FORECAST: Fast Generation of Accurate Context-Aware Signatures of Control-Hijacking Attacks
•Download as PPT, PDF•
0 likes•308 views
The document summarizes FORECAST, a system that can automatically generate accurate context-aware signatures for control-hijacking attacks from a single instance. FORECAST instruments programs to log all memory updates, allowing it to identify control and data dependencies at runtime. When an attack is detected, the memory update log is used to generate a signature representing each attack packet as a regular expression. FORECAST was tested on several network services and able to generate accurate signatures within seconds.
Report
Share
Report
Share
![Alexey Smirnov, Huijia Lin, and Tzi-cker Chiueh Experimental Computer Systems Lab, Department of Computer Science, SUNY Stony Brook FORECAST: Fast Generation of Accurate Context-Aware Signatures of Control-Hijacking Attacks Contact Information ECSL Lab at SUNY Stony Brook: http://www.ecsl.cs.sunysb.edu E-mail: {alexey,lhj,chiueh}@cs.sunysb.edu Evaluation Test suite: named — a DNS daemon from BIND 8.1 program ghttpd — an HTTP server drcatd — a remote cat program squid – web caching daemon passlogd – syslog sniffer. Instrumentation Overheads: Signatures Evaluation: named signature ghttpd signature FORECAST System Architecture FORCAST compiler is an extension to GNU C Compiler. FORECAST run-time library has functions for attack detection, packet identification, and signature generation. The main idea is to log each memory update that a program performs at run-time in a memory updates log. At compile time , FORECAST instruments the program so that it can generate log records and detect an attack. At run-time , the instrumented program generates memory updates log records and uses this information when an attack is detected. ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],FTP Sever Example A vulnerable FTP server code Memory updates log Saved return address is in buf[17] FTP server GET multi-packet attack Signature char buf [ 16 ]; Is_auth = is_user =0; // user not authenticated initially while (1) { recv_packet( p ); if (! strncmp ( p , “QUIT”,4)) break ; if (! strncmp ( p , “USER”, 4)) { is_user =1; continue ; } if (! strncmp ( p , “PASS”, 4) && is_user ) { is_auth =1; continue ; } if (! is_auth ) continue ; // authentication required if (! strncmp ( p , “GET”, 3)) { strcpy ( buf , p+4 ); // overflow occurs send_file( buf ); } } Attack Detection Most control-hijacking attacks modify a control sensitive data structure in the victim program, for example a return address. The attacker gets control when the function returns. At the function prolog, the return address is stored in the return address repository. At the function epilog, the return address on the stack is compared with the value stored in the return address repository. If they are different then an attack is detected. Control and Data Dependencies A data dependency is created between variable X and Y when X=Y is executed. A control dependency is created between X and Y when Y defines X’s value using a conditional expression: if (Y>1) X=1; else X=2. For each conditional and loop expression FORECAST inserts a special log record . Memory updates log allows to identify control and data dependencies. Using data dependencies only is insufficient, for example for an FTP server that requires authentication. Memory Updates Logging Memory updates log record: For assignment statement X = Y, For X = Y + Z, an entry is created for each operand. Standard library functions are proxied: recv(socket, &buf, sizeof(buf), 0) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]](https://image.slidesharecdn.com/forecastposter-091113083520-phpapp01/85/FORECAST-Fast-Generation-of-Accurate-Context-Aware-Signatures-of-Control-Hijacking-Attacks-1-320.jpg)
Recommended
GEM - GNU C Compiler Extensions Framework
GCC is a widely used open source compiler. It consists of frontends for languages like C and C++ and backends that generate code for different CPU architectures. The GCC Extensibility Made Easy (GEM) framework allows dynamically loading modules to extend GCC functionality. Examples include adding new language features, improving security, and facilitating operating system development.
DUSK - Develop at Userland Install into Kernel
DUSK is a framework that allows kernel modules to be developed at the user level by compiling them into a user-level program while still maintaining the performance of running in the kernel. It uses helper functions to connect the user-level component to the kernel-level component, allowing things like debugging and testing to be done at the user level. DUSK supports Netfilter modules initially and aims to provide an easier development process for kernel modules.
grsecurity and PaX
In this talk, Gil Yankovitch discusses the PaX patch for the Linux kernel, focusing on memory manager changes and security mechanisms for memory allocations, reads, writes from user/kernel space and ASLR.
GCC, GNU compiler collection
GCC is a widely used open source compiler system developed by the GNU Project. It compiles C, C++, Java, Fortran and other languages. GCC has undergone major changes to its structure since 2005, including the addition of GENERIC and GIMPLE intermediate representations between the front end and back end. The front end parses source code into ASTs, then GIMPLE trees are optimized through many passes in the middle end before being converted to RTL for the back end code generation.
