The Principle of Exploits

The Principle of Exploits

The principle of exploits enumerates a form of attack that is executed based on an existing vulnerability. The principle sets a code focused on doing something the developers did not initially intend. The first part relating to implementing the principle of exploits is to compromise the machine as an avenue for unauthorized access (Fu & Shi, 2012). Buffer overflow is an example of an attack that introduces a Kernel crash on the operating system of a PC. Once the application crashes, the attack proceeds by inserting malicious data in the memory buffer where the application was running (Fu & Shi, 2012). After this, the exploit would strive to jump into a more privileged place in memory, a process often called “jumping the stack.”

Understanding that buffer overflow is an example of the many types of exploits that hackers can execute is pertinent. In this regard, an exploit refers to the means through which an attacker acquires unauthorized access to a vulnerable system within the organization’s premises. While they are difficult to discern within a system that appears to run normally, vulnerabilities often exist anywhere, ranging from applications and operating systems to hardware and even human labor (Fu & Shi, 2012). In this regard, the major objective of the exploit undertaken by the attacker is to cause unintended behavior within the application for certain codes to be executed freely. One of the common types of code that are delivered after the exploit by many attackers is identified as the shellcode (Fu & Shi, 2012).

The shellcode is often written in assembly language and encompasses coded instructions that can instruct a machine on what to do at certain points of execution. In this regard, once a vulnerable system has been successfully exploited through the buffer overflow attack, the shellcode is installed within the machine at the vulnerable area to provide the PC with instructions on what should be done (Singh et al., 2019). Two parts of the code should run for an exploit to be successful. In the case of the Log4j exploit, the first part is the JNDI remote execution, and the second part is the PowerShell command that often instructs the PC to download this malicious file from the text bin.net (Singh et al., 2019). However, in more advanced exploits, the process is increasingly complex. This is because the hackers are required to jump the stack techniques to use pointers to redirect the code to areas they would enjoy more privilege of not being easily recognized.

Various measures can be adopted to avoid buffer-overflow attacks. The first measure is to avoid risky library files. Many files used in programming languages often contain insecure components that may be attractive targets for hackers (Zhou et al., 2019). Since any weakness within the library file will also be exhibited within the applications, organizations should avoid using library functions that are not bounds-checked (Zhou et al., 2019). Secondly, validation of input goes a long way in preventing buffer overflow attacks. Validating applications received ensures that the data is only accepted into the system if it meets certain thresholds of what is expected.

Good programming language selection goes a long way in preventing these forms of attacks. Some programming languages like C and C++ are prone to buffer overflows because they lack built-in protection against them. Therefore, organizations should consider using other programming languages like Java, JavaScript, Perl, Python, and C# because they have built-in protections against buffer overflow coding errors (Singh et al., 2019). Also, executable space protection offers sufficient protection by marking memory areas as either executable or non-executable, preventing attackers from running the buffer overflow code in some areas of the PC’s memory (Singh et al., 2019). Lastly, testing application pre-deployment ensures that any existing vulnerabilities are addressed to prevent hackers from exploiting them.

References

Fu, D., & Shi, F. (2012, November). Buffer overflow exploits and defensive techniques. In 2012 Fourth International Conference on Multimedia Information Networking and Security (pp. 87–90). IEEE.

Singh, C., Satish, S., Mitra, J., & Shukla, S. (2019). Buffer Overflow Attack and Prevention for an FPGA-Based Soft-Processor System. In Innovations in Electronics and Communication Engineering (pp. 409-415). Springer, Singapore.

Zhou, H., Kang, K., & Yuan, J. (2019, December). Hardtack: Prevent Stack Buffer Overflow Attack with LBR. In 2019 International Conference on Intelligent Computing, Automation and Systems (ICICAS) (pp. 888-892). IEEE.

ORDER A PLAGIARISM-FREE PAPER HERE

We’ll write everything from scratch

The key to this assignment is to demonstrate your understanding of the topics, not to re-word the text or reference material. Please see Appendix A for the grading rubric on all written assignments.

The Principle of Exploits

Please complete the scenario below following these guidelines for your deliverable.

Your assignment must be at least 1 double-spaced, plus a title page and a reference page for 3 pages.
Make sure you are using at least two (2) academic references.
This submission should be created following APA 6th edition guidelines.
The paper is to follow the APA style guide, Sixth Edition (available via bookstores).
Also, refer to APA’s online resources and the APUS website
Submit your assignment as an MS Word attachment.
You must run your paper through Turnitin.com, ensure that your similarity index is sufficiently low, and submit an originality report with your paper.

Scenario:

Research and discuss the principle of exploits based on buffer overflow attacks.

How can buffer overflow attacks be avoided?

Instructions: Book URL: https://online.vitalsource.com/reader/books/9781284107753/epubcfi/6/26[%3Bvnd.vst.idref%3Dch13]!/4/2/2/4/2/2/1:18[sk%20%2CMan]