YoVDO

Exploits with Scratch

Offered By: 44CON Information Security Conference via YouTube

Tags

44CON Courses Cybersecurity Courses TCP/IP Courses Exploit Development Courses Scratch Programming Courses Fuzzing Courses

Course Description

Overview

Explore the unconventional use of Scratch programming language for network exploitation in this 52-minute conference talk from 44CON 2018. Discover how Kev Sheldrake leverages experimental HTTP extensions in Scratch v2 to implement TCP/IP functions, enabling fuzzing and exploitation of vulnerable network services. Learn about the process of creating custom blocks linked to Python functions, overcoming sandbox limitations, and developing proof-of-concept exploits for various vulnerabilities. Gain insights into the intricacies of the Scratch extension API, its limitations, and how to combine simple concepts to create functional exploits. Witness live demonstrations of exploiting stack smash and format string vulnerabilities in echo servers, and understand how this approach can make exploit development accessible to those with basic Scratch programming skills.

Syllabus

Intro
What is Scratch
Variables
Robot Arms
Python Script
Block Definition
Demo
Socket functions
Scratch sockets
Exploit lab
Live demo
Stack smash
Reconnecting
Sending pattern buffer
Writing down location
Finding jump ESP instruction
Exploit code
Slides
Why bother
How long
Lego
Questions


Taught by

44CON Information Security Conference

Related Courses

Computer Security
Stanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network