This document discusses format string vulnerabilities in programming. It begins by explaining what a format string is in C and how it can be exploited if the format string is controlled by an attacker. It then provides examples of format string vulnerabilities, how to define them, and their importance. The document analyzes a specific vulnerability in the cfingerd 1.4.3 program and discusses how to prevent format string vulnerabilities through safe programming practices.
This document discusses format string attacks and how they can be exploited. It provides an example (fsa.c) of a program with a format string vulnerability. By compiling the program without protections and disabling ASLR, an attacker can view the program stack using different format strings. This allows viewing memory at any location and overwriting arbitrary memory by exploiting the %n field. So a format string vulnerability can be used to overwrite return addresses and execute shellcode.
This document discusses control hijacking attacks that aim to take control of a victim's machine by exploiting vulnerabilities in programs. It covers different types of attacks like buffer overflow attacks, integer overflow attacks, and format string vulnerabilities. These attacks work by injecting attack code or parameters to abuse vulnerabilities and modify memory to redirect the control flow. The document also discusses defenses like choosing programming languages with strong typing and automatic checks, auditing software, and adding runtime checks using techniques like stack canaries to detect exploits and prevent code execution.
Buffer overflows occur when a program allows user input that exceeds the maximum buffer size, overflowing into adjacent memory and potentially altering the program flow. This is a common security issue that has been exploited in many worms. Proper bounds checking on all buffers and techniques like StackGuard and static analysis can help prevent buffer overflows. Other memory corruption issues also exist, such as format string vulnerabilities and integer overflows.
Buffer overflows occur when more data is written to a buffer than it was designed to hold, corrupting the call stack. This can allow arbitrary code execution or modification of return addresses. Developers should use safe string functions, validate user input, grant least privileges, and use compiler tools to help prevent buffer overflows. Reporting vulnerabilities and keeping up to date on security bulletins is also important.
Buffer overflow attacks can exploit vulnerabilities in C library functions like strcpy() that do not perform bounds checking on buffers. By passing in a string longer than the buffer size, an attacker can overwrite adjacent memory, such as the return address on the stack, allowing them to execute arbitrary code. Defenses include using type-safe languages, marking the stack as non-executable, static source code analysis, and runtime checks.
Valgrind overview: runtime memory checker and a bit more aka использование #v...Minsk Linux User Group
Sergei Trofimovich «Valgrind overview: runtime memory checker and a bit more aka использование #valgrind на селе»
Доклад на майской линуксовке MLUG 2013
System Hacking Tutorial #1 - Introduction to Vulnerability and Type of Vulner...sanghwan ahn
The document discusses system hacking and reverse engineering techniques. It provides an introduction to vulnerabilities and types of vulnerabilities. The document outlines two tracks - the first introduces bugs, crashes, vulnerabilities, exploitation and defense mechanisms. The second track discusses different types of vulnerabilities like buffer overflows, format string bugs, and use-after-free vulnerabilities. It explains the principles and exploitation of stack and heap overflows.
The document provides a summary of common mistakes made in C programming. It discusses issues like memory padding in structs, new line characters differences between Windows and Linux, binary mode in fopen(), potential crashes with strncpy(), only using memset() to initialize to zero, reading limits with fgets(), non-null terminated strings, include guards, getting thread IDs, and buffer overflows from writing outside array bounds. The purpose is to introduce common mistakes programmers make in C code and provide experiences to write better code.
This document discusses format string attacks and how they can be exploited. It provides an example (fsa.c) of a program with a format string vulnerability. By compiling the program without protections and disabling ASLR, an attacker can view the program stack using different format strings. This allows viewing memory at any location and overwriting arbitrary memory by exploiting the %n field. So a format string vulnerability can be used to overwrite return addresses and execute shellcode.
This document discusses control hijacking attacks that aim to take control of a victim's machine by exploiting vulnerabilities in programs. It covers different types of attacks like buffer overflow attacks, integer overflow attacks, and format string vulnerabilities. These attacks work by injecting attack code or parameters to abuse vulnerabilities and modify memory to redirect the control flow. The document also discusses defenses like choosing programming languages with strong typing and automatic checks, auditing software, and adding runtime checks using techniques like stack canaries to detect exploits and prevent code execution.
Buffer overflows occur when a program allows user input that exceeds the maximum buffer size, overflowing into adjacent memory and potentially altering the program flow. This is a common security issue that has been exploited in many worms. Proper bounds checking on all buffers and techniques like StackGuard and static analysis can help prevent buffer overflows. Other memory corruption issues also exist, such as format string vulnerabilities and integer overflows.
Buffer overflows occur when more data is written to a buffer than it was designed to hold, corrupting the call stack. This can allow arbitrary code execution or modification of return addresses. Developers should use safe string functions, validate user input, grant least privileges, and use compiler tools to help prevent buffer overflows. Reporting vulnerabilities and keeping up to date on security bulletins is also important.
Buffer overflow attacks can exploit vulnerabilities in C library functions like strcpy() that do not perform bounds checking on buffers. By passing in a string longer than the buffer size, an attacker can overwrite adjacent memory, such as the return address on the stack, allowing them to execute arbitrary code. Defenses include using type-safe languages, marking the stack as non-executable, static source code analysis, and runtime checks.
Valgrind overview: runtime memory checker and a bit more aka использование #v...Minsk Linux User Group
Sergei Trofimovich «Valgrind overview: runtime memory checker and a bit more aka использование #valgrind на селе»
Доклад на майской линуксовке MLUG 2013
System Hacking Tutorial #1 - Introduction to Vulnerability and Type of Vulner...sanghwan ahn
The document discusses system hacking and reverse engineering techniques. It provides an introduction to vulnerabilities and types of vulnerabilities. The document outlines two tracks - the first introduces bugs, crashes, vulnerabilities, exploitation and defense mechanisms. The second track discusses different types of vulnerabilities like buffer overflows, format string bugs, and use-after-free vulnerabilities. It explains the principles and exploitation of stack and heap overflows.
The document provides a summary of common mistakes made in C programming. It discusses issues like memory padding in structs, new line characters differences between Windows and Linux, binary mode in fopen(), potential crashes with strncpy(), only using memset() to initialize to zero, reading limits with fgets(), non-null terminated strings, include guards, getting thread IDs, and buffer overflows from writing outside array bounds. The purpose is to introduce common mistakes programmers make in C code and provide experiences to write better code.
AddressSanitizer and ThreadSanitizer are tools for finding bugs and vulnerabilities in the Chrome browser and server applications. AddressSanitizer detects buffer overflows and use-after-free errors. ThreadSanitizer detects data races in C++ and Go code. MemorySanitizer detects uninitialized memory reads. The tools use compiler instrumentation and run-time libraries to monitor memory accesses and detect errors. Over 1000 bugs have been found using these tools in Chrome and Google server applications.
Valgrind is an open source tool for debugging and profiling Linux x86 programs. It uses dynamic binary instrumentation to detect memory errors like use of uninitialized values, memory leaks, and invalid reads/writes. It includes tools like Memcheck for memory errors, Massif for heap profiling, Helgrind for data race detection, and Callgrind for call graph and profiling information. The presentation discusses how Valgrind works, its various tools, and best practices for using it to improve code quality and find bugs.
