CRAX stands for CRash analysis for Automatic eXploit generation. CRAX aims at generating software exploit automatically by analyzing software crashes with symbolic execution. CRAX is not only focusing on Linux/Windows applications, but also taking steps to web techniques (XSS and SQL injection) and mobile platform (Android) hacking.
CRAX stands for CRash analysis for Automatic eXploit generation. CRAX aims at generating software exploit automatically by analyzing software crashes with symbolic execution. CRAX is not only focusing on Linux/Windows applications, but also taking steps to web techniques (XSS and SQL injection) and mobile platform (Android) hacking.
When Shuttle is building as an solution provider, it need a slide to let partners understand what the future looks like.
This slide meant to be an ice breaker.
新創市場機會與價值評估2016 july Finding Fertile GroundJouston Huang
2016 July 15新北市創力坊的演講:我的IDEA有機會嗎?
2016 July 16 presentation in Inno Square, New Taipei City. The main topic is about "Finding Fertile Ground" and "Value Proposition" with real case in those eight steps.
Baab (Bug as a Backdoor) through automatic exploit generation (CRAX)Shih-Kun Huang
This paper presents a new method, capable of automatically generating attacks on binary programs from software crashes.We analyze software crashes with a symbolic failure model by performing concolic executions following the failure directed paths, using a whole system environment model and concrete address mapped symbolic memory in S2E. We propose a new selective symbolic input method and lazy evaluation on pseudo symbolic
variables to handle symbolic pointers and speed up the process. This is an end-to-end approach able to create exploits from crash inputs or existing exploits for various applications, including most of the existing benchmark programs, and several large scale applications,
such as a word processor (Microsoft office word), a media
player (mpalyer), an archiver (unrar), or a pdf reader (foxit).We can deal with vulnerability types including stack and heap overflows, format string, and the use of uninitialized variables. Notably, these applications have become software fuzz testing targets, but still require
a manual process with security knowledge to produce mitigation-hardened exploits. Using this method to generate exploits is an automated process for software failures without source code. The proposed method is simpler, more general, faster, and can be scaled to larger programs than existing systems. We produce the exploits within one minute for most of the benchmark programs, including mplayer.We also transform existing exploits of Microsoft
office word into new exploits within four minutes. The best speedup is 7,211 times faster than the initial attempt. For heap overflow vulnerability, we can automatically exploit the unlink() macro of glibc, which formerly requires sophisticated hacking efforts.
Global SDN-IP Deployment at NCTU, TaiwanFei Ji Siao
Introduction to Overview of ONOS SDN-IP at NCTU, Taiwan
Ping-Chun Huang (pichuang@cs.nctu.edu.tw)
Min-Cheng Chan (charles@onlab.us)
Prof. Bao-Shuh Paul Lin (bplin@mail.nctu.edu.tw)
Prof. Chieo-Chao Tseng (cctseng@cs.nctu.edu.tw)
Reference:
Global SDN-IP Deployment at NCTU, Taiwan https://youtu.be/a8LR1DyzGY4
ONOS Lightning Talk: Global SDN deployment powered by ONOS https://youtu.be/orI2FtyxN1I
A brief introduction on Mozilla Webmaker, from idea, tools, to community.
Check http://present.bobchao.net/presentation:mozilla-webmaker for more information, includes video clips of demo.
When Shuttle is building as an solution provider, it need a slide to let partners understand what the future looks like.
This slide meant to be an ice breaker.
新創市場機會與價值評估2016 july Finding Fertile GroundJouston Huang
2016 July 15新北市創力坊的演講:我的IDEA有機會嗎?
2016 July 16 presentation in Inno Square, New Taipei City. The main topic is about "Finding Fertile Ground" and "Value Proposition" with real case in those eight steps.
Baab (Bug as a Backdoor) through automatic exploit generation (CRAX)Shih-Kun Huang
This paper presents a new method, capable of automatically generating attacks on binary programs from software crashes.We analyze software crashes with a symbolic failure model by performing concolic executions following the failure directed paths, using a whole system environment model and concrete address mapped symbolic memory in S2E. We propose a new selective symbolic input method and lazy evaluation on pseudo symbolic
variables to handle symbolic pointers and speed up the process. This is an end-to-end approach able to create exploits from crash inputs or existing exploits for various applications, including most of the existing benchmark programs, and several large scale applications,
such as a word processor (Microsoft office word), a media
player (mpalyer), an archiver (unrar), or a pdf reader (foxit).We can deal with vulnerability types including stack and heap overflows, format string, and the use of uninitialized variables. Notably, these applications have become software fuzz testing targets, but still require
a manual process with security knowledge to produce mitigation-hardened exploits. Using this method to generate exploits is an automated process for software failures without source code. The proposed method is simpler, more general, faster, and can be scaled to larger programs than existing systems. We produce the exploits within one minute for most of the benchmark programs, including mplayer.We also transform existing exploits of Microsoft
office word into new exploits within four minutes. The best speedup is 7,211 times faster than the initial attempt. For heap overflow vulnerability, we can automatically exploit the unlink() macro of glibc, which formerly requires sophisticated hacking efforts.
Global SDN-IP Deployment at NCTU, TaiwanFei Ji Siao
Introduction to Overview of ONOS SDN-IP at NCTU, Taiwan
Ping-Chun Huang (pichuang@cs.nctu.edu.tw)
Min-Cheng Chan (charles@onlab.us)
Prof. Bao-Shuh Paul Lin (bplin@mail.nctu.edu.tw)
Prof. Chieo-Chao Tseng (cctseng@cs.nctu.edu.tw)
Reference:
Global SDN-IP Deployment at NCTU, Taiwan https://youtu.be/a8LR1DyzGY4
ONOS Lightning Talk: Global SDN deployment powered by ONOS https://youtu.be/orI2FtyxN1I
A brief introduction on Mozilla Webmaker, from idea, tools, to community.
Check http://present.bobchao.net/presentation:mozilla-webmaker for more information, includes video clips of demo.
數據分析的世界,最重要的能力是能問對問題(確認分析目的),再來才是探討如何用數據解決它。數據分析工具眾多,能應用的產品也不少,但主要關鍵指標一通百通。
本次分享將從何謂網站分析開始,介紹分析主要會使用的關鍵指標,並進行基本數據判讀。適合有 Google Analytics 帳號,但卻不知道如何將關鍵指標與日常營運結合的非營利組織朋友,快來一起進入數據分析的世界吧!
Similar to 給 FLOSS 社群網站管理志工的網站分析入門 - 以 Google Analytics 為例 (20)
39. 事件設定模式
類別 操作 標籤
Movie Play Can't Touch This
Movie Play 鋼鐵人電視購物
Movie Play Hello 甄嬛
Movie Play-CTT
Movie Play-IRON
Movie Play-HelloZH
Movie-1 Play Can't Touch This
Movie-2 Play 鋼鐵人電視購物
Movie-3 Play Hello 甄嬛