What does a vulnerability using signed integer overflow look like? Or a stack buffer overflow? How does code like this look and how can we change the way we program to reduce our risk? The first half of this talk will show examples of many different vulnerabilities and describe how these are combined to make the first steps of an exploit. Then we will discuss what kind of programming practices we can employ to reduce the chances of these kinds of bugs creeping into our code.
We keep on thinking we are living in the future, but native exploitation has a rich history, and many times the vulnerabilities and exploitation techniques are decades old. We'll look at some of these, how they have surfaced in recent years and how prepared we are today, armed with modern tooling, to find and fix "classic" vulnerabilities.
Learn to manipulate strings in R using the built in R functions. This tutorial is part of the Working With Data module of the R Programming Course offered by r-squared.
This document contains some programs of C using Data structures, like Stack, LinkedList, queue, Fibonacci series, addition and multiplication of two matrices,etc.
We keep on thinking we are living in the future, but native exploitation has a rich history, and many times the vulnerabilities and exploitation techniques are decades old. We'll look at some of these, how they have surfaced in recent years and how prepared we are today, armed with modern tooling, to find and fix "classic" vulnerabilities.
Learn to manipulate strings in R using the built in R functions. This tutorial is part of the Working With Data module of the R Programming Course offered by r-squared.
This document contains some programs of C using Data structures, like Stack, LinkedList, queue, Fibonacci series, addition and multiplication of two matrices,etc.
Constructors, Destructors, call in parameterized Constructor, Multiple constructor in a class, Explicit/implicit call, Copy constructor, Dynamic Constructors and call in parameterized Constructor
Why functional programming and category theory strongly mattersPiotr Paradziński
Abstractions of Category Theory to define abstractions (Functor, Applicative, Monad, Comonad, Coyoneda) commonly used in functional programming (FP). Using definitions from Category Theory to reason about modular and composable design. Examples based on Haskell papers: Functional pearls translated to Scala.
Let us C (by yashvant Kanetkar) chapter 3 SolutionHazrat Bilal
All rights reserved. No part of this slide
may be reproduced, stored in a retrieval
system, or transmitted, in any form or by
any means, without the prior permission.
Programming is hard. Programming correct C and C++ is particularly hard. Indeed, both in C and certainly in C++, it is uncommon to see a screenful containing only well defined and conforming code.Why do professional programmers write code like this? Because most programmers do not have a deep understanding of the language they are using.While they sometimes know that certain things are undefined or unspecified, they often do not know why it is so. In these slides we will study small code snippets in C and C++, and use them to discuss the fundamental building blocks, limitations and underlying design philosophies of these wonderful but dangerous programming languages.
This content has a CC license. Feel free to use it for whatever you want. You may download the original PDF file from: http://www.pvv.org/~oma/DeepC_slides_oct2012.pdf
let us c(by yashwantkanetkar) solution chapter 4 solution 5th edition
Note:- I am not an expert. I am Engineering student. So my answer may have error or mistake
Hotel Management Presentation by Aryan Singh DhimanAryanSinghDhiman
This Presentation was made for class 12 computer science Hotel Management Project....
For further information or any query related about this project mail at- mr.aryan.01@outlook.com
Let's turn the table. Suppose your goal is to deliberately create buggy programs in C and C++ with serious security vulnerabilities that can be "easily" exploited. Then you need to know about things like stack smashing, shellcode, arc injection, return-oriented programming. You also need to know about annoying protection mechanisms such as address space layout randomization, stack canaries, data execution prevention, and more. These slides will teach you the basics of how to deliberately write insecure programs in C and C++.
A PDF version of the slides can be downloaded from my homepage: http://olvemaudal.com/talks
Here is a video recording of me presenting these slides at NDC 2014: http://vimeo.com/channels/ndc2014/97505677
Enjoy!
printf("%s from %c to Z, in %d minutes!\n", "printf", 'A', 45);Joel Porquet
Guest-lecture given at UC Davis during my interview day in May of 2018.
Description: Using the printf() function is one of the very first steps every beginner learns when taking a programming class. It is also one of the most ubiquitous functions in software programs, across the many languages that define it. But how many programmers actually know how this common function works behind the scenes?
During this lecture, I will trace a brief history of printf(), delve into the nuts of bolts of a simple implementation through interactive coding, and branch out into interesting facts related to this function.
Secure Programming Practices in C++ (NDC Oslo 2018)Patricia Aas
Bjarne Stroustrup, the creator of C++, once said : “C makes it easy to shoot yourself in the foot; C++ makes it harder, but when you do it blows your whole leg off.” He has also said : “Within C++, there is a much smaller and cleaner language struggling to get out.” Both are true.
This talk is for programmers wishing to feel more comfortable navigating the C++ landscape. Motivated by going through well known vulnerability patterns that have been used in exploits for decades, we will explore the programming culture that has developed around the C++ language. Specifically, we will look at programming patterns that navigate around or through some of the dangerous parts of the C++ language. The goal is to build a set of programming practices based in the “smaller and cleaner language” inside C++. And by doing so, we will also build an awareness around code constructs that can potentially “blow your whole leg off”.
Constructors, Destructors, call in parameterized Constructor, Multiple constructor in a class, Explicit/implicit call, Copy constructor, Dynamic Constructors and call in parameterized Constructor
Why functional programming and category theory strongly mattersPiotr Paradziński
Abstractions of Category Theory to define abstractions (Functor, Applicative, Monad, Comonad, Coyoneda) commonly used in functional programming (FP). Using definitions from Category Theory to reason about modular and composable design. Examples based on Haskell papers: Functional pearls translated to Scala.
Let us C (by yashvant Kanetkar) chapter 3 SolutionHazrat Bilal
All rights reserved. No part of this slide
may be reproduced, stored in a retrieval
system, or transmitted, in any form or by
any means, without the prior permission.