Evgeniy Muralev, Mark Vince, Working with the compiler, not against itSergey Platonov
The talk will look at limitations of compilers when creating fast code and how to make more effective use of both the underlying micro-architecture of modern CPU's and how algorithmic optimizations may have surprising effects on the generated code. We shall discuss several specific CPU architecture features and their pros and cons in relation to creating fast C++ code. We then expand with several algorithmic techniques, not usually well-documented, for making faster, compiler friendly, C++.
Note that we shall not discuss caching and related issues here as they are well documented elsewhere.
Rust LDN 24 7 19 Oxidising the Command LineMatt Provost
The document discusses various techniques for building command line utilities in Rust, including handling broken pipes, reading input byte-by-byte or line-by-line, reading from stdin or files, and handling non-UTF8 arguments. It provides code examples of reading from stdin, handling broken pipes gracefully, and collecting command line arguments as OsStrings to support non-UTF8 values. The document concludes by advertising open jobs at Yelp and providing contact information.
Learn about Linux on System z debugging with Valgrind, one of the most prominent debugging tools for Linux.For more information, visit http://ibm.co/PNo9Cb.
100 bugs in Open Source C/C++ projects Andrey Karpov
This article demonstrates capabilities of the static code analysis methodology. The readers are offered to study the samples of one hundred errors found in open-source projects in C/C++.
I sometimes feel quite embarrassed when examining bugs in software projects. Many of these bugs inhabit the code for many years, and you just can't help wondering how the program still manages to run at all with a hundred mistakes and defects. And it does work somehow. And people do manage to use it. It holds true not only for code drawing a video game pockemon, but for math libraries too. Your guess is right - we'll speak about the math library Scilab and its analysis results in this article.
This document provides an overview of system hacking and reverse engineering techniques. It introduces various buffer overflow exploitation methods like overwriting the return address, structured exception handling, egg hunting, and return-oriented programming on Windows, Unix-like, and ARM platforms. Specific exploitation steps are demonstrated, such as overwriting the return address in a stack-based buffer overflow to redirect execution to shellcode. The document also provides an example exploit targeting a Windows application vulnerable to a stack-based buffer overflow through crafted playlist files.
Valgrind is a GPL'd system for debugging and profiling Linux programs. With Valgrind's tool suite you can automatically detect many memory management and threading bugs, avoiding hours of frustrating bug-hunting, making your programs more stable. You can also perform detailed profiling to help speed up your programs.
Post Exploitation Bliss: Loading Meterpreter on a Factory iPhone, Black Hat U...Vincenzo Iozzo
Charlie Miller and Vincenzo Iozzo presented techniques for post-exploitation on the iPhone 2 including:
1. Running arbitrary shellcode by overwriting memory protections and calling vm_protect to mark pages as read/write/executable.
2. Loading an unsigned dynamic library called Meterpreter by mapping it over an existing signed library, patching dyld to ignore code signing, and forcing unloaded of linked libraries.
3. Adding new functionality to Meterpreter, such as a module to vibrate and play a sound on the iPhone, demonstrating how payloads can be extended once loaded into memory.
Whether you call yourself a system administrator, developer, or DevOps sprint mediator, life is too short for sloppy shell scripts! In this talk, we look at how to improve them to stand the test of time. Michael will share how to create a good foundation for your scripts, so they run more reliable now and in the future. Your (future) colleagues might love you for it.
Focus areas of this presentation include error handling, security, style, and best practices. Also, it will cover (many) mistakes made by Michael over the last 20 years.
Handling inline assembly in Clang and LLVMMin-Yih Hsu
The document discusses how inline assembly is processed in Clang and LLVM. It outlines the target-specific logic involved at each stage, including operand constraint validation in Clang, lowering operands to LLVM IR, and printing different operand types in the assembler. Target-specific callbacks for inline assembly handling are scattered throughout Clang and LLVM. The goals are to learn the inline assembly workflow and provide documentation for backend developers to add support.
Valgrind is a suite of tools for debugging and profiling C and C++ programs. Memcheck is its most popular tool for detecting memory errors like leaks, accesses to uninitialized memory, and invalid reads/writes. It works by instrumenting the program binary to track "V-bits" and "A-bits" associated with each value and memory location. When the program is executed, Memcheck checks these bits to detect errors and produces detailed error reports with stack traces. The tutorial provides instructions on running Memcheck, understanding its output, and using options like suppressions and attaching a debugger. It also briefly describes how Memcheck works and lists some other Valgrind tools.
It is quite often that software developers have absolutely no clue about the cost of an error. It is very important that the error be found at the earliest possible stage.
The document provides instructions for preparing for a bioinformatics course on December 17th, 2014. It instructs students to install Perl and Java software by specified dates. The outline for the course covers topics like scripting with Perl and Python, working with databases and genome browsers, and using artificial intelligence tools like WEKA for classification and clustering.
The document discusses system hacking and reverse engineering techniques. It introduces egg hunting, which searches a process's memory to locate and execute injected shellcode when only a small buffer is available for exploitation. Egg hunting code consists of an egg hunter, marker, and shellcode. The egg hunter searches for the marker and jumps to it, then the shellcode executes. Various exploitation techniques are covered for Windows, Unix-like systems and ARM.
Better Embedded 2013 - Detecting Memory Leaks with ValgrindRigels Gordani
Valgrind is a tool for detecting memory leaks and errors. It works with existing executables without needing to recompile. Valgrind's MemCheck tool can detect issues like memory leaks, out of bounds access, and use of undefined values. It provides details on errors, including the line of code that causes the issue. Valgrind can be run from the command line or integrated into IDEs like QtCreator and Eclipse to help debug memory problems.
Rust tutorial from Boston Meetup 2015-07-22nikomatsakis
The document discusses various topics related to learning and using the Rust programming language. It begins with an introduction to some of Rust's core concepts like ownership and borrowing which provide memory safety without garbage collection. It then covers everyday usage of Rust including common data types, modules, cargo, and derives. The document also demonstrates concepts like methods, enums, slices, iterators, and privacy. It concludes by recommending additional resources for learning more about Rust.
This lab document describes using the Metasploit framework to perform exploits against Windows systems. It consists of six sections: installing Metasploit, adding a remote user to Windows XP, gaining remote command shell access to Windows XP, using DLL injection to open a remote VNC connection, remotely installing a rootkit on Windows, and setting up the Metasploit web interface. The document provides background on exploit frameworks and payloads, and guides students through exercises to complete each section.
This presentation explores the makeup of several common file formats, discusses common vulnerabilities associated with media formats, and details auditing for bugs stemming from improper handling of media files.
Overview of hacking techniques used to attack modern web applications focused on application layer. Cross Site Scripting, SQL Injection, Buffer Overflow, Phishing attacks presented.
AddressSanitizer and ThreadSanitizer are tools for finding bugs and vulnerabilities in the Chrome browser and server applications. AddressSanitizer detects buffer overflows and use-after-free errors. ThreadSanitizer detects data races in C++ and Go code. MemorySanitizer detects uninitialized memory reads. The tools use compiler instrumentation and run-time libraries to monitor memory accesses and detect errors. Over 1000 bugs have been found using these tools in Chrome and Google server applications.
Valgrind is an open source tool for debugging and profiling Linux x86 programs. It uses dynamic binary instrumentation to detect memory errors like use of uninitialized values, memory leaks, and invalid reads/writes. It includes tools like Memcheck for memory errors, Massif for heap profiling, Helgrind for data race detection, and Callgrind for call graph and profiling information. The presentation discusses how Valgrind works, its various tools, and best practices for using it to improve code quality and find bugs.