不深不淺,帶你認識 LLVM (Found LLVM in your life)
如果你問我什麼是LLVM,我會想說它是 Compiler 界的 iPhone,當年會做手機的公司這麼多,偏偏 Apple 這個後來者不但居上,還引領手機概念的風潮。LLVM 也正是這個角色,我們的生活愈來愈多產品的開發都與 LLVM 息息相關。它不只「炫」還很「屌」,這幾年 Apple, Google, Microsoft 一個個開始都有大型專案使用到 LLVM,在領域面只要與編譯器有相關從Machine Learning, RISC-V, JVM, Virtual Machine, Blockchain 都運用了 LLVM,科技進步成這樣了,你還能不知道什麼是 LLVM 嗎!
GCC LTO
The document describes the GCC Link Time Optimization (LTO) compilation process. It shows how GCC and the linker communicate via a transfer vector in the liblto_plugin.so library. GCC generates LTO objects and passes symbol information to the linker. The lto-wrapper driver then performs the LTO and code generation steps, outputting new object files for the linker to incorporate into the final executable.
08 - Return Oriented Programming, the chosen one
Return oriented programming (ROP) allows an attacker to bypass address space layout randomization (ASLR) and data execution prevention (DEP). It works by identifying small "gadgets" in a program's code that end with a return instruction. These gadgets can be stitched together to perform operations or redirect execution flow. First, gadgets are found in the program using tools like ROPeMe or objdump. Useful gadgets include those that load registers from memory or call functions indirectly. The gadgets can then be chained to build ROP payloads that copy shellcode into memory and pivot the stack to execute it.
C Under Linux
This document provides an overview of the C programming language under Linux, covering preprocessing, compiling, assembling, linking, libraries, and related tools. It discusses:
1. The four main steps of preprocessing, compiling, assembling, and linking using GNU tools like cpp, cc1, as, and collect2.
2. How to display symbol tables using nm and strip symbols from executables.
3. Creating static libraries with ar and ranlib and linking them, as well as creating shared libraries with gcc and soname.
4. The roles of environment variables like LIBRARY_PATH and LD_LIBRARY_PATH in locating libraries.
Recommended
GEM - GNU C Compiler Extensions Framework
GCC is a widely used open source compiler. It consists of frontends for languages like C and C++ and backends that generate code for different CPU architectures. The GCC Extensibility Made Easy (GEM) framework allows dynamically loading modules to extend GCC functionality. Examples include adding new language features, improving security, and facilitating operating system development.
DUSK - Develop at Userland Install into Kernel
DUSK is a framework that allows kernel modules to be developed at the user level by compiling them into a user-level program while still maintaining the performance of running in the kernel. It uses helper functions to connect the user-level component to the kernel-level component, allowing things like debugging and testing to be done at the user level. DUSK supports Netfilter modules initially and aims to provide an easier development process for kernel modules.
grsecurity and PaX
In this talk, Gil Yankovitch discusses the PaX patch for the Linux kernel, focusing on memory manager changes and security mechanisms for memory allocations, reads, writes from user/kernel space and ASLR.
GCC, GNU compiler collection
GCC is a widely used open source compiler system developed by the GNU Project. It compiles C, C++, Java, Fortran and other languages. GCC has undergone major changes to its structure since 2005, including the addition of GENERIC and GIMPLE intermediate representations between the front end and back end. The front end parses source code into ASTs, then GIMPLE trees are optimized through many passes in the middle end before being converted to RTL for the back end code generation.
不深不淺,帶你認識 LLVM (Found LLVM in your life)
如果你問我什麼是LLVM,我會想說它是 Compiler 界的 iPhone,當年會做手機的公司這麼多,偏偏 Apple 這個後來者不但居上,還引領手機概念的風潮。LLVM 也正是這個角色,我們的生活愈來愈多產品的開發都與 LLVM 息息相關。它不只「炫」還很「屌」,這幾年 Apple, Google, Microsoft 一個個開始都有大型專案使用到 LLVM,在領域面只要與編譯器有相關從Machine Learning, RISC-V, JVM, Virtual Machine, Blockchain 都運用了 LLVM,科技進步成這樣了,你還能不知道什麼是 LLVM 嗎!
GCC LTO
The document describes the GCC Link Time Optimization (LTO) compilation process. It shows how GCC and the linker communicate via a transfer vector in the liblto_plugin.so library. GCC generates LTO objects and passes symbol information to the linker. The lto-wrapper driver then performs the LTO and code generation steps, outputting new object files for the linker to incorporate into the final executable.