Programming is hard. Programming correct C and C++ is particularly hard. Indeed, both in C and certainly in C++, it is uncommon to see a screenful containing only well defined and conforming code.Why do professional programmers write code like this? Because most programmers do not have a deep understanding of the language they are using.While they sometimes know that certain things are undefined or unspecified, they often do not know why it is so. In these slides we will study small code snippets in C and C++, and use them to discuss the fundamental building blocks, limitations and underlying design philosophies of these wonderful but dangerous programming languages.
This content has a CC license. Feel free to use it for whatever you want. You may download the original PDF file from: http://www.pvv.org/~oma/DeepC_slides_oct2012.pdf
let us c(by yashwantkanetkar) solution chapter 4 solution 5th edition
Note:- I am not an expert. I am Engineering student. So my answer may have error or mistake
Hotel Management Presentation by Aryan Singh DhimanAryanSinghDhiman
This Presentation was made for class 12 computer science Hotel Management Project....
For further information or any query related about this project mail at- mr.aryan.01@outlook.com
Let's turn the table. Suppose your goal is to deliberately create buggy programs in C and C++ with serious security vulnerabilities that can be "easily" exploited. Then you need to know about things like stack smashing, shellcode, arc injection, return-oriented programming. You also need to know about annoying protection mechanisms such as address space layout randomization, stack canaries, data execution prevention, and more. These slides will teach you the basics of how to deliberately write insecure programs in C and C++.
A PDF version of the slides can be downloaded from my homepage: http://olvemaudal.com/talks
Here is a video recording of me presenting these slides at NDC 2014: http://vimeo.com/channels/ndc2014/97505677
Enjoy!
printf("%s from %c to Z, in %d minutes!\n", "printf", 'A', 45);Joel Porquet
Guest-lecture given at UC Davis during my interview day in May of 2018.
Description: Using the printf() function is one of the very first steps every beginner learns when taking a programming class. It is also one of the most ubiquitous functions in software programs, across the many languages that define it. But how many programmers actually know how this common function works behind the scenes?
During this lecture, I will trace a brief history of printf(), delve into the nuts of bolts of a simple implementation through interactive coding, and branch out into interesting facts related to this function.
Secure Programming Practices in C++ (NDC Oslo 2018)Patricia Aas
Bjarne Stroustrup, the creator of C++, once said : “C makes it easy to shoot yourself in the foot; C++ makes it harder, but when you do it blows your whole leg off.” He has also said : “Within C++, there is a much smaller and cleaner language struggling to get out.” Both are true.
This talk is for programmers wishing to feel more comfortable navigating the C++ landscape. Motivated by going through well known vulnerability patterns that have been used in exploits for decades, we will explore the programming culture that has developed around the C++ language. Specifically, we will look at programming patterns that navigate around or through some of the dangerous parts of the C++ language. The goal is to build a set of programming practices based in the “smaller and cleaner language” inside C++. And by doing so, we will also build an awareness around code constructs that can potentially “blow your whole leg off”.
Upping the APT hunting game: learn the best YARA practices from KasperskyKaspersky
Have you ever wondered how Kaspersky discovered some of the world’s most famous APT attacks? Now, the answer is within your reach. Costin Raiu, director of Kaspersky’s Global Research and Analysis Team (GReAT), will be sharing best practices on the use of YARA, an essential tool for APT hunters that can assist with the discovery of new malware samples, exploits and zero-days, speed up incident response, and increase your defenses by deploying custom rules inside your organization.
If you ever wanted to master YARA and achieve a new level of knowledge in APT detection, mitigation and response, now is your chance.
This brief webinar is based on Kaspersky’s exclusive training on YARA rules, which has already helped improve the APT detection strategies of many cybersecurity teams from leading businesses across the world. During the webinar, you will learn how to write test and improve effective YARA rules. You will also get a glimpse of some of our internal tools and learn how to maximize your knowledge for building effective APT detection strategies with YARA.
This practical webinar is useful for security researchers and incident response personnel, malware analysts, security engineers, network security analysts, APT researchers and IT security staff. The content is suitable for both beginners and seasoned YARA users. The full webinar can be seen: https://kas.pr/92tr
Secure Programming Practices in C++ (NDC Security 2018)Patricia Aas
This talk is for programmers wishing to feel more comfortable navigating the C++ landscape. We will explore the programming culture that has developed around the C++ language. Specifically, we will look at programming patterns that navigate around or through some of the dangerous parts of the C++ language. The goal is to build a set of programming practices based in the “smaller and cleaner language” inside C++. And by doing so, we will also build an awareness around code constructs that can potentially “blows your whole leg off”.
Undefined Behavior and Compiler Optimizations can result in programs that display surprising behavior. In this presentation we look at some examples, and I hope to convince you that you should not reason about Undefined Behavior and that you should take care and use your tools.
100 bugs in Open Source C/C++ projects Andrey Karpov
This article demonstrates capabilities of the static code analysis methodology. The readers are offered to study the samples of one hundred errors found in open-source projects in C/C++.
Capture the Flag (CTF) are information security challenges. They are fun, but they also provide a opportunity to practise for real-world security challenges.
In this talk we present the concept of CTF. We focus on some tools used by our team, which can also be used to solve real-world problems.
stackconf 2021 | Fuzzing: Finding Your Own Bugs and 0days!NETWAYS
This presentation has as objective to explain how 0day are found through Fuzzing technique. I’ll be explaining how you can create a fuzzer, what are types of fuzzing and types of targets. And how you can find a Buffer Overflow vulnerability and write your own exploit. PoC demos included, of course! (include 2 movies PoC).