Evgeniy Muralev, Mark Vince, Working with the compiler, not against itSergey Platonov
The talk will look at limitations of compilers when creating fast code and how to make more effective use of both the underlying micro-architecture of modern CPU's and how algorithmic optimizations may have surprising effects on the generated code. We shall discuss several specific CPU architecture features and their pros and cons in relation to creating fast C++ code. We then expand with several algorithmic techniques, not usually well-documented, for making faster, compiler friendly, C++.
Note that we shall not discuss caching and related issues here as they are well documented elsewhere.
Rust LDN 24 7 19 Oxidising the Command LineMatt Provost
The document discusses various techniques for building command line utilities in Rust, including handling broken pipes, reading input byte-by-byte or line-by-line, reading from stdin or files, and handling non-UTF8 arguments. It provides code examples of reading from stdin, handling broken pipes gracefully, and collecting command line arguments as OsStrings to support non-UTF8 values. The document concludes by advertising open jobs at Yelp and providing contact information.
Learn about Linux on System z debugging with Valgrind, one of the most prominent debugging tools for Linux.For more information, visit http://ibm.co/PNo9Cb.
100 bugs in Open Source C/C++ projects Andrey Karpov
This article demonstrates capabilities of the static code analysis methodology. The readers are offered to study the samples of one hundred errors found in open-source projects in C/C++.
I sometimes feel quite embarrassed when examining bugs in software projects. Many of these bugs inhabit the code for many years, and you just can't help wondering how the program still manages to run at all with a hundred mistakes and defects. And it does work somehow. And people do manage to use it. It holds true not only for code drawing a video game pockemon, but for math libraries too. Your guess is right - we'll speak about the math library Scilab and its analysis results in this article.
This document provides an overview of system hacking and reverse engineering techniques. It introduces various buffer overflow exploitation methods like overwriting the return address, structured exception handling, egg hunting, and return-oriented programming on Windows, Unix-like, and ARM platforms. Specific exploitation steps are demonstrated, such as overwriting the return address in a stack-based buffer overflow to redirect execution to shellcode. The document also provides an example exploit targeting a Windows application vulnerable to a stack-based buffer overflow through crafted playlist files.
Valgrind is a GPL'd system for debugging and profiling Linux programs. With Valgrind's tool suite you can automatically detect many memory management and threading bugs, avoiding hours of frustrating bug-hunting, making your programs more stable. You can also perform detailed profiling to help speed up your programs.
Post Exploitation Bliss: Loading Meterpreter on a Factory iPhone, Black Hat U...Vincenzo Iozzo
Charlie Miller and Vincenzo Iozzo presented techniques for post-exploitation on the iPhone 2 including:
1. Running arbitrary shellcode by overwriting memory protections and calling vm_protect to mark pages as read/write/executable.
2. Loading an unsigned dynamic library called Meterpreter by mapping it over an existing signed library, patching dyld to ignore code signing, and forcing unloaded of linked libraries.
3. Adding new functionality to Meterpreter, such as a module to vibrate and play a sound on the iPhone, demonstrating how payloads can be extended once loaded into memory.
Whether you call yourself a system administrator, developer, or DevOps sprint mediator, life is too short for sloppy shell scripts! In this talk, we look at how to improve them to stand the test of time. Michael will share how to create a good foundation for your scripts, so they run more reliable now and in the future. Your (future) colleagues might love you for it.
Focus areas of this presentation include error handling, security, style, and best practices. Also, it will cover (many) mistakes made by Michael over the last 20 years.
Handling inline assembly in Clang and LLVMMin-Yih Hsu
The document discusses how inline assembly is processed in Clang and LLVM. It outlines the target-specific logic involved at each stage, including operand constraint validation in Clang, lowering operands to LLVM IR, and printing different operand types in the assembler. Target-specific callbacks for inline assembly handling are scattered throughout Clang and LLVM. The goals are to learn the inline assembly workflow and provide documentation for backend developers to add support.
Valgrind is a suite of tools for debugging and profiling C and C++ programs. Memcheck is its most popular tool for detecting memory errors like leaks, accesses to uninitialized memory, and invalid reads/writes. It works by instrumenting the program binary to track "V-bits" and "A-bits" associated with each value and memory location. When the program is executed, Memcheck checks these bits to detect errors and produces detailed error reports with stack traces. The tutorial provides instructions on running Memcheck, understanding its output, and using options like suppressions and attaching a debugger. It also briefly describes how Memcheck works and lists some other Valgrind tools.
It is quite often that software developers have absolutely no clue about the cost of an error. It is very important that the error be found at the earliest possible stage.
The document provides instructions for preparing for a bioinformatics course on December 17th, 2014. It instructs students to install Perl and Java software by specified dates. The outline for the course covers topics like scripting with Perl and Python, working with databases and genome browsers, and using artificial intelligence tools like WEKA for classification and clustering.
The document discusses system hacking and reverse engineering techniques. It introduces egg hunting, which searches a process's memory to locate and execute injected shellcode when only a small buffer is available for exploitation. Egg hunting code consists of an egg hunter, marker, and shellcode. The egg hunter searches for the marker and jumps to it, then the shellcode executes. Various exploitation techniques are covered for Windows, Unix-like systems and ARM.
Better Embedded 2013 - Detecting Memory Leaks with ValgrindRigels Gordani
Valgrind is a tool for detecting memory leaks and errors. It works with existing executables without needing to recompile. Valgrind's MemCheck tool can detect issues like memory leaks, out of bounds access, and use of undefined values. It provides details on errors, including the line of code that causes the issue. Valgrind can be run from the command line or integrated into IDEs like QtCreator and Eclipse to help debug memory problems.
Rust tutorial from Boston Meetup 2015-07-22nikomatsakis
The document discusses various topics related to learning and using the Rust programming language. It begins with an introduction to some of Rust's core concepts like ownership and borrowing which provide memory safety without garbage collection. It then covers everyday usage of Rust including common data types, modules, cargo, and derives. The document also demonstrates concepts like methods, enums, slices, iterators, and privacy. It concludes by recommending additional resources for learning more about Rust.
This lab document describes using the Metasploit framework to perform exploits against Windows systems. It consists of six sections: installing Metasploit, adding a remote user to Windows XP, gaining remote command shell access to Windows XP, using DLL injection to open a remote VNC connection, remotely installing a rootkit on Windows, and setting up the Metasploit web interface. The document provides background on exploit frameworks and payloads, and guides students through exercises to complete each section.
This presentation explores the makeup of several common file formats, discusses common vulnerabilities associated with media formats, and details auditing for bugs stemming from improper handling of media files.
Overview of hacking techniques used to attack modern web applications focused on application layer. Cross Site Scripting, SQL Injection, Buffer Overflow, Phishing attacks presented.
DrupalCamp London 2017 - Web site insecurity George Boobyer
Common threats to web security with real world case studies of compromised sites,
- A 'dissection' of a typical common exploit tool and how it operates,
- Simple approaches to mitigating common threats/vulnerabilities,
- Defence in depth – an overview of the various components of web security,
- Drupal specific measures that standard penetration testing often does not account for.
An overview of how to benefit from:
- Security monitoring and log analysis
- Intrusion Detection Systems & Firewalls
- Security headers and Content Security Policies (CSP).
see Drupal Camp London for full details:
http://drupalcamp.london/session/web-site-insecurity-how-your-cms-site-will-get-hacked-and-how-prevent-it
Oracle ASM Training covers database and storage concepts, ASM architecture, installation and configuration of ASMLIB, creating and managing ASM disk groups, best practices for ASM configuration, and migrating databases to ASM. The document includes an agenda with topics on ASM, ASMLIB, disk groups, files, redundancy, rebalancing, and troubleshooting. It also lists office locations for consulting services.