08 - Return Oriented Programming, the chosen one
Return oriented programming (ROP) allows an attacker to bypass address space layout randomization (ASLR) and data execution prevention (DEP). It works by identifying small "gadgets" in a program's code that end with a return instruction. These gadgets can be stitched together to perform operations or redirect execution flow. First, gadgets are found in the program using tools like ROPeMe or objdump. Useful gadgets include those that load registers from memory or call functions indirectly. The gadgets can then be chained to build ROP payloads that copy shellcode into memory and pivot the stack to execute it.
C Under Linux
This document provides an overview of the C programming language under Linux, covering preprocessing, compiling, assembling, linking, libraries, and related tools. It discusses:
1. The four main steps of preprocessing, compiling, assembling, and linking using GNU tools like cpp, cc1, as, and collect2.
2. How to display symbol tables using nm and strip symbols from executables.
3. Creating static libraries with ar and ranlib and linking them, as well as creating shared libraries with gcc and soname.
4. The roles of environment variables like LIBRARY_PATH and LD_LIBRARY_PATH in locating libraries.
Instruction Combine in LLVM
Introduction to instruction combine in LLVM, including instcombine optimization pass, DAGCombine, and MachineCombiner.
First session quiz
The document contains a quiz on C programming concepts for embedded systems with 7 questions and their answers. It discusses key topics like:
1) The compiler translates C code to machine code like AVR assembly. Compiling has steps like preprocessing, compilation, assembly, and linking.
2) A native compiler compiles for the current machine, while a cross compiler compiles for another machine.
3) Libraries provide reusable functions through header and implementation files, and can call functions from other libraries.
It also notes that C is well-suited for embedded systems due to direct memory access, portability across compilers, and ability to generate assembly for microcontrollers.
CNIT 127 Ch 2: Stack overflows on Linux
Slides for a college course at City College San Francisco. Based on "The Shellcoder's Handbook: Discovering and Exploiting Security Holes ", by Chris Anley, John Heasman, Felix Lindner, Gerardo Richarte; ASIN: B004P5O38Q.
Instructor: Sam Bowne
Class website: https://samsclass.info/127/127_S18.shtml
Specialized Compiler for Hash Cracking
This document describes john-devkit, an experiment to generate optimized C code for hash cracking algorithms in John the Ripper. It aims to separate algorithms, optimizations, and device-specific code to improve performance and scalability. Early results show speed improvements for some formats over John the Ripper's default implementation. The document discusses optimizations like interleaving, vectorization, and early reject that can be applied to any algorithm without effort. It also describes the intermediate language and optimizations specific to password cracking used by john-devkit to generate optimized output code.
ocelot
The document describes several passes that are performed by PTXOptimizer to optimize PTX code for GPU execution. The passes include subkernel formation, barrier removal, register allocation, and MIMD thread scheduling. The goals of the passes are to reduce kernel loading time, reduce thread waiting at barriers, increase data sharing between threads, and enable more parallel thread execution.
[COSCUP 2021] A trip about how I contribute to LLVM
Douglas Chen presented on his contributions to LLVM. He discussed his motivation with CppNameLint and Clang-Tidy projects. He covered the workflows for Phabricator code reviews, building and testing code, and provided tips for contributors. He shared moments from his experience like design changes, invalid options, and how clang-tidy and tests work. He emphasized reading documentation and discussing with reviewers when facing issues.
Matlab isim link
This document outlines how to simulate Verilog modules within MATLAB. It describes using Xilinx ISIM to generate a simulation executable from a module and testbench. A MATLAB function called runverilogmodule allows running the simulation executable and interfacing module inputs/outputs with MATLAB. An example short circuit module is provided to demonstrate the workflow, including a MATLAB wrapper function, Verilog testbench, and module code.
Unit 1
The document discusses several POSIX feature test macros like _POSIX_JOB_CONTROL and _POSIX_SAVED_IDS. It explains that these macros define whether a system supports features like job control and each process saving UID and GID. It also discusses using sysconf(), pathconf() and fpathconf() to check runtime limits and configuration values set by these macros.
TLPI - 6 Process
Each process has a unique process ID and maintains its parent's ID. A process's virtual memory is divided into segments like the stack and heap. When a program runs, its command-line arguments and environment are passed via argc/argv and the environ list. The setjmp() and longjmp() functions allow non-local jumps between functions, but their use should be avoided due to restrictions and compiler optimizations that can affect variable values.
Unix processes
1. A C program starts when the kernel calls a special startup routine which sets up arguments and calls the main function.
