The Impact of Recent Cyber Attacks on Popular Platforms
Words like “privacy” and “confidentiality” and “cyber-security” are thrown around frequently in discussions of technology, but many people consider these issues more idealistic than essential. It may be widely accepted that confidentiality is better than no confidentiality, but few people would go out of their way to protect their information at the cost of convenience or practicality. The question becomes whether or not most of these people who give away their private information haphazardly realize the danger and ignore it, or are ignorant of the severity of the ramifications altogether. Unfortunately, some of those people will probably learn of the severe ramifications first hand- and there’s a significant chance that will happen when their fiscal situation takes a hit because of a financial cyber attack.
HowTo: Writing into process memory with GDB.
Use this .gdbinit. Make sure you save it as your ~/.gdbinit file in $HOME. This adds functionality: you can see the stack, data, registers and code and how they change on each cmd entered into gdb. For best results use 80x24 sized windows (It acts like a motion picture in that size.)
HowTo: Turn off Linux Security Mechanisms
You are probably going to want to do this to make your initial exploit examples easier to work with and understand.
HowTo: Using MSF to Make Linux Shellcode
Here’s a quick one liner to make linux shell code that runs “exec /bin/bash”. The last argument of c to msfencode generates the c.
Rationality & Privacy: How People Make Decisions About Confidentiality
“In everything one thing is impossible: rationality.” –Friedrich Nietzsche
The GNU Compiler Collection has a FORTIFY_SOURCE option that does automatic bounds checking of dangerous functions to prevent simple buffer overflows. The FORTIFY_SOURCE code will do static and dynamic checks on buffer sizes to prevent these buffer overflows.
OWASP VicNum Project
Vicnum is a training game put out by OWASP. If you play the game the first page will ask you for your name. Enter anything then hit continue. I typed ‘Name’. You should be at this URL now:
Simple Intro to Interposition in C
This is a toy program that we want to monkeypatch. It really doesn’t do anything except call socket().