CNIT 127 Ch 4: Introduction to format string bugs (rev. 2-9-17)Sam Bowne
Slides for a college course at City College San Francisco. Based on "The Shellcoder's Handbook: Discovering and Exploiting Security Holes ", by Chris Anley, John Heasman, Felix Lindner, Gerardo Richarte; ASIN: B004P5O38Q.
Instructor: Sam Bowne
Class website: https://samsclass.info/127/127_S17.shtml
Windows Kernel Exploitation : This Time Font hunt you down in 4 bytesPeter Hlavaty
The document discusses exploiting TrueType font (TTF) vulnerabilities to achieve kernel code execution on Windows systems. It begins by describing the discovery of exploitable bugs in a TTF fuzzer. Despite mitigations like KASLR, NX, SMAP, and CFG, the researchers were able to bypass these protections through techniques like controlled overflows, abusing plain kernel structures, and function-driven attacks. They show how to leverage wild overflows, control kernel memory layout, and hijack control flow to achieve arbitrary code execution. The document emphasizes that OS design weaknesses allow bypassing modern defenses through clever bug chaining and memory manipulation.
This document summarizes a study on zero-day vulnerabilities and exploits. The study obtained rare access to data on zero-day vulnerabilities and exploits to analyze metrics like life status, longevity, collision rates, and development costs. Some key findings include: 1) exploits have an average lifespan of 6.9 years after discovery before being patched, but 25% will last less than 1.5 years and 25% will last over 9.5 years, 2) after 1 year, approximately 5.7% of vulnerabilities in a stockpile will be discovered and disclosed by others, and 3) once an exploitable vulnerability is found, the median time to develop a working exploit is 22 days. The results provide insights to inform policy debates on
This document discusses format string vulnerabilities in C and C++ programs. It begins with an overview of format string vulnerabilities, including how they allow attackers to perform unauthorized reads and writes of memory. It then covers various types of format string attacks and examples of exploits. The document concludes with recommendations for mitigations, such as using format specifiers consistently, compiler flags to validate formats, and techniques like address space layout randomization.
The document discusses format string vulnerabilities, which occur when user-supplied input containing format specifiers is used without validation in functions like printf(). Format strings allow viewing process memory, crashing programs, or overwriting memory locations like the instruction pointer. While buffer overflows have thousands of exploits, format string vulnerabilities are less common but easier to find due to programmer mistakes. Exploiting format strings can lead to privilege escalation, crashes, or arbitrary code execution. Examples of past vulnerabilities are discussed.
This document discusses format string vulnerabilities in C programs. It explains that if a program passes user input directly to a printf statement, an attacker can craft the input as a format string to control how the printf function operates. This allows viewing memory, crashing programs, and writing arbitrary values to memory by abusing how printf interprets format specifiers like %s, %x and %n. Countermeasures include compiler checks on format string usage and address space randomization.
Buffer overflows occur when a program writes more data to a buffer than it is configured to hold. This can overwrite adjacent memory and compromise the program. Common types of buffer overflows include stack overflows, heap overflows, and format string vulnerabilities. Buffer overflows have been exploited by major computer worms to spread, including the Morris worm in 1988 and the SQL Slammer worm in 2003. Techniques like canaries can help detect buffer overflows by placing check values between buffers and control data. Programming best practices like bounds checking and safe string functions can prevent buffer overflows.
The document provides an overview of the C programming language. It states that C was developed in 1972 by Dennis Ritchie at Bell Labs and was used to develop the UNIX operating system. The document then covers various features of C like it being a mid-level programming language, having structured programming, pointers, loops, functions, arrays, and more. It provides examples to explain concepts like input/output functions, data types, operators, control structures, and pointers.
Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. The event is focused on introducing and teaching the 'Trust Rust can Entrust' on coding to Young developers and engineers who make the web better and more secure!, to train developers, students, mozillians and budding programmers on Rust. Never wrote a single line of code in Rust? Don’t worry, most of us are just starting off. The Rust programming language will be important to the future of the web, making it safe and great.
C is a general-purpose programming language developed in the 1970s. It was created by Dennis Ritchie at Bell Labs to be used for the Unix operating system. Some key features of C include it being a mid-level language, supporting structured programming, having a rich standard library, and allowing for pointers and recursion. A simple "Hello World" program in C prints a message using printf and waits for input with getch. C supports various data types, operators, control structures like if/else and loops, functions, arrays, and pointers.
Course : Introduction to Big Data with Apache Spark : http://ouo.io/Mqc8L5
Course : Spark Fundamentals I : http://ouo.io/eiuoV
Course : Functional Programming Principles in Scala : http://ouo.io/rh4vv
This document provides an outline for a lecture on software security. It introduces the lecturer, Roman Oliynykov, and covers various topics related to software vulnerabilities like buffer overflows, heap overflows, integer overflows, and format string vulnerabilities. It provides examples of vulnerable code and exploits, and recommendations for writing more secure code to avoid these vulnerabilities.
COMP 2103X1 Assignment 2Due Thursday, January 26 by 700 PM.docxdonnajames55
COMP 2103X1 Assignment 2
Due Thursday, January 26 by 7:00 PM
General information about assignments (important!):
http://cs.acadiau.ca/~jdiamond/comp2103/assignments/General-info.html
Information on passing in assignments:
http://cs.acadiau.ca/~jdiamond/comp2103/assignments/Pass-in-info.html
Information on coding style:
http://cs.acadiau.ca/~jdiamond/comp2103/assignments/C-coding-style-notes
[1] A filter program is a program which reads its input from “standard input” (“stdin”) and writes
its output to “standard output” (“stdout”). Filter programs are useful because they make it easy
to combine the functions they provide to solve more complex problems using the standard shell
facilities. Filter programs are also nice to write, because the programmer doesn’t have to worry
about writing code to open and close files, nor does the programmer have to worry about dealing
with related error conditions. In some respects, filter programs are truly “win-win”.
Write a filter program which uses getchar() to read in characters from stdin, continuing until
end of file (read the man page and/or textbook to see the details on getchar(), or, heaven forbid,
review the class slides). Your program must count the number of occurrences of each character in
the input. After having read all of the input, it outputs a table similar to the one below which, for
each character seen at least once, lists the total number of times that character was seen as well as
its relative frequency (expressed as a percentage). Note that the characters \n, \r, \t, \0, \a, \b,
\f, and \v (see man ascii) must be displayed with the appropriate “escape sequence”. Ordinary
printable characters must be output as themselves. Non-printable characters (see man isprint)
must be printed with their three-digit octal code (see man printf).
You can get input into a filter program (a2p1 in this case) in three ways:
(a) “pipe” data from another program into it, like
$ echo blah blah | a2p1
(b) “redirect” the contents of a file into the program, like
$ a2p1 < some-file
(c) type at the keyboard, and (eventually) type ^D (control-d) at the beginning of a line to
signify end of file.
Your output must look like the following, for this sample case:
$ echo ^Aboo | a2p1
Char Count Frequency
--------------------------
001 1 20.00%
\n 1 20.00%
b 1 20.00%
o 2 40.00%
Note: in the above examples, and from now on in this course’s assignments, text in red is text that
the human types, and a “$" at the beginning of a line like that represents the shell prompt.