2. A process can terminate normally by returning from main, calling exit or _exit, or abnormally by signals or calling abort. exit performs cleanup while _exit returns immediately.
3. The kernel supports processes through a process table, region table, and per-process data structures. A process contains text, data, stack segments and open file descriptors.
Machine Trace Metrics
1. The document describes methods for computing trace metrics like instruction depth, height, and critical path length for basic blocks. It involves analyzing data dependencies between instructions within and across blocks to determine earliest issue cycles while traversing the trace in postorder and inverse postorder.
2. Key steps include finding the best predecessor and successor blocks for each block, computing depth and height values bottom-up and top-down based on dependency latencies, and tracking register liveness across blocks to determine the overall critical path.
How Functions Work
A function is a reusable block of code that can be called from different parts of a program. Functions accept parameters as input and may return a value. When a function is called, its parameters and local variables are stored on the stack. Each function call creates a stack frame that contains its parameters, local variables, and return address. This allows functions to maintain separate variable scopes while sharing the call stack.
Operating Systems - A Primer
The document provides an introduction to operating systems and key concepts such as processes, virtual memory, and multitasking. It discusses how the CPU uses registers to perform computations and access memory. It explains that an operating system allows multiple programs to run simultaneously through time-slicing and context-switching between processes. Each process has its own virtual address space and sees its own "virtual machine" presented by the operating system.
GCC
The document summarizes the passes of the GCC compiler from parsing to code generation. It begins with parsing the source code into an AST, followed by converting the AST to GIMPLE intermediate representation and performing optimizations like constant propagation, copy propagation and dead code elimination on the GIMPLE. Control flow graphs are constructed and optimizations are performed with SSA form. RTL is generated from GIMPLE and undergoes register allocation and instruction selection before assembly code generation. Example dumps of different passes are shown.
How it's made: C++ compilers (GCC)
GCC compilers use several stages to compile C/C++ code into executable programs:
1. The preprocessor handles #include, #define, and other preprocessor directives.
2. The front-end parses the code into an abstract syntax tree (AST) and performs type checking and semantic analysis.
3. The middle-end converts the AST into the GIMPLE intermediate representation and performs optimizations like dead code elimination and constant propagation before generating register transfer language (RTL).
4. The back-end selects target-specific instructions, allocates registers, schedules instructions, and outputs assembly code, which is then linked together with other object files by the linker into a final executable.
Productive OpenCL Programming An Introduction to OpenCL Libraries with Array...
Productive OpenCL Programming An Introduction to OpenCL Libraries with Array...AMD Developer Central
This document provides an overview of OpenCL libraries for GPU programming. It discusses specialized GPU libraries like clFFT for fast Fourier transforms and Random123 for random number generation. It also covers general GPU libraries like Bolt, OpenCV, and ArrayFire. ArrayFire is highlighted as it provides a flexible array data structure and hundreds of parallel functions across domains like image processing, machine learning, and linear algebra. It supports JIT compilation and data-parallel constructs like GFOR to improve performance.GCC Compiler as a Performance Testing tool for C programs
This paper introduces you to GCC Compiler as a Performance testing tool. GCC Compiler has never been used before as a Performance Testing, but in this paper we’ll be discussing various points on how this can be implemented based on the objective of a Performance testing.
In performance testing, we don’t focus on the bugs in the code that we are testing, but its purpose being of removing the bottlenecks in the codes by taking under consideration parameters like CPU time, memory usage, Speed, Stability, scalability and so on.
To achieve this, we have used the GCC optimization options; different levels of optimization are also discussed as well as a comparative study between manual testing and automatic testing (by using Unix/Linux commands).
GNU Compiler Collection - August 2005
GCC (GNU Compiler Collection) is a fundamental piece of software that allows compilation of C, C++ and other languages. It is crucial to the free and open source software movement. GCC consists of components like cc1 (C compiler), cc1plus (C++ compiler), and others. Developers can use GCC along with a text editor to compile programs from multiple files by using Make. GCC provides debugging tools like GDB and supports compilation on multiple platforms.
Code gpu with cuda - CUDA introduction
CUDA (Compute Unified Device Architecture) is a parallel computing platform that allows developers to leverage GPUs for general purpose processing. CUDA defines a programming model where kernels, which represent tasks for threads, are executed across a grid of thread blocks. Each thread has its own registers and local memory, while threads within a block can cooperate via shared memory. Kernels access global memory across the entire grid and are used to offload work from CPUs to GPUs, with the host code managing data transfers and kernel execution.
