HackSim: An automation of penetration testing for remote buffer overflow vulnerabilities

O. Hoon Kwon, Seung Min Lee, Heejo Lee, Jong Kim, Sang Cheon Kim, Gun Woo Nam, Joong Gil Park

Research output: Contribution to journalConference article

3 Citations (Scopus)

Abstract

We propose an extensible exploit framework for automation of penetration testing (or pen-testing) without loss of safety and describe possible methods for sanitizing unreliable code in each part of the framework. The proposed framework plays a key role in implementing HackSim a pen-testing tool that remotely exploits known buffer-overflow vulnerabilities. Implementing our enhanced version of HackSim for Solaris and Windows systems, we show the advantages of our sanitized pen-testing tool in terms of safety compared with existing pen-testing tools and exploit frameworks. This work is stepping toward a systematic approach for substituting difficult parts of the labor-intensive pen-testing process.

Original languageEnglish
Pages (from-to)652-661
Number of pages10
JournalLecture Notes in Computer Science
Volume3391
DOIs
Publication statusPublished - 2005
EventInternational Conference on Information Networking, ICOIN 2005 - Jeju Island, Korea, Republic of
Duration: 2005 Jan 312005 Feb 2

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Fingerprint Dive into the research topics of 'HackSim: An automation of penetration testing for remote buffer overflow vulnerabilities'. Together they form a unique fingerprint.

  • Cite this