1
http://cs.acadiau.ca/~jdiamond/comp2103/assignments/General-info.html
http://cs.acadiau.ca/~jdiamond/comp2103/assignments/Pass-in-info.html
http://cs.acadiau.ca/~jdiamond/comp2103/assignments/C-coding-style-notes
Note that I entered a ^A (control-a, not the circumflex character followed by the capital A) by
typing ^V^A. The ^V tells your shell that you want it to interpret the next character literally, rather
than to use any special meani.
The document provides an overview of the Arduino programming language and hardware. It describes the basic structure of an Arduino program with setup() and loop() functions. It lists the main data types and functions for digital and analog input/output, time, math, random numbers, serial communication and more. It also provides information on libraries, the Arduino board pins and components, and compares Arduino to the Processing language.
BufferOverflow - Offensive point of ViewToe Khaing
The document discusses buffer overflow vulnerabilities from an offensive perspective. It defines buffers and how overflow occurs when more data is received than expected, overwriting other data in memory. The two main types are stack-based and heap-based overflows. Examples of each are provided, as well as how to discover and exploit such vulnerabilities through blackbox, graybox, and whitebox testing methods. Ways to avoid buffer overflows through bounds checking and use of higher-level programming languages are also mentioned.
The document summarizes secure coding practices for middleware systems presented at a technical forum. It discusses vulnerabilities found in various middleware systems like Condor, SRB, and MyProxy through static analysis. Common issues included buffer overflows, integer errors, race conditions, and lack of error handling. The presentation recommends techniques like bounds checking, error checking, and synchronization to address these issues in middleware coding.
This document discusses format string vulnerabilities, how they work, and how they differ from buffer overflows. It introduces common format string functions like printf and sprintf, and explains how format specifiers like %s and %d are passed to these functions. It notes that exploiting format strings was discovered later than buffer overflows and has resulted in fewer exploits due to being easier for programmers to detect and fix.
Static analysis tools analyze source code without executing it to detect vulnerabilities and errors. They can find issues like buffer overflows, security flaws, memory leaks and other bugs. Popular free and commercial static analysis tools for C/C++ include Flawfinder, RATS, Coverity, CodeSonar and Splint. RATS is an open source tool that scans source code for matches to vulnerability rules defined in XML databases. It produces warnings of potential issues to guide manual code inspection and improvement. However, static tools have limitations like not expanding macros and missing context, so manual review is still needed.
The document discusses Java's stream-based input/output capabilities provided by the java.io package. It describes the different types of streams like input streams, output streams, binary streams, character streams. It covers classes like InputStream, OutputStream, DataInputStream, DataOutputStream and how to read from and write to files using FileInputStream and FileOutputStream. It also discusses formatting output, accessing files and directories, and filtering stream content.
The document discusses input and output in C programming. It covers:
1) The stdin, stdout, and stderr devices that are automatically opened for input/output and some common I/O library functions that use these devices.
2) The printf function for formatted output to stdout, including format specifiers and examples.
3) The scanf function for formatted input from stdin using a similar format specifier syntax as printf. It also discusses getting input from files using redirection.
stackconf 2021 | Fuzzing: Finding Your Own Bugs and 0days!NETWAYS
The document discusses fuzzing as a technique for finding bugs and vulnerabilities in software. It covers different types of fuzzing targets like protocols, applications, and file formats. It also discusses different types of fuzzing attacks and fuzzers. The document then provides an example of using fuzzing to discover a buffer overflow vulnerability in a vulnerable application called ASX-to-MP3 Converter. It demonstrates generating an exploit payload that overwrites EIP to redirect execution to shellcode injected in the ESP register, which is used to spawn a reverse shell back to the attacker's machine.
"Why is there no artificial intelligence yet?" Or, analysis of CNTK tool kit ...PVS-Studio
Microsoft have given open access to the source code of a tool kit that is used in the company to speed up the development of artificial intelligence: Computational Network Toolkit is now available at Github. The developers had to create their own custom solution, because the existing tools did not work fast enough.
This article demonstrates capabilities of the static code analysis methodology. The readers are offered to study the samples of one hundred errors found in open-source projects in C/C++. All the errors have been found with the PVS-Studio static code analyzer.
Learning spark ch01 - Introduction to Data Analysis with Sparkphanleson
Learning spark ch01 - Introduction to Data Analysis with Spark
References to Spark Course
Course : Introduction to Big Data with Apache Spark : http://ouo.io/Mqc8L5
Course : Spark Fundamentals I : http://ouo.io/eiuoV
Course : Functional Programming Principles in Scala : http://ouo.io/rh4vv
Firewall - Network Defense in Depth Firewallsphanleson
This document discusses key concepts related to network defense in depth. It defines common terms like firewalls, DMZs, IDS, and VPNs. It also covers techniques for packet filtering, application inspection, network address translation, and virtual private networks. The goal of defense in depth is to implement multiple layers of security and not rely on any single mechanism.
This document discusses wireless security and protocols such as WEP, WPA, and 802.11i. It describes weaknesses in WEP such as vulnerabilities in the RC4 encryption algorithm that allow attacks like dictionary attacks. It introduces WPA as an improvement over WEP that uses stronger encryption keys, protocols like TKIP that change keys dynamically, and AES encryption in 802.11i as stronger alternatives. It also discusses authentication methods like 802.1X that distribute unique keys to each user to address issues with shared keys in WEP.
Authentication in wireless - Security in Wireless Protocolsphanleson
The document discusses authentication protocols for wireless devices. It begins by describing the authentication problem and some basic client-server protocols. It then introduces the challenge-response protocol which aims to prevent replay attacks by including a random number in the response. However, this protocol is still vulnerable to man-in-the-middle and reflection attacks. The document proposes improvements like including an identifier in the hashed response to prevent message manipulation attacks. Overall, the document provides an overview of authentication challenges for wireless devices and the development of challenge-response protocols to address these issues.
HBase In Action - Chapter 04: HBase table designphanleson
HBase In Action - Chapter 04: HBase table design
Learning HBase, Real-time Access to Your Big Data, Data Manipulation at Scale, Big Data, Text Mining, HBase, Deploying HBase
HBase In Action - Chapter 10 - Operationsphanleson
HBase In Action - Chapter 10: Operations
Learning HBase, Real-time Access to Your Big Data, Data Manipulation at Scale, Big Data, Text Mining, HBase, Deploying HBase
Hbase in action - Chapter 09: Deploying HBasephanleson
Hbase in action - Chapter 09: Deploying HBase
Learning HBase, Real-time Access to Your Big Data, Data Manipulation at Scale, Big Data, Text Mining, HBase, Deploying HBase
This chapter discusses Spark Streaming and provides an overview of its key concepts. It describes the architecture and abstractions in Spark Streaming including transformations on data streams. It also covers input sources, output operations, fault tolerance mechanisms, and performance considerations for Spark Streaming applications. The chapter concludes by noting how knowledge from Spark can be applied to streaming and real-time applications.
This chapter discusses Spark SQL, which allows querying Spark data with SQL. It covers initializing Spark SQL, loading data from sources like Hive, Parquet, JSON and RDDs, caching data, writing UDFs, and performance tuning. The JDBC server allows sharing cached tables and queries between programs. SchemaRDDs returned by queries or loaded from data represent the data structure that SQL queries operate on.
