A company wants to confirm sufficient executable space protection is in place for scenarios in which malware may be attempting buffer overflow attacks. Which of the following should the security engineer check?
A. NX/XN
B. ASLR
C. strcpy
D. ECC
How to PASS CAS-004 in First Attempt?FULL Printable PDF and Software. VALID exam to help you PASS. |
 |
A and B are both valid. Both have ways of getting bypassed as well. ASLR however, is much more difficult to bypass than NX with only a few shotty ways that have to rely on luck and guessing sometimes in order to bypass. With NX, it can almost always be bypassed if you know how to do ROP chaining effectively.
NX/XN Bit Use
This can go either way I feel, but I am going to go with B in this case. The NX/XN bit is more a hardware related thing and they didn’t mention hardware. So I would assume the company wants to verify on the system itself there are protections in place to protect these attempts.
Feedback welcomed!
Good one! Out of this I get that a security engineer would check A and a developer would check B
ASLR it is, valid points, also:
Sybex CAS-003 Book Reference:
Address space layout randomization (ASLR) is a technique designed to protect against buffer overflow attacks, initially implemented in 2003. Presently, all major operating systems—server, desktop, and mobile—incorporate ASLR.
How does ASLR work? In a buffer overflow attack, an attacker needs to know the location in the code where a given function accepts input. The attacker will feed just the right amount of garbage to that code location, including a malicious payload. Ideally, the attacker also includes an instruction to go to another point in the code and the malicious payload and instruction will run with the privileges of the application.