Vagrant is a well-known tool for creating development environments in a simple and consistent way. Since we adopted in our organization we experienced several benefits: lower project setup times, better shared knowledge among team members, less wtf moments ;-)
In this session we’d like to share our experience, including but not limited to:advanced vagrantfile configurationvm configuration tips for dev environment: performance,
debug, tuning,
our wtf moments
puphet/phansilbe: hot or not?
packaging a box
Test flawfinder. This program wont compile or run; thats notMoseStaton39
/* Test flawfinder. This program won't compile or run; that's not necessary
for this to be a useful test. */
#include <stdio.h>
#define hello(x) goodbye(x)
#define WOKKA "stuff"
main() {
printf("hello\n");
}
/* This is a strcpy(a, "\n"); test. */
int demo(char *a, char *b) {
strcpy(a, "\n"); // Did this work?
strcpy(a, gettext("Hello there")); // Did this work?
strcpy(b, a);
sprintf(s, "\n");
sprintf(s, "hello");
sprintf(s, "hello %s", bug);
sprintf(s, gettext("hello %s"), bug);
sprintf(s, unknown, bug);
printf(bf, x);
scanf("%d", &x);
scanf("%s", s);
scanf("%10s", s);
scanf("%s", s);
gets(f); // Flawfinder: ignore
printf("\\");
/* Flawfinder: ignore */
gets(f);
gets(f);
/* These are okay, but flawfinder version < 0.20 incorrectly used
the first parameter as the parameter for the format string */
syslog(LOG_ERR,"cannot open config file (%s): %s",filename,strerror(errno))
syslog(LOG_CRIT,"malloc() failed");
/* But this one SHOULD trigger a warning. */
syslog(LOG_ERR, attacker_string);
}
demo2() {
char d[20];
char s[20];
int n;
_mbscpy(d,s); /* like strcpy, this doesn't check for buffer overflow */
memcpy(d,s);
CopyMemory(d,s);
lstrcat(d,s);
strncpy(d,s);
_tcsncpy(d,s);
strncat(d,s,10);
strncat(d,s,sizeof(d)); /* Misuse - this should be flagged as riskier. */
_tcsncat(d,s,sizeof(d)); /* Misuse - flag as riskier */
n = strlen(d);
/* This is wrong, and should be flagged as risky: */
MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof(wszUserName));
/* This is also wrong, and should be flagged as risky: */
MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof wszUserName);
/* This is much better: */
MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof(wszUserName)/sizeof(wszUserName[0]));
/* This is much better: */
MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof wszUserName /sizeof(wszUserName[0]));
/* This is an example of bad code - the third paramer is NULL, so it creates
a NULL ACL. Note that Flawfinder can't detect when a
SECURITY_DESCRIPTOR structure is manually created with a NULL value
as the ACL; doing so would require a tool that handles C/C++
and knows about types more that flawfinder currently does.
Anyway, this needs to be detected: */
SetSecurityDescriptorDacl(&sd,TRUE,NULL,FALSE);
/* This one is a bad idea - first param shouldn't be NULL */
CreateProcess(NULL, "C:\\Program Files\\GoodGuy\\GoodGuy.exe -x", "");
/* Test interaction of quote characters */
printf("%c\n", 'x');
printf("%c\n", '"');
printf("%c\n", '\"');
printf("%c\n", '\'');
printf("%c\n", '\177');
printf("%c\n", '\xfe');
printf("%c\n", '\xd');
printf("%c\n", '\n');
printf("%c\n", '\\');
printf("%c\n", "'");
}
int getopt_example(int argc,char *argv[]) {
while ((optc = getopt_long (argc, argv, "a",longopts, NULL )) ! ...
It is quite often that software developers have absolutely no clue about the cost of an error. It is very important that the error be found at the earliest possible stage.
MongoDB Europe 2016 - Debugging MongoDB PerformanceMongoDB
Asya is back, and so is Sherlock Holmes and his techniques to gather and analyze data from your poorly performing MongoDB clusters. In this advanced talk we take a deep look at all the diagnostic data that lives inside MongoDB - how to interrogate and interpret it to help you solve those frustrating performance bottlenecks that we all face occasionally.
Similar to Software Vulnerabilities in C and C++ (CppCon 2018) (20)
NDC TechTown 2023_ Return Oriented Programming an introduction.pdfPatricia Aas
Return Oriented Programming (ROP) is an exploitation technique that folks have often heard of, but don't know the mechanics of. In this talk you will learn how it works, and we will go through some examples to show how it can be used to execute code in contexts where the stack is not executable.
Return Oriented Programming, an introductionPatricia Aas
Return Oriented Programming (ROP) is an exploitation technique that folks have often heard of, but don't know the mechanics of.
In this talk you will learn how it works, and we will go through how it can be used to execute code in contexts where the stack is not executable.
I can't work like this (KDE Academy Keynote 2021)Patricia Aas
Making software products can be fraught with conflicts, where people in different roles may feel sabotaged by others. In this talk I present a model for thinking about the problems we solve and how we solve them, and using that I hope to convince you that team excellence comes from our differences, rather than in spite of them. Hopefully you'll walk away with a deeper understanding of that colleague that never writes tests, or the one that constantly complains that all you do is "make bugs".
Dependency Management in C++ (NDC TechTown 2021)Patricia Aas
C++ has been slow to settle on standardized tools for building and dependency management. In recent years CMake has emerged as the de facto standard for builds, but dependency management still has no clear winner. In this talk I will look into what dependency management might look like in modern C++ projects and how that relates to security.
Introduction to Memory Exploitation (Meeting C++ 2021)Patricia Aas
Stack based exploitation has gotten all the fame, but many platform and compiler mitigations have made it very hard to exploit stack vulnerabilities. Heap based exploits are still very relevant, and since this is black magic for most developers I will here give an introduction to the field.
We keep on thinking we are living in the future, but native exploitation has a rich history, and many times the vulnerabilities and exploitation techniques are decades old.
We'll look at some of these, how they have surfaced in recent years and how prepared we are today, armed with modern tooling, to find and fix "classic" vulnerabilities.
Introduction to Memory Exploitation (CppEurope 2021)Patricia Aas
Stack based exploitation has gotten all the fame, but many platform and compiler mitigations have made it very hard to exploit stack vulnerabilities. Heap based exploits are still very relevant, and since this is black magic for most developers I will here give an introduction to the field.
Thoughts On Learning A New Programming LanguagePatricia Aas
How should we teach a new language to folks that already know how to program?
How do we use what we already know to leapfrog the learning process?
Based on my personal experience and snippets of natural language theory, we will try to explore the cheats and pitfalls when learning a new programming language, but also dig into how we can make it easier.
