Buffer overflow exploit writing tutorial

wat0114, I completely agree with your point of view and perspective. I was just making some points. I've said it before and I'll say it again. With reasonable computer common sense and experience, you probably don't need any software security at all.

I think in particular (without being specific to these people), wat0114, Sully, ssj100, Ruhe etc, are the people who least need software security. The people who need it most are probably the ones who only run an Antivirus and are click happy and have not much computer common sense and experience.

Regardless, for people like us (wat0114, Sully etc) where do we draw the line? Where do we say: "I have complete peace of mind".

Ultimately, this is merely a discussion. I try to be realistic, as you can see (hopefully). And this discussion has been very interesting.

For me, the year 2009 was one where I spent a long time testing out various security setups and approaches. I reached my current setup in late 2009 and haven't really changed it at all since then.

Buffer overflow attacks have always confused me - I never really understood what they are. Now I have a vague idea as to what they are and have actually manually tested a REAL attack first-hand. Pleasingly, my security/setup approach easily contained/blocked this particular attack. However, it did not PREVENT it from running (Comodo Memory Firewall would have done this).

So am I adding Comodo Memory Firewall to my security setup? No. Why not? Well, there are 3 reasons I can think of:
1. The likelihood of getting attacked by an exploit like this is very small (also, I tend to keep all my software up to date).
2. Even if I were to get attacked, my security setup/approach would easily mitigate/contain/block the attack in most cases.
3. If all else fails, I would simply load up a clean image.

Ultimately, this is merely a discussion. I try to be realistic, as you can see (hopefully). And this discussion has been very interesting.

Absolutely, I agree

Fair enough and my apologies if I come off appearing as a jerk. I just worry that some people get so caught up in these exploits, pocs and whatever else have you that they lose sight of reality, and that reality is what you've just stated about using common sense and a sound security approach without all the overkill of piling on all kinds of apps. I also tried to research what buffer overflow exploits were all about within the last year or so. I found the info to be rather heavy on the technical side, so my understanding of them is very limited. It seemed the common demoninator from what I could gather was that they can occur in poorly or sloppily written code. I guess the app crashes because of an area of memory that was overflowed and then this can allow the remote hacker to possibly take complete or partial control of the machine. Still, far too technical for me For interest sake last year I did some limited testing (maybe 20 samples) of malware from a site Wilder's member Franklin refered me to. It was done in my vm so some of it was vm-aware and simply did not run, and some did so it was neat to see what it could do, such as attempt to connect to places far away like Turkey or China, but after a while I found it boring because I knew it could all be prevented anyway. Fun while it lasted but the entertainment value quickly wore thin. IOW, I have some interest in all this now and again, but in the end I find myself running out of steam shortly after I get started. In a way it's too bad because it could be valuable knowledge, but I doubt it because I see it as a non-factor because of my common sense, awareness and security approach. For you running your own security forum, this interest you have in seeking knowledge about these exploits will be of tremendous valuae to you and to those who visit here looking for answers

Thanks wat0114. By the way, you didn't come off appearing as a jerk at all. May I remind you:

"ssj100 Security Forums

Where freedom of speech meets computer security!"

But yes, I find it interesting how people pile on layers and layers of real-time security and accept more and more slow-downs/conflicts etc. I also find it interesting how so many people are happy to pay annual fees to keep using various third party security software.

ssj100 wrote:I also find it interesting how so many people are happy to pay annual fees to keep using various third party security software.

When I use Avira I install the 'Avira Premium Security Suite' (ok, just the three components Guard + AntiRootkit + AntiVirProActiv, nothing else) but use it for free - since more than 1,5 years with official promotion keys by Avira