HackSim: An automation of penetration testing for remote buffer overflow vulnerabilities

O. Hoon Kwon, Seung Min Lee, Heejo Lee, Jong Kim, Sang Cheon Kim, Gun Woo Nam, Joong Gil Park

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Citations (Scopus)

Abstract

We propose an extensible exploit framework for automation of penetration testing (or pen-testing) without loss of safety and describe possible methods for sanitizing unreliable code in each part of the framework. The proposed framework plays a key role in implementing HackSim a pen-testing tool that remotely exploits known buffer-overflow vulnerabilities. Implementing our enhanced version of HackSim for Solaris and Windows systems, we show the advantages of our sanitized pen-testing tool in terms of safety compared with existing pen-testing tools and exploit frameworks. This work is stepping toward a systematic approach for substituting difficult parts of the labor-intensive pen-testing process.

Original languageEnglish
Title of host publicationLecture Notes in Computer Science
EditorsC. Kim
Pages652-661
Number of pages10
Volume3391
Publication statusPublished - 2005
EventInternational Conference on Information Networking, ICOIN 2005 - Jeju Island, Korea, Republic of
Duration: 2005 Jan 312005 Feb 2

Other

OtherInternational Conference on Information Networking, ICOIN 2005
CountryKorea, Republic of
CityJeju Island
Period05/1/3105/2/2

    Fingerprint

ASJC Scopus subject areas

  • Computer Science (miscellaneous)

Cite this

Kwon, O. H., Lee, S. M., Lee, H., Kim, J., Kim, S. C., Nam, G. W., & Park, J. G. (2005). HackSim: An automation of penetration testing for remote buffer overflow vulnerabilities. In C. Kim (Ed.), Lecture Notes in Computer Science (Vol. 3391, pp. 652-661)