Hijacking &Injection

Terms and concepts you should know

Paul Krzyzanowski

March 11, 2024

  • Session hijacking
  • Program hijacking
  • Code injection
  • Unchecked assumptions
  • Buffer overflow
  • gets problem (and strcpy, strcat, etc.)
  • Black box testing
  • Stack smashing
  • Stack pointer
  • Frame pointer
  • Safe functions
  • Benign overflow
  • Malicious overflow
  • NOP slide, landing zone
  • Off-by-one error
  • What does %n do in printf?
  • Heap overflows
  • Fuzzing
  • Acceptance criteria
  • Data Execution Prevention (DEP)
  • No execute (NX) permission
  • Return-to-libc
  • Return Oriented Programming (ROP)
  • Gadget
  • Address Space Layout Randomization (ASLR)
  • Entropy
  • Stack Canary
  • Shadow stack
Last modified May 28, 2024.

© Paul Krzyzanowski. All rights reserved.

For questions or comments about this site, contact Paul Krzyzanowski, gro.kp@ofnibew

recycled pixels

The entire contents of this site are protected by copyright under national and international law. No part of this site may be copied, reproduced, stored in a retrieval system, or transmitted, in any form, or by any means whether electronic, mechanical or otherwise without the prior written consent of the copyright holder. If there is something on this page that you want to use, please let me know. Any opinions expressed on this page do not necessarily reflect the opinions of my employers and may not even reflect my own.

Page design derived from: HTML5 UP.