything command line, so watching Sims run through some live command line exploits was like... *muah~*.
Feel free to correct me if I'm wrong, but couldn't this be used to jailbreak an iPhone? obviously not by itself, but as a way of obtaining escalated privileges
bro i first stumbled upon tutorials about buffer overflows when i was a kid sometime in late 90s. It was explained in every possible way ever since because it's like a gateway to reverse engineering. And I was late to the party already, when I started being 8 years old, people already were presenting tutorials about buffer, stack and heap overflows in popular applications and teaching making exploits. Where's the rock you've been living under? Don't underestimate your abilities to google. You can learn everything by googling. David is nice at explaining things but do your homework on your own once in a while if you ever wanna learn anything, you'll thank me later. Good luck!
Is it important to know low level languages such as assembly code and the x86 something he mentioned in the sig red example in modern times my teach said its old languages and dont matter but i feel likes hes wrong?
Hey David I've been a subscriber for a while now, and I loved your content since the beginning, I noticed that you've done a video about scripting in python using the telnet lib and gns3, I'm currently on a remote internship ( Network/ Software ), the task requires a connection to the cisco router or switch so I implemented a solution using telnetlib, but I need now to implement a serial connection which got me stuck because I've been searching for a way to emulate the serial communication ( we usually do in putty when connecting the router with the console cable ) between a python script from my computer and the emulated device in gns3. I would appreciate any help
14:10 Couldn't the developer include a guard clause in the function that throws an error in the event that the input being passed exceeds the buffer size?
Learn Buffer Overflows from one of the masters - Stephen Sims - SANS instructor, course developer and well known reverse engineer with over 20 years of experience!
Big thanks to Brilliant for sponsoring this video! Get started with a free 30 day trial and 20% discount: brilliant.org/DavidBombal
// A bit about Stephen //
Stephen is an industry expert with over 20 years of experience in information technology and security. He's authored SANS most advanced course, SEC760: Advanced Exploit Development for Penetration Testers, was the 9th person in the world to earn the GIAC Security Expert certification (GSE), and co-author of the Gray Hat Hacking book series, as well as a keynote speaker who's appeared at RSA USA and APJ, OWASP AppSec, BSides events and more. On top of all this, Stephen is Curriculum Lead for SANS Offensive Operations.
// Stephen's Social //
Twitter: twitter.com/Steph3nSims
RUclips Live: www.youtube.com/@OffByOneSecurity/streams
RUclips videos: www.youtube.com/@OffByOneSecurity/videos
E-mail: Stephen(at)deadlisting.com
SANS: www.sans.org/profiles/stephen-sims/
// Stephen's Book //
Grey Hat Hacking: amzn.to/3B1FeIK
// David's Social //
Discord: discord.gg/davidbombal
X: twitter.com/davidbombal
Instagram: instagram.com/davidbombal
LinkedIn: www.linkedin.com/in/davidbombal
Facebook: facebook.com/davidbombal.co
TikTok: tiktok.com/@davidbombal
// Menu //
00:00 - Buffer overflows
00:50 - Sponsor
01:36 - Stephen Sims introduction
03:21 - Overview of buffer overflows
04:44 - Future of buffer overflows
09:17 - C program demo
14:14 - strcopy vulnerability
14:45 - Shell code role
18:45 - Rust vs C?
20:05 - Rust vs other languages
21:23 - Heap & stack memory
26:32 - SigRed vulnerability
29:02 - DNS query role
30:49 - Heap overflow cause
35:00 - No args program check
37:06 - Program overview
41:10 - Hex & Stack
42:29 - Buffer overflow demo
42:53 - Determining buffer size
45:03 - Authentication bypass
50:33 - ASLR & Exploitation
52:01 - Memory & Environment
buffer
buffer overflow
buffer overflow attack
windows
linux
exploits
Disclaimer: This video is for educational purposes only. I own all equipment used for this demonstration. No actual attack took place on any websites.
