From the course: Threat Modeling: Denial of Service and Elevation of Privilege

Unlock the full course today

Join today to access over 22,400 courses taught by industry experts or purchase this course individually.

Input corrupts

Input corrupts

- [Instructor] Attacks require feeding input to the target. Being able to send something that the defender didn't plan for is a necessary step in convincing the defender to do the wrong thing. Sometimes defenders do the wrong thing of their own volition, like allowing sign channels, but setting that aside attacker input, like all input, is parsed. When it's parsed, the parser can be confused in a couple of ways. Problems with length, token separation, and encoding decoding. The parser can make an assumption about length. This was the mistake exploited by the classic C Stack smashing attack and it's integral to de-serialization attacks, which expect that the next instruction lands on a certain boundary. The parser can find a token separator and break input into different tokens than you expect. This happens, for example, when the attacker includes a semi-colon in something parsed by the shell. A parser can insert…

Contents