Learning spark ch07 - Running on a Clusterphanleson
This chapter discusses running Spark applications on a cluster. It describes Spark's runtime architecture with a driver program and executor processes. It also covers options for deploying Spark, including the standalone cluster manager, Hadoop YARN, Apache Mesos, and Amazon EC2. The chapter provides guidance on configuring resources, packaging code, and choosing a cluster manager based on needs.
This chapter introduces advanced Spark programming features such as accumulators, broadcast variables, working on a per-partition basis, piping to external programs, and numeric RDD operations. It discusses how accumulators aggregate information across partitions, broadcast variables efficiently distribute large read-only values, and how to optimize these processes. It also covers running custom code on each partition, interfacing with other programs, and built-in numeric RDD functionality. The chapter aims to expand on core Spark concepts and functionality.
Learning spark ch05 - Loading and Saving Your Dataphanleson
The document discusses various file formats and methods for loading and saving data in Spark, including text files, JSON, CSV, SequenceFiles, object files, and Hadoop input/output formats. It provides examples of loading and saving each of these file types in Python, Scala, and Java code. The examples demonstrate how to read data from files into RDDs and DataFrames and how to write RDD data out to files in the various formats.
Learning spark ch04 - Working with Key/Value Pairsphanleson
Learning spark ch04 - Working with Key/Value Pairs
Course : Introduction to Big Data with Apache Spark : http://ouo.io/Mqc8L5
Course : Spark Fundamentals I : http://ouo.io/eiuoV
Course : Functional Programming Principles in Scala : http://ouo.io/rh4vv
Learning spark ch01 - Introduction to Data Analysis with Sparkphanleson
Learning spark ch01 - Introduction to Data Analysis with Spark
References to Spark Course
Course : Introduction to Big Data with Apache Spark : http://ouo.io/Mqc8L5
Course : Spark Fundamentals I : http://ouo.io/eiuoV
Course : Functional Programming Principles in Scala : http://ouo.io/rh4vv
XML FOR DUMMIES
The document is a chapter from the book "XML for Dummies" that introduces XML. It discusses what XML is, including that it is a markup language and is flexible for exchanging data. It also examines common uses of XML such as classifying information, enforcing rules on data, and outputting information in different ways. Additionally, it clarifies what XML is not, namely that it is not just for web pages, not a database, and not a programming language. The chapter concludes by discussing how to build an XML document using editors that facilitate markup and enforce document rules.
This document discusses the differences between HTML, XML, and XHTML. It covers how XHTML combines the structure of XML with the familiar tags of HTML. Key points include:
- HTML was designed for displaying web pages, XML for data exchange, and XHTML uses HTML tags with XML syntax.
- XML allows custom tags, separates content from presentation, and is self-describing, while HTML focuses on display.
- Converting to XHTML requires following XML syntax rules like closing all tags, using empty element syntax, proper nesting, and lowercase tags and attribute quotes.
Webinar: Designing a schema for a Data WarehouseFederico Razzoli
Are you new to data warehouses (DWH)? Do you need to check whether your data warehouse follows the best practices for a good design? In both cases, this webinar is for you.
A data warehouse is a central relational database that contains all measurements about a business or an organisation. This data comes from a variety of heterogeneous data sources, which includes databases of any type that back the applications used by the company, data files exported by some applications, or APIs provided by internal or external services.
But designing a data warehouse correctly is a hard task, which requires gathering information about the business processes that need to be analysed in the first place. These processes must be translated into so-called star schemas, which means, denormalised databases where each table represents a dimension or facts.
We will discuss these topics:
- How to gather information about a business;
- Understanding dictionaries and how to identify business entities;
- Dimensions and facts;
- Setting a table granularity;
- Types of facts;
- Types of dimensions;
- Snowflakes and how to avoid them;
- Expanding existing dimensions and facts.
Main news related to the CCS TSI 2023 (2023/1695)Jakub Marek
An English 🇬🇧 translation of a presentation to the speech I gave about the main changes brought by CCS TSI 2023 at the biggest Czech conference on Communications and signalling systems on Railways, which was held in Clarion Hotel Olomouc from 7th to 9th November 2023 (konferenceszt.cz). Attended by around 500 participants and 200 on-line followers.
The original Czech 🇨🇿 version of the presentation can be found here: https://www.slideshare.net/slideshow/hlavni-novinky-souvisejici-s-ccs-tsi-2023-2023-1695/269688092 .
The videorecording (in Czech) from the presentation is available here: https://youtu.be/WzjJWm4IyPk?si=SImb06tuXGb30BEH .
Skybuffer SAM4U tool for SAP license adoptionTatiana Kojar
Manage and optimize your license adoption and consumption with SAM4U, an SAP free customer software asset management tool.
SAM4U, an SAP complimentary software asset management tool for customers, delivers a detailed and well-structured overview of license inventory and usage with a user-friendly interface. We offer a hosted, cost-effective, and performance-optimized SAM4U setup in the Skybuffer Cloud environment. You retain ownership of the system and data, while we manage the ABAP 7.58 infrastructure, ensuring fixed Total Cost of Ownership (TCO) and exceptional services through the SAP Fiori interface.
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Speck&Tech
ABSTRACT: A prima vista, un mattoncino Lego e la backdoor XZ potrebbero avere in comune il fatto di essere entrambi blocchi di costruzione, o dipendenze di progetti creativi e software. La realtà è che un mattoncino Lego e il caso della backdoor XZ hanno molto di più di tutto ciò in comune.
Partecipate alla presentazione per immergervi in una storia di interoperabilità, standard e formati aperti, per poi discutere del ruolo importante che i contributori hanno in una comunità open source sostenibile.
BIO: Sostenitrice del software libero e dei formati standard e aperti. È stata un membro attivo dei progetti Fedora e openSUSE e ha co-fondato l'Associazione LibreItalia dove è stata coinvolta in diversi eventi, migrazioni e formazione relativi a LibreOffice. In precedenza ha lavorato a migrazioni e corsi di formazione su LibreOffice per diverse amministrazioni pubbliche e privati. Da gennaio 2020 lavora in SUSE come Software Release Engineer per Uyuni e SUSE Manager e quando non segue la sua passione per i computer e per Geeko coltiva la sua curiosità per l'astronomia (da cui deriva il suo nickname deneb_alpha).
Digital Marketing Trends in 2024 | Guide for Staying AheadWask
https://www.wask.co/ebooks/digital-marketing-trends-in-2024
Feeling lost in the digital marketing whirlwind of 2024? Technology is changing, consumer habits are evolving, and staying ahead of the curve feels like a never-ending pursuit. This e-book is your compass. Dive into actionable insights to handle the complexities of modern marketing. From hyper-personalization to the power of user-generated content, learn how to build long-term relationships with your audience and unlock the secrets to success in the ever-shifting digital landscape.
Monitoring and Managing Anomaly Detection on OpenShift.pdfTosin Akinosho
Monitoring and Managing Anomaly Detection on OpenShift
Overview
Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices.
Key Topics Covered
1. Introduction to Anomaly Detection
- Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems.
2. Understanding Edge (IoT)
- Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source.
3. What is ArgoCD?
- Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices.
4. Deployment Using ArgoCD for Edge Devices
- Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD.
5. Introduction to Apache Kafka and S3
- Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions.
6. Viewing Kafka Messages in the Data Lake
- Learn how to view and analyze Kafka messages stored in a data lake for better insights.
7. What is Prometheus?
- Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices.
8. Monitoring Application Metrics with Prometheus
- Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system.
9. What is Camel K?
- Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes.
