zoukankan      html  css  js  c++  java
  • bug hunting

    1. What is bug hunting? -- the process of finding bugs in software/hardware. security related bugs are called security vulnerablities, the programs that take advantage of them are called exploits.

    2. Why hunting security bugs? -- Mostly for profits.

    3. Techniques: static analysis and dynamic analysis

    static analysis -- examining source code or disassembly of a binary but don't execute it.

    dynamic analysis -- debugging the code while it is executing

    入手点: Identify where user-influenced input enter into the software

              Find potential vulnerable code locations (such as strcpy, strcat) and trace backward

              Fuzzing

    4. Goal: gain control of program counter (EIP), when you achieve control over EIP, you controls the execution of the software, and there are many ways to turn it into a fully working, weaponized exploits.

  • 相关阅读:
    UVA756
    SP30906
    SP32900
    CF940F
    洛谷P5030
    洛谷P5142
    洛谷P2569
    网络流 24 题做题记录
    矩阵
    二分图
  • 原文地址:https://www.cnblogs.com/littledot/p/3560947.html
Copyright © 2011-2022 走看看