Trying to build an Open Source browser in 2020Patricia Aas
A lot of things have been developed over the last 15 years that should make the process of making a browser easier. In this talk we will explore a bunch of different tools, platforms and libraries that could go into making a browser in 2020.
We will also see a live demo of a simple browser built with these OSS projects. We will also discuss the limitations and future work needed to make this work in practice.
Trying to build an Open Source browser in 2020Patricia Aas
A lot of things have been developed over the last 15 years that should make the process of making a browser easier. In this talk we will explore a bunch of different tools, platforms and libraries that could go into making a browser in 2020.
We will also see a live demo of a simple browser built with these OSS projects. We will also discuss the limitations and future work needed to make this work in practice.
DevSecOps for Developers, How To Start (ETC 2020)Patricia Aas
How can you squeeze Security into DevOps? Security is often an understaffed function, so how can you leverage what you have in DevOps to improve your security posture?
Often the culture clash between Security and Development is even more prominent than between Development and Operations. Understanding the differences in how these functions work, and leveraging their similarities, will reveal processes already in place that can be used to improve security. This fine tuning of tools and processes can give you DevSecOps on a shoestring.
The Anatomy of an Exploit (NDC TechTown 2019)Patricia Aas
Security vulnerabilities and secure coding is often talked about in the abstract by programmers, but rarely understood. In this talk we will walk through simple exploit attempts, and finally a simple stack buffer overflow exploit, how it’s developed and how it’s used.
The goal is to try to get a feeling for the point of view of an "attacker", and to slowly start looking at exploitation as just another programming practice. We will mainly be looking at C and x86_64 assembly, so bring snacks.
Elections: Trust and Critical Infrastructure (NDC TechTown 2019)Patricia Aas
Free and correct elections are the linchpin of democracy. For a government to be formed based the will of the people, the will of the people must be heard. Across the world election systems are being classified as critical infrastructure, and they face the same concerns as all other fundamental systems in society.
We are building our critical infrastructure from hardware and software built by nations and companies we can’t expect to trust. How can this be dealt with in Election Security, and can those lessons be applied to other critical systems society depends on today?
The Anatomy of an Exploit (NDC TechTown 2019))Patricia Aas
Security vulnerabilities and secure coding is often talked about in the abstract by programmers, but rarely understood. In this talk we will walk through simple exploit attempts, and finally a simple stack buffer overflow exploit, how it’s developed and how it’s used.
The goal is to try to get a feeling for the point of view of an "attacker", and to slowly start looking at exploitation as just another programming practice. We will mainly be looking at C and x86_64 assembly, so bring snacks.
Elections, Trust and Critical Infrastructure (NDC TechTown)Patricia Aas
Free and correct elections are the linchpin of democracy. For a government to be formed based the will of the people, the will of the people must be heard. Across the world election systems are being classified as critical infrastructure, and they face the same concerns as all other fundamental systems in society.
We are building our critical infrastructure from hardware and software built by nations and companies we can’t expect to trust. How can this be dealt with in Election Security, and can those lessons be applied to other critical systems society depends on today?
Survival Tips for Women in Tech (JavaZone 2019) Patricia Aas
Being the only woman on your team can be hard. Many times it’s difficult to know what is only your experience and what is common. In this talk we’ll go through 24 tips (and a few bonus tips) based on well over a decade of experience being the only woman in several teams. If you’re a woman hopefully you’ll walk out with some ideas you can put to work right away, if you’re a man hopefully you’ll walk out with a new perspective and start noticing things in your day-to-day that you didn’t notice before.
https://patricia.no/2018/09/06/survival_tips_for_women_in_tech.html
More and more we see technology, both hardware and software, intersect with fundamental issues like privacy, democracy and human rights. The opaqueness of tech makes it a handy instrument of oppression and manipulation. We have taught the population to trust us. We have constructed a world in which they have to exist, with little to no oversight or transparency. We build critical infrastructure on hardware and software that even we cannot audit. How can we wield that responsibility? How do we protect those that speak up? How do we protect the population?
Chromium Sandbox on Linux (NDC Security 2019)Patricia Aas
The Linux Security and Isolation APIs have become the basis of some of the most useful features server-side, providing the isolation required for efficient containers.
However, these APIs also form the basis of the Chromium Sandbox on Linux, and we will study them in that context in this talk.
Keynote: Deconstructing Privilege (C++ on Sea 2019)Patricia Aas
Can you describe a situation that caused you to realize you were privileged?
I have asked many people that question now, and what I have learned is that privilege is an Unconscious Incompetence. Being privileged is a non-event. When we become conscious of it we realize that our privileged experience is not applicable to less privileged people. What happens to them does not happen to us. Only when we become Consciously Incompetent do we realize the need to listen. We need to learn.
In this talk I hope to make you realize that we all have privilege and to start a journey through self reflection to becoming Consciously Incompetent. I hope also to give some indicators and patterns that you can look for in your daily lives to recognize and maybe even to correct imbalances you see.
First Steps with Globus Compute Multi-User EndpointsGlobus
In this presentation we will share our experiences around getting started with the Globus Compute multi-user endpoint. Working with the Pharmacology group at the University of Auckland, we have previously written an application using Globus Compute that can offload computationally expensive steps in the researcher's workflows, which they wish to manage from their familiar Windows environments, onto the NeSI (New Zealand eScience Infrastructure) cluster. Some of the challenges we have encountered were that each researcher had to set up and manage their own single-user globus compute endpoint and that the workloads had varying resource requirements (CPUs, memory and wall time) between different runs. We hope that the multi-user endpoint will help to address these challenges and share an update on our progress here.
Globus Connect Server Deep Dive - GlobusWorld 2024Globus
We explore the Globus Connect Server (GCS) architecture and experiment with advanced configuration options and use cases. This content is targeted at system administrators who are familiar with GCS and currently operate—or are planning to operate—broader deployments at their institution.
