Hijacking &Injection

Terms and concepts you should know

Paul Krzyzanowski

March 11, 2024

  • Session hijacking
  • Program hijacking
  • Code injection
  • Unchecked assumptions
  • Buffer overflow
  • gets problem (and strcpy, strcat, etc.)
  • Black box testing
  • Stack smashing
  • Stack pointer
  • Frame pointer
  • Safe functions
  • Benign overflow
  • Malicious overflow
  • NOP slide, landing zone
  • Off-by-one error
  • What does %n do in printf?
  • Heap overflows
  • Fuzzing
  • Acceptance criteria
  • Data Execution Prevention (DEP)
  • No execute (NX) permission
  • Return-to-libc
  • Return Oriented Programming (ROP)
  • Gadget
  • Address Space Layout Randomization (ASLR)
  • Entropy
  • Stack Canary
  • Shadow stack
Last modified March 20, 2024.
recycled pixels