HackSim: An automation of penetration testing for remote buffer overflow vulnerabilities

O. Hoon Kwon, Seung Min Lee, Heejo Lee, Jong Kim, Sang Cheon Kim, Gun Woo Nam, Joong Gil Park

    Research output: Contribution to journalConference articlepeer-review

    3 Citations (Scopus)

    Abstract

    We propose an extensible exploit framework for automation of penetration testing (or pen-testing) without loss of safety and describe possible methods for sanitizing unreliable code in each part of the framework. The proposed framework plays a key role in implementing HackSim a pen-testing tool that remotely exploits known buffer-overflow vulnerabilities. Implementing our enhanced version of HackSim for Solaris and Windows systems, we show the advantages of our sanitized pen-testing tool in terms of safety compared with existing pen-testing tools and exploit frameworks. This work is stepping toward a systematic approach for substituting difficult parts of the labor-intensive pen-testing process.

    Original languageEnglish
    Pages (from-to)652-661
    Number of pages10
    JournalLecture Notes in Computer Science
    Volume3391
    DOIs
    Publication statusPublished - 2005
    EventInternational Conference on Information Networking, ICOIN 2005 - Jeju Island, Korea, Republic of
    Duration: 2005 Jan 312005 Feb 2

    ASJC Scopus subject areas

    • Theoretical Computer Science
    • Computer Science(all)

    Fingerprint

    Dive into the research topics of 'HackSim: An automation of penetration testing for remote buffer overflow vulnerabilities'. Together they form a unique fingerprint.

    Cite this