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisGlobus
JASMIN is the UK’s high-performance data analysis platform for environmental science, operated by STFC on behalf of the UK Natural Environment Research Council (NERC). In addition to its role in hosting the CEDA Archive (NERC’s long-term repository for climate, atmospheric science & Earth observation data in the UK), JASMIN provides a collaborative platform to a community of around 2,000 scientists in the UK and beyond, providing nearly 400 environmental science projects with working space, compute resources and tools to facilitate their work. High-performance data transfer into and out of JASMIN has always been a key feature, with many scientists bringing model outputs from supercomputers elsewhere in the UK, to analyse against observational or other model data in the CEDA Archive. A growing number of JASMIN users are now realising the benefits of using the Globus service to provide reliable and efficient data movement and other tasks in this and other contexts. Further use cases involve long-distance (intercontinental) transfers to and from JASMIN, and collecting results from a mobile atmospheric radar system, pushing data to JASMIN via a lightweight Globus deployment. We provide details of how Globus fits into our current infrastructure, our experience of the recent migration to GCSv5.4, and of our interest in developing use of the wider ecosystem of Globus services for the benefit of our user community.
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERRORTier1 app
Even though at surface level ‘java.lang.OutOfMemoryError’ appears as one single error; underlyingly there are 9 types of OutOfMemoryError. Each type of OutOfMemoryError has different causes, diagnosis approaches and solutions. This session equips you with the knowledge, tools, and techniques needed to troubleshoot and conquer OutOfMemoryError in all its forms, ensuring smoother, more efficient Java applications.
How Recreation Management Software Can Streamline Your Operations.pptxwottaspaceseo
Recreation management software streamlines operations by automating key tasks such as scheduling, registration, and payment processing, reducing manual workload and errors. It provides centralized management of facilities, classes, and events, ensuring efficient resource allocation and facility usage. The software offers user-friendly online portals for easy access to bookings and program information, enhancing customer experience. Real-time reporting and data analytics deliver insights into attendance and preferences, aiding in strategic decision-making. Additionally, effective communication tools keep participants and staff informed with timely updates. Overall, recreation management software enhances efficiency, improves service delivery, and boosts customer satisfaction.
Experience our free, in-depth three-part Tendenci Platform Corporate Membership Management workshop series! In Session 1 on May 14th, 2024, we began with an Introduction and Setup, mastering the configuration of your Corporate Membership Module settings to establish membership types, applications, and more. Then, on May 16th, 2024, in Session 2, we focused on binding individual members to a Corporate Membership and Corporate Reps, teaching you how to add individual members and assign Corporate Representatives to manage dues, renewals, and associated members. Finally, on May 28th, 2024, in Session 3, we covered questions and concerns, addressing any queries or issues you may have.
For more Tendenci AMS events, check out www.tendenci.com/events
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Globus
The Earth System Grid Federation (ESGF) is a global network of data servers that archives and distributes the planet’s largest collection of Earth system model output for thousands of climate and environmental scientists worldwide. Many of these petabyte-scale data archives are located in proximity to large high-performance computing (HPC) or cloud computing resources, but the primary workflow for data users consists of transferring data, and applying computations on a different system. As a part of the ESGF 2.0 US project (funded by the United States Department of Energy Office of Science), we developed pre-defined data workflows, which can be run on-demand, capable of applying many data reduction and data analysis to the large ESGF data archives, transferring only the resultant analysis (ex. visualizations, smaller data files). In this talk, we will showcase a few of these workflows, highlighting how Globus Flows can be used for petabyte-scale climate analysis.
Developing Distributed High-performance Computing Capabilities of an Open Sci...Globus
COVID-19 had an unprecedented impact on scientific collaboration. The pandemic and its broad response from the scientific community has forged new relationships among public health practitioners, mathematical modelers, and scientific computing specialists, while revealing critical gaps in exploiting advanced computing systems to support urgent decision making. Informed by our team’s work in applying high-performance computing in support of public health decision makers during the COVID-19 pandemic, we present how Globus technologies are enabling the development of an open science platform for robust epidemic analysis, with the goal of collaborative, secure, distributed, on-demand, and fast time-to-solution analyses to support public health.
A Comprehensive Look at Generative AI in Retail App Testing.pdfkalichargn70th171
Traditional software testing methods are being challenged in retail, where customer expectations and technological advancements continually shape the landscape. Enter generative AI—a transformative subset of artificial intelligence technologies poised to revolutionize software testing.
Strategies for Successful Data Migration Tools.pptxvarshanayak241
Data migration is a complex but essential task for organizations aiming to modernize their IT infrastructure and leverage new technologies. By understanding common challenges and implementing these strategies, businesses can achieve a successful migration with minimal disruption. Data Migration Tool like Ask On Data play a pivotal role in this journey, offering features that streamline the process, ensure data integrity, and maintain security. With the right approach and tools, organizations can turn the challenge of data migration into an opportunity for growth and innovation.
Unleash Unlimited Potential with One-Time Purchase
BoxLang is more than just a language; it's a community. By choosing a Visionary License, you're not just investing in your success, you're actively contributing to the ongoing development and support of BoxLang.
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus
As part of the DOE Integrated Research Infrastructure (IRI) program, NERSC at Lawrence Berkeley National Lab and ALCF at Argonne National Lab are working closely with General Atomics on accelerating the computing requirements of the DIII-D experiment. As part of the work the team is investigating ways to speedup the time to solution for many different parts of the DIII-D workflow including how they run jobs on HPC systems. One of these routes is looking at Globus Compute as a way to replace the current method for managing tasks and we describe a brief proof of concept showing how Globus Compute could help to schedule jobs and be a tool to connect compute at different facilities.
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...Anthony Dahanne
Les Buildpacks existent depuis plus de 10 ans ! D’abord, ils étaient utilisés pour détecter et construire une application avant de la déployer sur certains PaaS. Ensuite, nous avons pu créer des images Docker (OCI) avec leur dernière génération, les Cloud Native Buildpacks (CNCF en incubation). Sont-ils une bonne alternative au Dockerfile ? Que sont les buildpacks Paketo ? Quelles communautés les soutiennent et comment ?