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
Thank you, David, for these very useful videos for us. I wish you would have another channel in which the videos would be dubbed into Arabic so that they would benefit the Arab community. Thank you once again. ❤❤
Anytime I see Stephen I know we're in for a technical treat. His channel is fantastic for anyone who wants to get into the specifics of different types of attacks.
bbb
That was just genius, masterclass-level stuff. I will be watching this many times. In my final quarter at Uni I had a malware analysis class where whe dug into the registers, the stack frame, instruction pointers, the PE header, and using olly debug to RE some malware was the Final. I did great, but one quarter was not enough lol. Not nearly. A lot of this was familiar, but reinvigorated my curiosity. This dude is clearly an absolutely incredible instructor. Looking forward to the re-watches of this one. !
Yeah, Stephen Sims is the real deal. Guess that is why those Sans courses are big $ 😂 I knew I recognized the name; years ago I had some bootleg sans coursework in pdf and the exploit dev module (SANS 760 iirc) was written by him. Just recently discovered his RUclips content and I’m excited. Very hard to find genuinely great intermediate to advanced tutorial knowledge. Feels like sometimes everything is geared toward beginners and once you get past the basics all other info is buried in a sea of “hello world” videos. Great to see quality teaching of more advanced topics in tech!
I always love when Stephen Sims is on. He's such a great teacher. Thanks!
these 2 have ocean of knowledge. It's a delight to watch this video. Thanks David and Stephen
Pretty interesting content, buffer overflow is old school but never gets old. Thanks for sharing
It's great to see that i was studying Buffer overflow and here is the video to understand Better. David you are doing right thing!
I finished linux basic foundation, ready to learn more for any Linux distribution commands BASH (kali, Ubuntu, Debian and more)!!
I'm in love with those long tutorial and demo, thank you David & Steph
Glad you like them!
I was hoping for so long for you to bring Stephen again on your show David, you're both amazing! Thank you!! Please bring him again if possible
Sims is a legend. Hope to see some reversing in the future.
It is chef's kiss content, explanations were on point, thanks for bringing such a brilliant guest to your channel
David thank you so much for this video!! As someone passionately interested in exploit development, this information is invaluable!! Thank you
You are the best person in this field. I am from Egypt and I love you very much because you are a fun person and your explanation is simple and easy.
Very kind of you to say that :)
I wish Stephen and Ocupy the web in one program that will be a hell of crazy fantastic. Thank you David .
David Bombal your are amazing person who always helps people
Big thanks
Thank you! Helping people is really important :)
Fantastic guest! Great video David, you're really outdoing yourself.
Thank you! Glad you enjoyed it
Very informative video, I learned what I didn't know, let Stephen come again
Amazing! Pro stuff Stephen and David. Can Stephen return to this channel with some basic intros into Buffer overflow, the reverse shell, and all the cool stuff we've seen here? Or if you could share some pointers to his work in case this content already exists?
Very cool. I have used Ghedria to do this but this is the first time I have seen it done with gef. This really helped with my understanding of these overflows. I understood the process but not really all the details. More like this please.
I love how you collab with other content creators, more content like this🤜🏻
Thank you! Glad you enjoy it! It's great to collaborate with others as no one can know everything.
'Buffer, The Vampire's Layer'
lol
Smashing the stack... Buffer overflow still with us? I guess I shouldn't be surprised.
the editor deserves a raise that quote part lmfaoo
Woo MrBombla it looks like it's inevitable for the futur n egeneers to learn coding thx for that
I remember demonstrating a buffer overflow in my University course back in 2007. I demonstrated a buffer overflow in a Microsoft Access by opening the CD Drive when you opened a malformed Microsoft Access file.
Are buffer overflows still relevant today?
So instead of making the stack pointer only writable to control statements, you mark data as not executable, so when due to lack of bounds checking the stack pointer is overwritten, it's not executable, which it wasn't in the first place, so execution resumes with your data, which can't be executed due to DEP, so use the executable heap memory instead of the stack and poorly-written code to overwrite the heap pointer with a known function and your choice of parameter such as a path to an executable into a popen.
been wanting to get taught this since i didnt in university business IT degree... lol thanks highest education tube
wow 😯😲 Amazing,so many topics got revised and learnt a lot ,thanks david for such content.
are all these things that you all present possible on new cisco systems, palo alto systems etc, since you made an emphasys on cisco firewall being a massive box?
David, can you make a video explaining how memories work? Stephen references always to memory addresses but what is that?