GCC compiler
This document provides an overview of the GCC compiler, including its history and development by Richard Stallman as part of the GNU project in 1984. It describes how GCC can be used to compile C and C++ code and supports cross-compiling for different architectures. The document outlines several common GCC options such as -c to compile only, -o to specify an output file name, -g to include debugging information, -Wall to show warnings, and -ansi to ensure standard compliance.
DIRA: Automatic Detection, Identification, and Repair of Controll-Hijacking a...
DIRA is a compile-time solution that provides automatic detection, identification, and repair of control-hijacking attacks. It uses memory updates logging to maintain a runtime log of all changes to a program's memory state. This log is used to detect attacks by checking for changes to control pointers, identify attacks by tracing data back to its source, and repair attacks by restoring memory states from pre-images in the log.
MacOS forensics and anti-forensics (DC Lviv 2019) presentation
MacOS forensics and anti-forensics (DC Lviv 2019) presentation. Prepared specially for DC38032. Prepared by Oleh Levytskyi (https://twitter.com/LeOleg97)
More Related Content
What's hot
Instruction Combine in LLVM
Introduction to instruction combine in LLVM, including instcombine optimization pass, DAGCombine, and MachineCombiner.
First session quiz
The document contains a quiz on C programming concepts for embedded systems with 7 questions and their answers. It discusses key topics like:
1) The compiler translates C code to machine code like AVR assembly. Compiling has steps like preprocessing, compilation, assembly, and linking.
2) A native compiler compiles for the current machine, while a cross compiler compiles for another machine.
3) Libraries provide reusable functions through header and implementation files, and can call functions from other libraries.
It also notes that C is well-suited for embedded systems due to direct memory access, portability across compilers, and ability to generate assembly for microcontrollers.
CNIT 127 Ch 2: Stack overflows on Linux
Slides for a college course at City College San Francisco. Based on "The Shellcoder's Handbook: Discovering and Exploiting Security Holes ", by Chris Anley, John Heasman, Felix Lindner, Gerardo Richarte; ASIN: B004P5O38Q.
Instructor: Sam Bowne
Class website: https://samsclass.info/127/127_S18.shtml
Specialized Compiler for Hash Cracking
This document describes john-devkit, an experiment to generate optimized C code for hash cracking algorithms in John the Ripper. It aims to separate algorithms, optimizations, and device-specific code to improve performance and scalability. Early results show speed improvements for some formats over John the Ripper's default implementation. The document discusses optimizations like interleaving, vectorization, and early reject that can be applied to any algorithm without effort. It also describes the intermediate language and optimizations specific to password cracking used by john-devkit to generate optimized output code.
ocelot
The document describes several passes that are performed by PTXOptimizer to optimize PTX code for GPU execution. The passes include subkernel formation, barrier removal, register allocation, and MIMD thread scheduling. The goals of the passes are to reduce kernel loading time, reduce thread waiting at barriers, increase data sharing between threads, and enable more parallel thread execution.
[COSCUP 2021] A trip about how I contribute to LLVM
Douglas Chen presented on his contributions to LLVM. He discussed his motivation with CppNameLint and Clang-Tidy projects. He covered the workflows for Phabricator code reviews, building and testing code, and provided tips for contributors. He shared moments from his experience like design changes, invalid options, and how clang-tidy and tests work. He emphasized reading documentation and discussing with reviewers when facing issues.
Matlab isim link
This document outlines how to simulate Verilog modules within MATLAB. It describes using Xilinx ISIM to generate a simulation executable from a module and testbench. A MATLAB function called runverilogmodule allows running the simulation executable and interfacing module inputs/outputs with MATLAB. An example short circuit module is provided to demonstrate the workflow, including a MATLAB wrapper function, Verilog testbench, and module code.
Unit 1
The document discusses several POSIX feature test macros like _POSIX_JOB_CONTROL and _POSIX_SAVED_IDS. It explains that these macros define whether a system supports features like job control and each process saving UID and GID. It also discusses using sysconf(), pathconf() and fpathconf() to check runtime limits and configuration values set by these macros.
TLPI - 6 Process
Each process has a unique process ID and maintains its parent's ID. A process's virtual memory is divided into segments like the stack and heap. When a program runs, its command-line arguments and environment are passed via argc/argv and the environ list. The setjmp() and longjmp() functions allow non-local jumps between functions, but their use should be avoided due to restrictions and compiler optimizations that can affect variable values.
Unix processes
1. A C program starts when the kernel calls a special startup routine which sets up arguments and calls the main function.
2. A process can terminate normally by returning from main, calling exit or _exit, or abnormally by signals or calling abort. exit performs cleanup while _exit returns immediately.
3. The kernel supports processes through a process table, region table, and per-process data structures. A process contains text, data, stack segments and open file descriptors.