Venez le découvrir lors de cette session ignite
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Shahin Sheidaei
Games are powerful teaching tools, fostering hands-on engagement and fun. But they require careful consideration to succeed. Join me to explore factors in running and selecting games, ensuring they serve as effective teaching tools. Learn to maintain focus on learning objectives while playing, and how to measure the ROI of gaming in education. Discover strategies for pitching gaming to leadership. This session offers insights, tips, and examples for coaches, team leads, and enterprise leaders seeking to teach from simple to complex concepts.
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?XfilesPro
Worried about document security while sharing them in Salesforce? Fret no more! Here are the top-notch security standards XfilesPro upholds to ensure strong security for your Salesforce documents while sharing with internal or external people.
To learn more, read the blog: https://www.xfilespro.com/how-does-xfilespro-make-document-sharing-secure-and-seamless-in-salesforce/
Enhancing Research Orchestration Capabilities at ORNL.pdfGlobus
Cross-facility research orchestration comes with ever-changing constraints regarding the availability and suitability of various compute and data resources. In short, a flexible data and processing fabric is needed to enable the dynamic redirection of data and compute tasks throughout the lifecycle of an experiment. In this talk, we illustrate how we easily leveraged Globus services to instrument the ACE research testbed at the Oak Ridge Leadership Computing Facility with flexible data and task orchestration capabilities.
Advanced Flow Concepts Every Developer Should KnowPeter Caitens
Tim Combridge from Sensible Giraffe and Salesforce Ben presents some important tips that all developers should know when dealing with Flows in Salesforce.
SOCRadar Research Team: Latest Activities of IntelBrokerSOCRadar
The European Union Agency for Law Enforcement Cooperation (Europol) has suffered an alleged data breach after a notorious threat actor claimed to have exfiltrated data from its systems. Infamous data leaker IntelBroker posted on the even more infamous BreachForums hacking forum, saying that Europol suffered a data breach this month.
The alleged breach affected Europol agencies CCSE, EC3, Europol Platform for Experts, Law Enforcement Forum, and SIRIUS. Infiltration of these entities can disrupt ongoing investigations and compromise sensitive intelligence shared among international law enforcement agencies.
However, this is neither the first nor the last activity of IntekBroker. We have compiled for you what happened in the last few days. To track such hacker activities on dark web sources like hacker forums, private Telegram channels, and other hidden platforms where cyber threats often originate, you can check SOCRadar’s Dark Web News.
Stay Informed on Threat Actors’ Activity on the Dark Web with SOCRadar!
3. Patricia Aas - Consultant
T
S
C++ Programmer, Application Security
Currently : T S
Previously : Vivaldi, Cisco Systems, Knowit, Opera Software
Master in Computer Science - main language Java
Pronouns: she/her
4. Undefined Behavior
What specs exist?
Compiler Optimizations
Exploit Development 101
Exploitability
Take your vitamins
The Eight I'd Really Rather You Didn'ts
@pati_gallardo
6. undefined behavior
“Examples of undefined behavior are memory accesses outside of array bounds, signed
integer overflow, null pointer dereference, modification of the same scalar more than
once in an expression without sequence points, access to an object through a pointer of a
different type, etc. Compilers are not required to diagnose undefined behavior (although
many simple situations are diagnosed), and the compiled program is not required to do
anything meaningful.”
http://en.cppreference.com/w/cpp/language/ub
@pati_gallardo
6
7. - Don’t reason about undefined
behaviour
- Assume that it crashes or is
never executed
- Changing compiler, compiler
version or optimization level
can break your application
Undefined Behaviour
8. Infinite Loop
int main(void) {
complex<int> delta;
complex<int> mc[4] = {0};
for(int di = 0; di < 4; di++, delta = mc[di])
cout << di << endl;
}
(Thanks to @shafikyaghmour) https://stackoverflow.com/questions/32506643/c-compilation-bug
Undefined Behavior:
Access out of bounds
@pati_gallardo
8
9. Infinite Loop
Want to give it a try?
Compiler Explorer
https://godbolt.org/g/TDjM8h
Wandbox
https://wandbox.org/permlink/aAFP2bMjA3um3L4K
Github
https://github.com/patricia-gallardo/insecure-coding-examples/
blob/master/vulnerable/infinite_loop.cpp
@pati_gallardo
(Thanks to @shafikyaghmour) https://stackoverflow.com/questions/32506643/c-compilation-bug9
10. Undefined Behavior
What specs exist?
Compiler Optimizations
Exploit Development 101
Exploitability
Take your vitamins
The Eight I'd Really Rather You Didn'ts
@pati_gallardo
12. CG: C++ Core Guidelines (328 pages!)
@pati_gallardo
13. SEI: CERT C++ Coding Standard (435 pages!)
@pati_gallardo
14. CWE : Common Weakness Enumeration (1572 pages!)
@pati_gallardo
15. Undefined Behavior
What specs exist?
Compiler Optimizations
Exploit Development 101
Exploitability
Take your vitamins
The Eight I'd Really Rather You Didn'ts
@pati_gallardo
18. CWE-14: Compiler Removal of Code to Clear Buffers
void GetData(char *MFAddr) {
char pwd[64];
if (GetPasswordFromUser(pwd, sizeof(pwd))) {
if (ConnectToMainframe(MFAddr, pwd)) {
// Interaction with mainframe
}
}
memset(pwd, 0, sizeof(pwd)); // <- Removed by the optimizer
}
SEI: MSC06-C. Beware of compiler optimizations
SEI: MEM03-C. Clear sensitive information stored in reusable resources
@pati_gallardo
18
19. Want to give it a try?
https://godbolt.org/g/FpEsht
SEI: MSC06-C. Beware of compiler optimizations
SEI: MEM03-C. Clear sensitive information stored in reusable resources
@pati_gallardo
19
CWE-14: Compiler Removal of Code to Clear Buffers
20. Memset_s : Zeroing Memory
// Compliant Solution (C11)
memset_s(pwd, 0, sizeof(pwd));
// Windows Solution
SecureZeroMemory(pwd, sizeof(pwd));
SEI: MSC06-C. Beware of compiler optimizations
SEI: MEM03-C. Clear sensitive information stored in reusable resources
@pati_gallardo
20
21. Undefined Behavior
What specs exist?
