HackSim: An automation of penetration testing for remote buffer overflow vulnerabilities

O. Hoon Kwon, Seung Min Lee, Heejo Lee, Jong Kim, Sang Cheon Kim, Gun Woo Nam, Joong Gil Park

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Citations (Scopus)

Abstract

We propose an extensible exploit framework for automation of penetration testing (or pen-testing) without loss of safety and describe possible methods for sanitizing unreliable code in each part of the framework. The proposed framework plays a key role in implementing HackSim a pen-testing tool that remotely exploits known buffer-overflow vulnerabilities. Implementing our enhanced version of HackSim for Solaris and Windows systems, we show the advantages of our sanitized pen-testing tool in terms of safety compared with existing pen-testing tools and exploit frameworks. This work is stepping toward a systematic approach for substituting difficult parts of the labor-intensive pen-testing process.

Original languageEnglish
Title of host publicationLecture Notes in Computer Science
EditorsC. Kim
Pages652-661
Number of pages10
Volume3391
Publication statusPublished - 2005
EventInternational Conference on Information Networking, ICOIN 2005 - Jeju Island, Korea, Republic of
Duration: 2005 Jan 312005 Feb 2

Other

OtherInternational Conference on Information Networking, ICOIN 2005
CountryKorea, Republic of
CityJeju Island
Period05/1/3105/2/2

Fingerprint

Automation
Testing
Personnel

ASJC Scopus subject areas

  • Computer Science (miscellaneous)

Cite this

Kwon, O. H., Lee, S. M., Lee, H., Kim, J., Kim, S. C., Nam, G. W., & Park, J. G. (2005). HackSim: An automation of penetration testing for remote buffer overflow vulnerabilities. In C. Kim (Ed.), Lecture Notes in Computer Science (Vol. 3391, pp. 652-661)

HackSim : An automation of penetration testing for remote buffer overflow vulnerabilities. / Kwon, O. Hoon; Lee, Seung Min; Lee, Heejo; Kim, Jong; Kim, Sang Cheon; Nam, Gun Woo; Park, Joong Gil.

Lecture Notes in Computer Science. ed. / C. Kim. Vol. 3391 2005. p. 652-661.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Kwon, OH, Lee, SM, Lee, H, Kim, J, Kim, SC, Nam, GW & Park, JG 2005, HackSim: An automation of penetration testing for remote buffer overflow vulnerabilities. in C Kim (ed.), Lecture Notes in Computer Science. vol. 3391, pp. 652-661, International Conference on Information Networking, ICOIN 2005, Jeju Island, Korea, Republic of, 05/1/31.
Kwon OH, Lee SM, Lee H, Kim J, Kim SC, Nam GW et al. HackSim: An automation of penetration testing for remote buffer overflow vulnerabilities. In Kim C, editor, Lecture Notes in Computer Science. Vol. 3391. 2005. p. 652-661
Kwon, O. Hoon ; Lee, Seung Min ; Lee, Heejo ; Kim, Jong ; Kim, Sang Cheon ; Nam, Gun Woo ; Park, Joong Gil. / HackSim : An automation of penetration testing for remote buffer overflow vulnerabilities. Lecture Notes in Computer Science. editor / C. Kim. Vol. 3391 2005. pp. 652-661
@inproceedings{261aae04f03142d79d5254dc39d7d618,
title = "HackSim: An automation of penetration testing for remote buffer overflow vulnerabilities",
abstract = "We propose an extensible exploit framework for automation of penetration testing (or pen-testing) without loss of safety and describe possible methods for sanitizing unreliable code in each part of the framework. The proposed framework plays a key role in implementing HackSim a pen-testing tool that remotely exploits known buffer-overflow vulnerabilities. Implementing our enhanced version of HackSim for Solaris and Windows systems, we show the advantages of our sanitized pen-testing tool in terms of safety compared with existing pen-testing tools and exploit frameworks. This work is stepping toward a systematic approach for substituting difficult parts of the labor-intensive pen-testing process.",
author = "Kwon, {O. Hoon} and Lee, {Seung Min} and Heejo Lee and Jong Kim and Kim, {Sang Cheon} and Nam, {Gun Woo} and Park, {Joong Gil}",
year = "2005",
language = "English",
volume = "3391",
pages = "652--661",
editor = "C. Kim",
booktitle = "Lecture Notes in Computer Science",

}

TY - GEN

T1 - HackSim

T2 - An automation of penetration testing for remote buffer overflow vulnerabilities

AU - Kwon, O. Hoon

AU - Lee, Seung Min

AU - Lee, Heejo

AU - Kim, Jong

AU - Kim, Sang Cheon

AU - Nam, Gun Woo

AU - Park, Joong Gil

PY - 2005

Y1 - 2005

N2 - We propose an extensible exploit framework for automation of penetration testing (or pen-testing) without loss of safety and describe possible methods for sanitizing unreliable code in each part of the framework. The proposed framework plays a key role in implementing HackSim a pen-testing tool that remotely exploits known buffer-overflow vulnerabilities. Implementing our enhanced version of HackSim for Solaris and Windows systems, we show the advantages of our sanitized pen-testing tool in terms of safety compared with existing pen-testing tools and exploit frameworks. This work is stepping toward a systematic approach for substituting difficult parts of the labor-intensive pen-testing process.

AB - We propose an extensible exploit framework for automation of penetration testing (or pen-testing) without loss of safety and describe possible methods for sanitizing unreliable code in each part of the framework. The proposed framework plays a key role in implementing HackSim a pen-testing tool that remotely exploits known buffer-overflow vulnerabilities. Implementing our enhanced version of HackSim for Solaris and Windows systems, we show the advantages of our sanitized pen-testing tool in terms of safety compared with existing pen-testing tools and exploit frameworks. This work is stepping toward a systematic approach for substituting difficult parts of the labor-intensive pen-testing process.

UR - http://www.scopus.com/inward/record.url?scp=24144467795&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=24144467795&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:24144467795

VL - 3391

SP - 652

EP - 661

BT - Lecture Notes in Computer Science

A2 - Kim, C.

ER -