Machine Trace Metrics
1. The document describes methods for computing trace metrics like instruction depth, height, and critical path length for basic blocks. It involves analyzing data dependencies between instructions within and across blocks to determine earliest issue cycles while traversing the trace in postorder and inverse postorder.
2. Key steps include finding the best predecessor and successor blocks for each block, computing depth and height values bottom-up and top-down based on dependency latencies, and tracking register liveness across blocks to determine the overall critical path.
How Functions Work
A function is a reusable block of code that can be called from different parts of a program. Functions accept parameters as input and may return a value. When a function is called, its parameters and local variables are stored on the stack. Each function call creates a stack frame that contains its parameters, local variables, and return address. This allows functions to maintain separate variable scopes while sharing the call stack.
Operating Systems - A Primer
The document provides an introduction to operating systems and key concepts such as processes, virtual memory, and multitasking. It discusses how the CPU uses registers to perform computations and access memory. It explains that an operating system allows multiple programs to run simultaneously through time-slicing and context-switching between processes. Each process has its own virtual address space and sees its own "virtual machine" presented by the operating system.
GCC
The document summarizes the passes of the GCC compiler from parsing to code generation. It begins with parsing the source code into an AST, followed by converting the AST to GIMPLE intermediate representation and performing optimizations like constant propagation, copy propagation and dead code elimination on the GIMPLE. Control flow graphs are constructed and optimizations are performed with SSA form. RTL is generated from GIMPLE and undergoes register allocation and instruction selection before assembly code generation. Example dumps of different passes are shown.
How it's made: C++ compilers (GCC)
GCC compilers use several stages to compile C/C++ code into executable programs:
1. The preprocessor handles #include, #define, and other preprocessor directives.
2. The front-end parses the code into an abstract syntax tree (AST) and performs type checking and semantic analysis.
3. The middle-end converts the AST into the GIMPLE intermediate representation and performs optimizations like dead code elimination and constant propagation before generating register transfer language (RTL).
4. The back-end selects target-specific instructions, allocates registers, schedules instructions, and outputs assembly code, which is then linked together with other object files by the linker into a final executable.
Productive OpenCL Programming An Introduction to OpenCL Libraries with Array...
Productive OpenCL Programming An Introduction to OpenCL Libraries with Array...AMD Developer Central
This document provides an overview of OpenCL libraries for GPU programming. It discusses specialized GPU libraries like clFFT for fast Fourier transforms and Random123 for random number generation. It also covers general GPU libraries like Bolt, OpenCV, and ArrayFire. ArrayFire is highlighted as it provides a flexible array data structure and hundreds of parallel functions across domains like image processing, machine learning, and linear algebra. It supports JIT compilation and data-parallel constructs like GFOR to improve performance.GCC Compiler as a Performance Testing tool for C programs
This paper introduces you to GCC Compiler as a Performance testing tool. GCC Compiler has never been used before as a Performance Testing, but in this paper we’ll be discussing various points on how this can be implemented based on the objective of a Performance testing.
In performance testing, we don’t focus on the bugs in the code that we are testing, but its purpose being of removing the bottlenecks in the codes by taking under consideration parameters like CPU time, memory usage, Speed, Stability, scalability and so on.
To achieve this, we have used the GCC optimization options; different levels of optimization are also discussed as well as a comparative study between manual testing and automatic testing (by using Unix/Linux commands).
GNU Compiler Collection - August 2005
GCC (GNU Compiler Collection) is a fundamental piece of software that allows compilation of C, C++ and other languages. It is crucial to the free and open source software movement. GCC consists of components like cc1 (C compiler), cc1plus (C++ compiler), and others. Developers can use GCC along with a text editor to compile programs from multiple files by using Make. GCC provides debugging tools like GDB and supports compilation on multiple platforms.
Code gpu with cuda - CUDA introduction
CUDA (Compute Unified Device Architecture) is a parallel computing platform that allows developers to leverage GPUs for general purpose processing. CUDA defines a programming model where kernels, which represent tasks for threads, are executed across a grid of thread blocks. Each thread has its own registers and local memory, while threads within a block can cooperate via shared memory. Kernels access global memory across the entire grid and are used to offload work from CPUs to GPUs, with the host code managing data transfers and kernel execution.
GCC compiler
This document provides an overview of the GCC compiler, including its history and development by Richard Stallman as part of the GNU project in 1984. It describes how GCC can be used to compile C and C++ code and supports cross-compiling for different architectures. The document outlines several common GCC options such as -c to compile only, -o to specify an output file name, -g to include debugging information, -Wall to show warnings, and -ansi to ensure standard compliance.