Compiler Optimizations
Exploit Development 101
Exploitability
Take your vitamins
The Eight I'd Really Rather You Didn'ts
@pati_gallardo
27. Write C code for shellcode Compile it
Put bytes in a char buffer Put jmp addr on ret addr
@pati_gallardo
27
Write inline assembly, eliminating zero bytes
28. Shellcode - code that gives you shell
int execve(
const char *filename,
char *const argv[],
char *const envp[]);
@pati_gallardo
Target Process
Vulnerable
Program
Target Process
/bin/sh
Shellcode
28
30. C code for our shellcode
#include <unistd.h>
int main(void) {
char *name[2];
name[0] = "/bin/sh";
name[1] = NULL;
execve(name[0], name, NULL);
}
@pati_gallardo
30
31. Write C code for shellcode Compile it
Put bytes in a char buffer Put jmp addr on ret addr
@pati_gallardo
Write inline assembly, eliminating zero bytes
31
32. int main(void) {
__asm__(
"jmp push_stringnt"
"pop_string: pop %rdint"
…
"push_string: call pop_stringnt"
".string "/bin/sh"nt"
);
}
@pati_gallardo
32
39. Shellcode - code that gives you shell
int execve(
const char *filename,
char *const argv[],
char *const envp[]);
@pati_gallardo
Target Process
Vulnerable
Program
Target Process
/bin/sh
Shellcode
39
41. Write C code for shellcode Compile it
Put bytes in a char buffer Put jmp addr on ret addr
@pati_gallardo
Write inline assembly, eliminating zero bytes
41
45. Write C code for shellcode Compile it
Put bytes in a char buffer Put jmp addr on ret addr
@pati_gallardo
Write inline assembly, eliminating zero bytes
45
46. int main(void) {
intptr_t *ret;
ret = (intptr_t *) &ret + 2;
(*ret) = (intptr_t) shellcode;
}
The Exploit: How to run your shell code
@pati_gallardo
46
50. Write direction vs Stack growing direction
100 char[5]: “ret” address 95
99 char[4]: “ret” address 95
98 char[3]: Shellcode
97 char[2]: Shellcode
96 char[1]: No-op
95 char[0]: No-op
Stack
grows
toward
lower
addresses
Instruction
addresses
also go
toward
higher
addresses
50
51. Undefined Behavior
What specs exist?
Compiler Optimizations
Exploit Development 101
Exploitability
Take your vitamins
The Eight I'd Really Rather You Didn'ts
@pati_gallardo
56. 1) CWE-190: Unsigned Integer Wraparound
int main(void) {
unsigned int first_len = UINT_MAX;
unsigned int second_len = 256;
unsigned int buf_len = 256;
char first[first_len], second[second_len], buf[buf_len];
if((first_len + second_len) <= 256) { // <- sum == 255
memcpy(buf, first, first_len);
memcpy(buf + first_len, second, second_len);
}
}
SEI-INT30-C. Ensure that unsigned integer operations do not wrap
@pati_gallardo
56
57. 2) CWE-190: Signed Integer Overflow
int main(void) {
int first_len = INT_MAX;
int second_len = 256;
int buf_len = 256;
char first[first_len], second[second_len], buf[buf_len];
if((first_len + second_len) <= 256) { // <- UB (negative)
memcpy(buf, first, first_len);
memcpy(buf + first_len, second, second_len);
}
}
SEI-INT32-C. Ensure that operations on signed integers do not result in
@pati_gallardo
57
58. 3) CWE-197: Numeric Truncation Error
int main(void) {
unsigned int first_len = UINT_MAX - 256;
unsigned int second_len = 256;
unsigned int buf_len = 256;
char first[first_len], second[second_len], buf[buf_len];
int new_len = (first_len+second_len); // IDB (negative)
if(new_len <= 256) {
memcpy(buf, first, first_len);
memcpy(buf + first_len, second, second_len);
}
} SEI-INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
@pati_gallardo
58
60. 4) CWE-121: Stack-based Buffer Overflow
int main(void) {
char buffer[10];
// CWE-242: Inherently Dangerous Function
gets(buffer); // <- Write outside
}
SEI-STR31-C. Guarantee that storage for str. has sufficient space for character data and the null terminator
@pati_gallardo
60
61. 5) CWE-122: Heap-based Buffer Overflow
int main(int argc, char * argv[]) {
char* buf = (char*)malloc(sizeof(char)*10);
strcpy(buf, argv[1]); // <- Write outside
free(buf);
}
SEI-ARR38-C. Guarantee that library functions do not form invalid pointers
@pati_gallardo
61
62. 6) CWE-124: Buffer Underwrite / Underflow
int main(void) {
char src[12];
strcpy(src, "Hello World");
size_t length = strlen(src);
int index = (length -1);
while (src[index] != ':') {
src[index] = '0';
index--;
}
}
SEI-ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
@pati_gallardo
62
63. 7) Use After Free
8) Double Free
@pati_gallardo
63
64. 7) CWE-416: Use After Free
int main(void) {
char* buffer = (char*)malloc (256);
bool error = true;
if (error)
free(buffer);
// [...]
printf("%lun", strlen(buffer)); //Use after free
}
SEI-MEM30-C. Do not access freed memory
@pati_gallardo
64
66. 9) Incorrect Type Conversion/Cast
10) Use of External Format String
@pati_gallardo
66
67. 9) CWE-704: Incorrect Type Conversion/Cast
struct A {};
struct B {};
int main(void) {
struct A * a = (struct A *) malloc (sizeof (struct A));
struct B * b = (struct B *) a; // cast to unrelated type
}
SEI-EXP05-CPP. Do not use C-style casts
@pati_gallardo
67
68. 10) CWE-134: Use of External Format String
int main(int argc, char * argv[]) {
char * format = argv[1];
char * str = argv[2];
printf(format, str);
}
$ ./format_string "%s %d" "Hello World"
Hello World 1745066888
SEI-FIO47-C. Use valid format strings
@pati_gallardo
68
69. Undefined Behavior
What specs exist?
