WhiteHat and the Exploit Factory

Dynamically Loaded Libraries (DLL) are used in almost any project, because of their unique properties: modularity, ease to support, updatability. Unfortunately, this can be easily exploited and all it takes is for the attacker to simply replace the original DLL file with the malicious one (especially if project is no longer being maintained and does not have hashing to verify that the valid DLL is being loaded). Moreover attacker can load their DLL into a remote process (usually done to stay hidden, since after DLL is injected you can run malicious code "from within" a target process). To make is easier to visualize, here is a small diagram: For example, we have a program that displays number of seconds passed since it started (not to over complicate things): An attacker can create a malicious DLL that logs pressed keys, but in this case it simply displays a message box: And attacker also has an injector that will load their DLL into the target process: The way an...

Buffer overflow is a vulnerability, which is usually caused by uncareful handling of user input, but it does not end there. Most of the time it happens when data is being copied into a buffer, which does not have enough space and as a result part of the process memory is being overwritten. It might seem as not that big of a deal at first, but it should not be underestimated. Here is a very basic example of a variable overflow: In this example we are continuously adding 10 to a variable. It may seem like this code will never exit the while statement, because we can keep adding 10 to a variable forever, but that's not quite how it works in programming languages. The thing is that every variable type has some amount of memory allocated to store it's value, thus creating a limit. In this case I created an Integer, which only can store values that can be represented in 4 bytes of space (approximately from -2 billion to +2 billion). When we reach the maximum positive value and ...