What's hot (20)
[COSCUP 2021] A trip about how I contribute to LLVM
[COSCUP 2021] A trip about how I contribute to LLVM
Productive OpenCL Programming An Introduction to OpenCL Libraries with Array...
Productive OpenCL Programming An Introduction to OpenCL Libraries with Array...
GCC Compiler as a Performance Testing tool for C programs
GCC Compiler as a Performance Testing tool for C programs
Similar to FORECAST: Fast Generation of Accurate Context-Aware Signatures of Control-Hijacking Attacks
DIRA: Automatic Detection, Identification, and Repair of Controll-Hijacking a...
DIRA is a compile-time solution that provides automatic detection, identification, and repair of control-hijacking attacks. It uses memory updates logging to maintain a runtime log of all changes to a program's memory state. This log is used to detect attacks by checking for changes to control pointers, identify attacks by tracing data back to its source, and repair attacks by restoring memory states from pre-images in the log.
MacOS forensics and anti-forensics (DC Lviv 2019) presentation
MacOS forensics and anti-forensics (DC Lviv 2019) presentation. Prepared specially for DC38032. Prepared by Oleh Levytskyi (https://twitter.com/LeOleg97)
Ngrep commands
ngrep is a network packet sniffer that allows filtering and matching regular expressions against TCP/IP and other protocols at the data link layer. It can be used to debug plaintext protocols, analyze anomalous network activity, and for security/hacking purposes. The document provides examples of ngrep commands and output, demonstrating how it can be used to inspect HTTP headers, filter traffic, and view output in both ASCII and hexadecimal formats.
Unix And Shell Scripting
The document provides an overview of Unix and shell scripting. It discusses the history and architecture of Unix operating systems. It then covers various Unix commands and utilities for file management, processes, communication, and system administration. Finally, it describes the basics of shell scripting including variables, conditional statements, loops, and here documents.
MPI
MPI is a language-independent communications protocol used to program parallel computers. It allows processes to communicate and synchronize through point-to-point and collective communication primitives. The document discusses how to install MPI on Linux clusters, describes common MPI functions for communication (e.g. MPI_Send, MPI_Recv) and collective operations (e.g. MPI_Bcast, MPI_Reduce). It also provides an example MPI program to demonstrate basic point-to-point communication between two processes.
Tutorial of SF-TAP Flow Abstractor
This is a tutorial for implementing application level traffic analyzer by using SF-TAP flow abstractor.
http://sf-tap.github.io/
https://github.com/SF-TAP/
https://github.com/SF-TAP/flow-abstractor
https://www.usenix.org/conference/lisa15/conference-program/presentation/takano
http://ytakano.github.io/
Hunting for APT in network logs workshop presentation
Nonamecon 2021 presentation.
Network logs are one of the most efficient sources to hunt adversaries, but building good analytics capabilities require a deep understanding of benign activity and attacker behavior. This training focuses on detecting real-case attacks, tools and scenarios by the past year.
The training is highly interactive and retains a good balance between theory and a lot of hands-on exercises for the students to get used to the detection engineering methodology and prepare them to start implementing this at their organizations.
Presentation topics:
- Netflow Mitre Matrix view
- Full packet captures vs Netflow
- Zeek
- Zeek packages
- RDP initial comprometation
- Empire Powershell and CobaltStrike or what to expect after initial loader execution.
- Empire powershell initial connection
- Beaconing. RITA
- Scanning detection
- Internal enumeration detection
- Lateral movement techniques widely used
- Kerberos attacks
- PSExec and fileless ways of delivering payloads in the network
- Zerologon detection
- Data exfiltration
- Data exfiltration over C2 channel
- Data exfiltration using time size limits (data chunks)
- DNS exfiltration
- Detecting ransomware in your network
- Real incident investigation
Authors:
Oleh Levytskyi (https://twitter.com/LeOleg97)
Bogdan Vennyk (https://twitter.com/bogdanvennyk)
Linux 系統程式--第一章 i/o 函式
The document discusses Linux low-level I/O routines including system calls for file manipulation such as open(), read(), write(), close(), and ioctl(). It describes how files are represented in UNIX as sequences of bytes and different file types. It also covers the standard C I/O library functions, file descriptors, blocking vs non-blocking I/O, and other system calls related to file I/O like ftruncate(), lseek(), dup2(), and fstat(). Examples of code using these system calls are provided.