10. Configuring Camel K Integrations for Data Pipelines
- Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow.
11. What is a Jupyter Notebook?
- Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text.
12. Jupyter Notebooks with Code Examples
- Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.
Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API?
Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose?
Which one is cheapest? Which one is fastest? Which one will scale to meet our needs?
Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!
Project Management Semester Long Project - Acuityjpupo2018
Acuity is an innovative learning app designed to transform the way you engage with knowledge. Powered by AI technology, Acuity takes complex topics and distills them into concise, interactive summaries that are easy to read & understand. Whether you're exploring the depths of quantum mechanics or seeking insight into historical events, Acuity provides the key information you need without the burden of lengthy texts.
Your One-Stop Shop for Python Success: Top 10 US Python Development Providersakankshawande
Simplify your search for a reliable Python development partner! This list presents the top 10 trusted US providers offering comprehensive Python development services, ensuring your project's success from conception to completion.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
GraphRAG for Life Science to increase LLM accuracyTomaz Bratanic
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
OpenID AuthZEN Interop Read Out - AuthorizationDavid Brossard
During Identiverse 2024 and EIC 2024, members of the OpenID AuthZEN WG got together and demoed their authorization endpoints conforming to the AuthZEN API
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
Generating privacy-protected synthetic data using Secludy and MilvusZilliz
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
Introduction of Cybersecurity with OSS at Code Europe 2024Hiroshi SHIBATA
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
Building Production Ready Search Pipelines with Spark and MilvusZilliz
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
Building Production Ready Search Pipelines with Spark and Milvus
2.Format Strings
1. Course 2: Programming Issues,
Section 2
Pascal Meunier, Ph.D., M.Sc., CISSP
May 2004; updated July 30, 2004
Developed thanks to the support of Symantec Corporation,
NSF SFS Capacity Building Program (Award Number 0113725)
and the Purdue e-Enterprise Center
Copyright (2004) Purdue Research Foundation. All rights reserved.
2. Course 2 Learning Plan
Buffer Overflows
Format String Vulnerabilities
Code Injection and Input Validation
Cross-site Scripting Vulnerabilities
Links and Race Conditions
Temporary Files and Randomness
Canonicalization and Directory Traversal
3. Learning objectives
Learn that format strings are interpreted, therefore
are similar to code
Understand the definition of a format string
vulnerability
Know how they happen
Know how to format strings safely with regular "C"
functions
Learn other defenses against the exploitation of
format string vulnerabilities
4. Format String Issues: Outline
Introduction to format strings
Fundamental "C" problem
Examples
Definition
Importance
Survey of unsafe functions
Case study: analysis of cfingerd 1.4.3 vulnerabilities
Preventing format string vulnerabilities without
programming
Lab: Find and fix format string vulnerabilities
Tools to find string format issues
5. What is a Format String?
In “C”, you can print using a format string:
printf(const char *format, ...);
printf(“Mary has %d cats”, cats);
– %d specifies a decimal number (from an int)
– %s would specify a string argument,
– %X would specify an unsigned uppercase hexadecimal
(from an int)
– %f expects a double and converts it into decimal notation,
rounding as specified by a precision argument
– etc...
6. Fundamental "C" Problem
No way to count arguments passed to a "C"
function, so missing arguments are not detected
Format string is interpreted: it mixes code and data
What happens if the following code is run?
int main () {
printf("Mary has %d cats");
}
7. Result
% ./a.out
Mary has -1073742416 cats
Program reads missing arguments off the stack!
– And gets garbage (or interesting stuff if you want to probe
the stack)
8. Probing the Stack
Read values off stack
Confidentiality violations
printf(“%08X”)
x (X) is unsigned hexadecimal
0: with ‘0’ padding
8 characters wide: ‘0XAA03BF54’
4 bytes = pointer on stack, canary, etc...
9. User-specified Format String
What happens if the following code is run,
assuming there always is an argument input by a
user?
int main(int argc, char *argv[])
{
printf(argv[1]);
exit(0);
}
Try it and input "%s%s%s%s%s%s%s%s%s"
How many "%s" arguments do you need to crash
it?
10. Result
% ./a.out "%s%s%s%s%s%s%s"
Bus error
Program was terminated by OS
– Segmentation fault, bus error, etc... because the program
attempted to read where it wasn't supposed to
User input is interpreted as string format (e.g., %s,
%d, etc...)
Anything can happen, depending on input!
How would you correct the program?
11. Corrected Program
int
main(int argc, char *argv[])
{
printf(“%s”, argv[1]);
exit(0);
}
% ./a.out "%s%s%s%s%s%s%s"
%s%s%s%s%s%s%s
12. Format String Vulnerabilities
Discovered relatively recently ~2000
Limitation of “C” family languages
Versatile
– Can affect various memory locations
– Can be used to create buffer overflows
– Can be used to read the stack
Not straightforward to exploit, but examples of root
compromise scripts are available on the web
– "Modify and hack from example"
13. Definition of a Format String Vulnerability
A call to a function with a format string argument,
where the format string is either:
– Possibly under the control of an attacker
– Not followed by the appropriate number of arguments
As it is difficult to establish whether a data string
could possibly be affected by an attacker, it is
considered very bad practice to place a string to
print as the format string argument.
– Sometimes the bad practice is confused with the actual
presence of a format string vulnerability
14. How Important Are Format String
Vulnerabilities?
Search NVD (icat) for “format string”:
– 115 records in 2002
– 153 total in 2003
– 173 total in April 2004
– 363 in February 2006
Various applications
– Databases (Oracle)
– Unix services (syslog, ftp,...)
– Linux “super” (for managing setuid functions)
– cfingerd CVE-2001-0609
Arbitrary code execution is a frequent consequence
15. Functions Using Format Strings
printf - prints to"stdout" stream
fprintf - prints to stream
warn - standard error output
err - standard error output
setproctitle - sets the invoking process's title
sprintf(char *str, const char *format, ...);
– sprintf prints to a buffer
– What’s the problem with that?
16. Sprintf Double Whammy
format string AND buffer overflow issues!
Buffer and format string are usually on the stack
Buffer overflow rewrites the stack using values in
the format string
17. Better Functions Than sprintf
Note that these don't prevent format string
vulnerabilities:
– snprintf(char *str, size_t size, const char *format, ...);
sprintf with length check for "size"
– asprintf(char **ret, const char *format, ...);
sets *ret to be a pointer to a buffer sufficiently large to hold
the formatted string (note the potential memory leak).
18. Custom Functions Using Format Strings
It is possible to define custom functions taking
arguments similar to printf.
wu-ftpd 2.6.1 proto.h
– void reply(int, char *fmt,...);
– void lreply(int, char *fmt,...);
– etc...
Can produce the same kinds of vulnerabilities if an
attacker can control the format string
19. Write Anything Anywhere
"%n" format command
Writes a number to the location specified by
argument on the stack
– Argument treated as int pointer
Often either the buffer being written to, or the raw input, are
somewhere on the stack
– Attacker controls the pointer value!
– Writes the number of characters written so far
Keeps counting even if buffer size limit was reached!
“Count these characters %n”
All the gory details you don't really need to know:
– Newsham T (2000) "Format String Attacks"
20. Case Study: Cfingerd 1.4.3
Finger replacement
– Runs as root
– Pscan output: (CVE-2001-0609)
defines.h:22 SECURITY: printf call should have "%s" as
argument 0
main.c:245 SECURITY: syslog call should have "%s" as
argument 1
main.c:258 SECURITY: syslog call should have "%s" as
argument 1
standard.c:765 SECURITY: printf call should have "%s" as
argument 0
etc... (10 instances total)
– Discovery: Megyer Laszlo, a.k.a. "Lez"
21. Cfingerd Analysis
Most of these issues are not exploitable, but one is,
indirectly at that...
