Binary hardening is a web security technique for analyzing or manipulating binary files to protect against exploits. Binary planting continues to persist as one of the most crippling types of attacks on applications. Even though its prevalence has declined, it has the potential to expose an entire infrastructure. There are a few different methods of binary hardening, each targeted at a different type of binary planting.
Binary planting commonly utilizes insecure access permissions. Suppose you install an application named MyApp on a system with multiple users. When prompted, the application installer creates a root directory and installs the application in C:MyApp. However in this instance, the installer failed to limit write access, allowing non-privileged users to access the directory.
Now a user with bad intent inserts a malicious binary file into C:MyApp. When you go to launch MyApp next, the application loads and executes the malicious file. The attack causes a buffer overflow and overwrites adjacent memory locations.
This problem can be avoided by utilizing buffer overflow protection. Using canary values with a compiler-enforced protection scheme, a type of “early warning system” is produced that disallows a buffer overflow. With this application protection in place, the system is safe from memory exploits corrupting data.
Binary planting continues to persist as one of the most dangerous attack types. These attacks can modify software native to the operating system, and even the operating system itself.
In 2010, there was a massive influx in binary planting, largely due to third party application DLL files. That same year Acros (whose parent company is Thermo Fisher Scientific) conducted a study concluding that there were over 500 exploitable bugs in around 200 commonly-used Windows applications. While new security updates in Windows 10 have largely corrected this misstep, binary hardening remains a crucial step in protecting an application and overall system.