1. I may have learned more from watching things NOT go according to plan than I would have if everything went smoothly.
2. I have a deep love for anything command line, so watching Sims run through some live command line exploits was like... *muah~*.
Your doing a great job David. Thank the content.I did send you a messsege via your support mail.May you continue inspiring many.
Amazing video! Thanks for sharing :) so interesting and great show and tell! Fascinating
I always wondered about the differences between C and C##.
Thanks for this tutorial 28:36
If I want to get into pen Testing is it better to get a SOC or help desk position first or just start pen Testing?
Great video! more technical videos like this pls.
Great work including the programing!
david tell him to zoom in on his screen on his youtube we cant see the commands he types or anything great video by the way
love ur work man trust me
Thank you! I appreciate that!
what an amazing explanation thank you for the content
David could you kindly share the best courses on linux and database administrator..
Feel free to correct me if I'm wrong, but couldn't this be used to jailbreak an iPhone? obviously not by itself, but as a way of obtaining escalated privileges
for heap overflow ? could you explain please ?or , is it the same principe ?
I like stuff like this! Linux is BOMB if it were'nt MS would not include cgwin into powershell
This has to be one of my favorite vidoes so far from you @davidBombal PLEASE MAKE MORE EXPLORING IN DEPTH BoF!!
one of the best fucking things I've seen on youtube.
I always wondered just how buffer overflows worked
Stephen does an amazing job both explaining the theory and practically demonstrating this :)
bro i first stumbled upon tutorials about buffer overflows when i was a kid sometime in late 90s. It was explained in every possible way ever since because it's like a gateway to reverse engineering. And I was late to the party already, when I started being 8 years old, people already were presenting tutorials about buffer, stack and heap overflows in popular applications and teaching making exploits. Where's the rock you've been living under? Don't underestimate your abilities to google. You can learn everything by googling. David is nice at explaining things but do your homework on your own once in a while if you ever wanna learn anything, you'll thank me later. Good luck!
Is it important to know low level languages such as assembly code and the x86 something he mentioned in the sig red example in modern times my teach said its old languages and dont matter but i feel likes hes wrong?
Hey David I've been a subscriber for a while now, and I loved your content since the beginning, I noticed that you've done a video about scripting in python using the telnet lib and gns3, I'm currently on a remote internship ( Network/ Software ), the task requires a connection to the cisco router or switch so I implemented a solution using telnetlib, but I need now to implement a serial connection which got me stuck because I've been searching for a way to emulate the serial communication ( we usually do in putty when connecting the router with the console cable ) between a python script from my computer and the emulated device in gns3.
I would appreciate any help
53:39 core memory dump would have saved everything including env vars. Then look at the dump right?
Thank you David for good tontent!
In reality, I was studying on an electronics certificate. Because that is was they work with
This is excellent! Thanks
This was great 👍 kudos
More Of This exploitation. Very very good video
And where is that "link below"?
14:10 Couldn't the developer include a guard clause in the function that throws an error in the event that the input being passed exceeds the buffer size?
Then just mimic a smaller buffer size but yes
Excellent!
you wrote that bot for tibia?!
simply awesome 🔥💥
amazing
Buffer overflow exploit
Why the thumbnail make them look evil?
I'm from Kenya can you teach me ethical hacking please
thanksforthehelp
❤❤
Sir need your help I want to scam back scamer
give him reminder to ON his ASLR
❤
you put 5 55% signs to shutdown a server
😎👍
👍👍!
Thank you!
Deved good
🎉👍🏻
I have answer . How to fix kali linux network problem it says ( network manager not running ) plss help me ❤
❤❤❤❤❤🎉
Rare wubbox
Third
Thank you for watching!
@@davidbombal UR MY FAV RUclipsR AND YOU COMMENTED FOR THE FIRST TIME😭😭😭
@@davidbombal I LOVE YOU
WiFi is not showing in parrot os ?? Any sol.
first
Thank you for your support!
i am first pin pls
I pin my comment to help people find the relevant information.
Hi @davidbombal what laptop do you have and where can I get one window 11
Also btw your videos are jam packed with education and the best ! And it’s a breeze to understand
Tried to replicate but gets is removed, only fgets works (nvm it still makes a vuln file, just a warning)
Excellent video! Thank you!