Algorithm (simplified):
– Receive an incoming connection
get the fingered username
– Perform an ident check (RFC 1413) to learn and log the
identity of the remote user
– Copy the remote username into a buffer
– Copy that again into "username@remote_address"
remote_address would identify attack source
– Answer the finger request
– Log it
22. Cfingerd Vulnerabilities
A string format vulnerability giving root access:
– Remote data (ident_user) is used to construct the
format string:
– snprintf(syslog_str, sizeof(syslog_str),
"%s fingered from %s",
username, ident_user
);
syslog(LOG_NOTICE, (char *) syslog_str);
An off-by-one string manipulation (buffer overflow)
vulnerability that
– prevents remote_address from being logged (useful if
attack is unsuccessful, or just to be anonymous)
– Allows ident_user to be larger (and contain shell code)
23. Cfingerd Buffer Overflow Vulnerability
memset(uname, 0, sizeof(uname));
for (xp=uname;
*cp!='0' && *cp!='r' &&
*cp!='n'
&& strlen(uname) < sizeof(uname);
cp++
)
*(xp++) = *cp;
Off-by-one string handling error
– uname is not NUL-terminated!
– because strlen doesn't count the NUL
It will stop copying when strlen goes reading off
outside the buffer
24. Direct Effect of Off-by-one Error
char buf[BUFLEN], uname[64];
"uname" and "buf" are "joined" as one string!
So, even if only 64 characters from the input are
copied into "uname", string manipulation functions
will work with "uname+buf" as a single entity
"buf" was used to read the response from the
ident server so it is the raw input
25. Consequences of Off-by-one Error
1) Remote address is not logged due to size
restriction:
snprintf(bleah, BUFLEN, "%s@%s", uname,
remote_addr);
Can keep trying various technical adjustments
(alignments, etc...) until the attack works, anonymously
2) There's enough space for format strings,
alignment characters and shell code in buf (~60
bytes for shell code):
Rooted (root compromise) when syslog call is made
i.e., cracker gains root privileges on the computer
(equivalent to LocalSystem account)
26. Preventing Format String Vulnerabilities
1) Always specify a format string
Most format string vulnerabilities are solved by specifying
"%s" as format string and not using the data string as
format string
2) If possible, make the format string a constant
Extract all the variable parts as other arguments to the call
Difficult to do with some internationalization libraries
3) If the above two practices are not possible, use
defenses such as FormatGuard (see next slides)
– Rare at design time
– Perhaps a way to keep using a legacy application and
keep costs down
– Increase trust that a third-party application will be safe
27. Windows
Demo code for format string exploit in Howard and
Leblanc (2nd Ed.)
– Same mechanisms as in UNIX-type systems
– Prevented the same way
28. Defenses Against Exploitation
FormatGuard
– Use compiler macro tricks to count arguments passed
Special header file
– Patch to glibc
Printf wrapper that counts the arguments needed by format
string and verifies against the count of arguments passed
– Kill process if mismatch
What’s the problem with that?
29. FormatGuard Limitations
What do you do if there's a mismatch in the
argument count?
– Terminate it (kill)
Not complete fix, but DoS preferable to root compromise
– If process is an important process that gets killed, Denial-
of-Service attacks are still possible
Although if you only manage to kill a "child process"
processing your own attack, there's no harm done
30. FormatGuard Limitations (Cont.)
Doesn't work when program bypasses
FormatGuard by using own printf version or library
– wu-ftpd had its own printf
– gftp used Glib library
– Side note: See how custom versions of standard
functions make retrofit solutions more difficult?
Code duplication makes patching more difficult
Secure programming is the most secure option
31. Code Scanners
Pscan searches for format string functions called
with the data string as format string
– Can also look for custom functions
Needs a helper file that can be generated automatically
– Pscan helper file generator at
http://www.cerias.purdue.edu/homes/pmeunier/dir_pscan.html
– Few false positives
http://www.striker.ottawa.on.ca/~aland/pscan/
32. gcc Options
-Wformat (man gcc)
– "Check calls to "printf" and "scanf", etc., to make sure that
the arguments supplied have types appropriate to the
format string specified, and that the conversions specified
in the format string make sense. "
– Also checks for null format arguments for several functions
-Wformat also implies -Wnonnull
-Wformat-nonliteral (man gcc)
– "If -Wformat is specified, also warn if the format string is
not a string literal and so cannot be checked, unless the
format function takes its format arguments as a "va_list"."
33. gcc Options
-Wformat-security (man gcc)
– "If -Wformat is specified, also warn about uses of format
functions that represent possible security problems. At
present, this warns about calls to "printf" and "scanf"
functions where the format string is not a string literal and
there are no format arguments, as in "printf (foo);". This
may be a security hole if the format string came from
untrusted input and contains %n. (This is currently a
subset of what -Wformat-nonliteral warns about, but in
future warnings may be added to -Wformat-security that
are not included in -Wformat-nonliteral.)"
-Wformat=2
– Equivalent to -Wformat -Wformat-nonliteral -Wformat-
security.
34. Making gcc Look for Custom Functions
Function attributes
– Keyword "__attribute__" followed by specification
– For format strings, use "__attribute__ ((format))"
– Example:
my_printf (void *my_object,
const char *my_format, ...)
__attribute__ ((format (printf, 2, 3)));
gcc can help you find functions that might benefit
from a format attribute:
– Switch: "-Wmissing-format-attribute"
– Prints "warning: function might be possible
candidate for `printf' format attribute"
when appropriate
35. Lab
Jared wrote a server program with examples of
format string vulnerabilities
– Get it from the USB keyring, web site or FTP server
(follow the instructor's directions)
Usage
– Compile with 'make vuln_server'
– Run with './vuln_server 5555'
– Open another shell window and type 'telnet localhost
5555'
– Find and fix all format string vulnerabilities
– Try the gcc switches
36. First Lab Vulnerability
What happens when you type in the string "Hello
world!"? ( it's printed back in reverse)
Type in a long string (more than 100 characters). It
should crash. Where is the buffer overflow?
Fix the buffer overflow, recompile, and
demonstrate that it doesn't crash on long input
lines any more.
Bonus: Can you get a shell?
– We didn't teach how to do that because our primary goal
is to teach how to avoid the vulnerabilities, and as this lab
demonstrates, you can do that without knowing how to
get a shell
37. Second Lab Vulnerability
1) Where is the format string problem?
2) How do you crash the program? Hint: use %s
3) How do you print the contents of memory to
divulge the secret which is 0xdeadc0de? Hint: use
%08x
4) Bonus: Can you get a shell?
40. About These Slides
You are free to copy, distribute, display, and perform the work; and
to make derivative works, under the following conditions.
– You must give the original author and other contributors credit
– The work will be used for personal or non-commercial educational uses
only, and not for commercial activities and purposes
– For any reuse or distribution, you must make clear to others the terms of
use for this work
– Derivative works must retain and be subject to the same conditions, and
contain a note identifying the new contributor(s) and date of modification
– For other uses please contact the Purdue Office of Technology
Commercialization.
Developed thanks to the support of Symantec
Corporation