Performing and Detecting NOP Sled Exploitation against the NetBIOS Service in Windows Systems

Computer security has always been affected by tools for network scanning and vulnerability exploitation. These tools can be used to gain unauthorized access to system resources in orderto scale privileges and obtain private information. Additionally, exploitation tools usually relies on buffer overflow vulnerabilities to craft dangerous and effective attacks, bypassing securitycontrols and protection devices like firewalls, antivirus software, among others. In this article, we use Nmap and Metasploit to scan vulnerable network services and exploit them in order to see theimpacts of an attack when it is used to gain privileges. Later, Snort is used to detect an attack based on NOP Sled buffer overflows in order to analyse its operation when corrupting TCP headers.