Compiler Optimizations
Exploit Development 101
Exploitability
Take your vitamins
The Eight I'd Really Rather You Didn'ts
@pati_gallardo
72. Undefined Behavior
What specs exist?
Compiler Optimizations
Exploit Development 101
Exploitability
Take your vitamins
The Eight I'd Really Rather You Didn'ts
@pati_gallardo
73. The Eight I'd Really Rather You Didn'ts*
*The Eight Condiments (Pastafarianism)
@pati_gallardo
73
74. Caution: Don’t take me too
seriously. But seriously, think
about it! *wink*
@pati_gallardo
74
75. The Eight I'd Really
Rather You Didn'ts
1. Use C
2. Allocate with new
3. Do math a lot
4. Trust your external input
5. Use pointers a lot
6. Write “clever” code
7. Use shared_ptr a lot
8. Share state a lot
@pati_gallardo
75
76. 1. I'd Really Rather You Didn't:
Use CCG : CPL.1: Prefer C++ to C
@pati_gallardo
76
77. CG : R: Resource management
CG : R.11: Avoid calling new
and delete explicitly
2. I'd Really Rather You Didn't:
Allocate With New
@pati_gallardo
77
78. 3. I'd Really Rather You Didn't:
Do Math A Lot
@pati_gallardo
78
87. The Eight I'd Really
Rather You Didn'ts
1. Use C
2. Allocate with new
3. Do math a lot
4. Trust your external input
5. Use pointers a lot
6. Write “clever” code
7. Use shared_ptr a lot
8. Share state a lot
@pati_gallardo
87
88. 1. I'd Really Rather You Didn't:
Use CCG : CPL.1: Prefer C++ to C
@pati_gallardo
88
89. Std::string - Concatenate Strings
int main() {
std::string first = "Hello ";
std::string second = "World";
std::string buffer = first + second;
std::cout << buffer << "n";
}
@pati_gallardo
89
90. Std::cout/cin : Using the Command Line
int main(int argc, char * argv[]) {
std::string second;
std::cin >> second;
std::string first = argv[1];
std::string buffer = first + second;
std::cout << buffer << "n";
}
$ ./command_line "Hello "
World
Hello World
@pati_gallardo
90
91. Algorithms : Strip after Colon
int main() {
string str = "Hello:World";
auto colon = [](int ch) { return ch == ':'; };
auto first = find_if(rbegin(str), rend(str), colon);
str.erase(first.base(), end(str));
}
@pati_gallardo
91
92. C++ Casts : Safe Downcasting
class Spiderman {};
class Ironman {};
int main() {
Spiderman * peter = new Spiderman;
Ironman * tony = static_cast<Ironman*>(peter);
}
inheritance.cpp:6:20: error: static_cast from 'Spiderman *'
to 'Ironman *', which are not related by inheritance, is not
allowed
Ironman * tony = static_cast<Ironman*>(peter);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
1 error generated.
@pati_gallardo
92
93. CG : R: Resource management
CG : R.11: Avoid calling new
and delete explicitly
2. I'd Really Rather You Didn't:
Allocate With New93
@pati_gallardo
94. Allocating on the Stack
#include "Hero.h"
int main()
{
Hero h;
}
@pati_gallardo
@pati_gallardo
95. Where is it?
Stack
Hero stackHero;
Heap
unique_ptr<Hero> heapHero =
make_unique<Hero>();
Hero * heapHero = new Hero();
@pati_gallardo
@pati_gallardo
96. Loving the Stack
#include <iostream>
#include <string>
using namespace std;
int main()
{
{
string s("Hello World!");
cout << s;
} // <- GC happens here!
}
@pati_gallardo
@pati_gallardo
97. Using the Stack To Manage Resource Lifetimes
Destroyed when exiting scope
Deterministic Garbage Collection
@pati_gallardo
98. Hold a Value on the Stack that
Controls The Lifetime of Your Heap
Allocated Object
using namespace std;
{
unique_ptr<Hero> myHero =
make_unique<Hero>();
shared_ptr<Hero> ourHero =
make_shared<Hero>();
}
Smart Pointers
@pati_gallardo
99. 3. I'd Really Rather You Didn't:
Do Math A Lot
@pati_gallardo
99
100. Primitive types have no semantics, only limits
Reduce the value space
Keep it within defined behavior
Enum class, string literals, user defined
literals, size_t
@pati_gallardo100
101. Enum Class
enum class Direction : char
{ NORTH = 'N', EAST = 'E', WEST = 'W', SOUTH = 'S' };
std::ostream& operator << (std::ostream& os, const Direction& obj) {
os << static_cast<std::underlying_type<Direction>::type>(obj);
return os;
}
int main() {
std::cout << "t" << Direction::NORTH << "n"
<< "t" << Direction::EAST << "n"
<< "t" << Direction::WEST << "n"
<< "t" << Direction::SOUTH << "n";
}
@pati_gallardo
101
103. 1) User Defined Literals
int main() {
auto h = 24_hours;
auto d = 7_days;
auto err = h + d;
}
user_defined_literals.cpp:25:21: error: invalid operands to
binary expression ('Hours' and 'Days')
auto err = hours + days;
~~~~~ ^ ~~~~
1 error generated.
@pati_gallardo
103
104. 2) User Defined Literals
struct Hours {
explicit Hours(unsigned long long n) : num(n) {}
unsigned long long num = 0;
};
struct Days {
explicit Days(unsigned long long n) : num(n) {}
unsigned long long num = 0;
};
@pati_gallardo
104
105. 3) User Defined Literals
Hours operator "" _hours(unsigned long long num) {
return Hours(num);
}
Days operator "" _days(unsigned long long num) {
return Days(num);
}
@pati_gallardo
105
106. Use Size_t for Sizes
- Unsigned integer type
- Result of the sizeof
operator
- Use for object sizes
- Use for array indexing and
loop counting
@pati_gallardo
106
112. Bjarne Stroustrup
“C makes it easy to shoot yourself in the
foot; C++ makes it harder, but when you do
it blows your whole leg off.”
@pati_gallardo
112