HackSim: An automation of penetration testing for remote buffer overflow vulnerabilities

O. Hoon Kwon; Seung Min Lee; Heejo Lee; Jong Kim; Sang Cheon Kim; Gun Woo Nam; Joong Gil Park

doi:10.1007/978-3-540-30582-8_68

HackSim: An automation of penetration testing for remote buffer overflow vulnerabilities

O. Hoon Kwon, Seung Min Lee, Heejo Lee, Jong Kim, Sang Cheon Kim, Gun Woo Nam, Joong Gil Park

Research output: Contribution to journal › Conference article › peer-review

3 Citations (Scopus)

Abstract

We propose an extensible exploit framework for automation of penetration testing (or pen-testing) without loss of safety and describe possible methods for sanitizing unreliable code in each part of the framework. The proposed framework plays a key role in implementing HackSim a pen-testing tool that remotely exploits known buffer-overflow vulnerabilities. Implementing our enhanced version of HackSim for Solaris and Windows systems, we show the advantages of our sanitized pen-testing tool in terms of safety compared with existing pen-testing tools and exploit frameworks. This work is stepping toward a systematic approach for substituting difficult parts of the labor-intensive pen-testing process.

Original language	English
Pages (from-to)	652-661
Number of pages	10
Journal	Lecture Notes in Computer Science
Volume	3391
DOIs	https://doi.org/10.1007/978-3-540-30582-8_68
Publication status	Published - 2005
Event	International Conference on Information Networking, ICOIN 2005 - Jeju Island, Korea, Republic of Duration: 2005 Jan 31 → 2005 Feb 2

ASJC Scopus subject areas

Theoretical Computer Science
Computer Science(all)

Access to Document

10.1007/978-3-540-30582-8_68

Cite this

@article{261aae04f03142d79d5254dc39d7d618,

title = "HackSim: An automation of penetration testing for remote buffer overflow vulnerabilities",

abstract = "We propose an extensible exploit framework for automation of penetration testing (or pen-testing) without loss of safety and describe possible methods for sanitizing unreliable code in each part of the framework. The proposed framework plays a key role in implementing HackSim a pen-testing tool that remotely exploits known buffer-overflow vulnerabilities. Implementing our enhanced version of HackSim for Solaris and Windows systems, we show the advantages of our sanitized pen-testing tool in terms of safety compared with existing pen-testing tools and exploit frameworks. This work is stepping toward a systematic approach for substituting difficult parts of the labor-intensive pen-testing process.",

author = "Kwon, {O. Hoon} and Lee, {Seung Min} and Heejo Lee and Jong Kim and Kim, {Sang Cheon} and Nam, {Gun Woo} and Park, {Joong Gil}",

year = "2005",

doi = "10.1007/978-3-540-30582-8_68",

language = "English",

volume = "3391",

pages = "652--661",

journal = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

issn = "0302-9743",

publisher = "Springer Verlag",

note = "International Conference on Information Networking, ICOIN 2005 ; Conference date: 31-01-2005 Through 02-02-2005",

}

TY - JOUR

T1 - HackSim

T2 - International Conference on Information Networking, ICOIN 2005

AU - Kwon, O. Hoon

AU - Lee, Seung Min

AU - Lee, Heejo

AU - Kim, Jong

AU - Kim, Sang Cheon

AU - Nam, Gun Woo

AU - Park, Joong Gil

PY - 2005

Y1 - 2005

N2 - We propose an extensible exploit framework for automation of penetration testing (or pen-testing) without loss of safety and describe possible methods for sanitizing unreliable code in each part of the framework. The proposed framework plays a key role in implementing HackSim a pen-testing tool that remotely exploits known buffer-overflow vulnerabilities. Implementing our enhanced version of HackSim for Solaris and Windows systems, we show the advantages of our sanitized pen-testing tool in terms of safety compared with existing pen-testing tools and exploit frameworks. This work is stepping toward a systematic approach for substituting difficult parts of the labor-intensive pen-testing process.

AB - We propose an extensible exploit framework for automation of penetration testing (or pen-testing) without loss of safety and describe possible methods for sanitizing unreliable code in each part of the framework. The proposed framework plays a key role in implementing HackSim a pen-testing tool that remotely exploits known buffer-overflow vulnerabilities. Implementing our enhanced version of HackSim for Solaris and Windows systems, we show the advantages of our sanitized pen-testing tool in terms of safety compared with existing pen-testing tools and exploit frameworks. This work is stepping toward a systematic approach for substituting difficult parts of the labor-intensive pen-testing process.

UR - http://www.scopus.com/inward/record.url?scp=24144467795&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=24144467795&partnerID=8YFLogxK

U2 - 10.1007/978-3-540-30582-8_68

DO - 10.1007/978-3-540-30582-8_68

M3 - Conference article

AN - SCOPUS:24144467795

SN - 0302-9743

VL - 3391

SP - 652

EP - 661

JO - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

JF - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Y2 - 31 January 2005 through 2 February 2005

ER -

HackSim: An automation of penetration testing for remote buffer overflow vulnerabilities

Abstract

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this