What`s new in Java 7
New features in:
1. Java programming language
2. Java I/O
3. Concurrency
4. Swing
5. Networking
6. Security
7. Collections
8. RIA
9. Java 2D
10. JDBC 4.1
11. JVM
12. java.lang package
13. Java XML
14. I18N
Operating system concepts
An operating system acts as an intermediary between the user and computer hardware, managing resources and allowing programs to perform tasks. It provides functions like process management, memory management, storage management, and protection via system calls and APIs. A program makes system calls to perform tasks like opening and reading from files, while APIs provide portability across operating systems. System calls interface directly with the kernel to manage hardware, while APIs call system calls through library functions.
Creating Great REST and gRPC API Experiences (in Swift)
Protocol Buffers are a language-neutral, platform-neutral mechanism for serializing structured data. They can be used to define interfaces for APIs and exchange data between systems. Protocol Buffers include a data definition language to define message types, a serialization format to encode structured data in a compact binary form, and code generation plugins to generate data access code in multiple languages. Protocol Buffers provide a flexible and efficient method for serializing structured data for storage or network transmission.
Buffer overflow
Buffer overflows occur when a program writes more data to a buffer than it is configured to hold. This can overwrite adjacent memory and compromise the program. Common types of buffer overflows include stack overflows, heap overflows, and format string vulnerabilities. Buffer overflows have been exploited by major computer worms to spread, including the Morris worm in 1988 and the SQL Slammer worm in 2003. Techniques like canaries can help detect buffer overflows by placing check values between buffers and control data. Programming best practices like bounds checking and safe string functions can prevent buffer overflows.
1-Information sharing 2-Computation speedup3-Modularity4-.docx
1-Information sharing
2-Computation speedup
3-Modularity
4-Convenience
5-allows exchanged data and informations
Two IPC Models
1. Shared memory- is an OS provided abstraction which allows a memory region to be simultaneously accessed by multiple programs with an intent to provide communication among them. One process will create an area in RAM which other processes can accessed
2. Message passing - is a form of communication used in interprocess communication. Communication is made by the sending of messages to recipients. Each process should be able to name the other processes. The producer typically uses send() system call to send messages, and the consumer uses receive()system call to receive messages
Shared memory
Faster than message passing
After establishing shared memory, treated as routine memory accesses
Message passing
Useful for exchanging smaller amounts of data
Easy to implement, but more time-consuming task of kernel intervention
Bounded-Buffer Problem Producer Process
do {
...
produce an item in nextp
...
wait(empty);
wait(mutex);
...
add nextp to buffer
...
signal(mutex);
signal(full);
} while (true);
Bounded-Buffer Problem Consumer Process
do {
wait(full);
wait(mutex);
...
remove an item from buffer to nextc
...
signal(mutex);
signal(empty);
...
consume the item in nextc
...
} while (true);
client-server model, the client sends out requests to the server, and the server does some processing with the request(s) received, and returns a reply (or replies)to the client.
Since Socket can be described as end-points for communication. we could imagine the client and server hosts being connected by a pipe through which data-flow takes place.
1-sockets use a client-server while Server waits for incoming client requests by listening to a specified port.
2-After receiving a request, the server accepts a connection from the client socket to complete the connection
3-then Remote procedure call (RPC) abstracts procedure call mechanism for use between systems with network connections
4-and pipes acts as a conduit allowing two processes to communicate
A process is different than a program
- Program is static code and static data
- Process is Dynamic instance of code and data
-Program becomes process when executable file loaded into memory
No one-to-one mapping between programs and processes
-can have multiple processes of the same program
-one program can invoke multiple process
Execution of program started via GUI mouse clicks and command line entry of its name
The process state transition
As a process executes, The process is being created, then The process is waiting to be assigned to a processor therefore, Instructions are being executed then The process is waiting for some event to occur,thereafter The process has finished exec ...
C library for input output operations.cstdio.(stdio.h)
The cstdio library provides functions for input/output operations in C and C++ programs. It uses streams as an abstraction to interact uniformly with physical devices like keyboards, printers, and files. Streams have properties like access type, buffering, and indicators for errors and end of file. Common functions include fopen to open files, fgetc to read characters, fputs to write strings, and fclose to close files. Standard streams stdin, stdout, and stderr are predefined for input, output, and errors respectively.
Dc 12 Chiueh
The document introduces Program Semantics-Aware Intrusion Detection (PAID), a host-based intrusion prevention system that uses compiler techniques to automatically generate an accurate system call policy for applications. It extracts system call sites, ordering, and arguments from source code to build a finite state automaton for checks. PAID can prevent control hijacking attacks and mimicry attacks by checking system call ordering, sites of entry, and return addresses on the stack. It incurs low performance overhead of around 5% for most applications.
Dive into exploit development
The document provides an introduction to exploit development. It discusses preparing a virtual lab with tools like Immunity Debugger, Mona.py, pvefindaddr.py and Metasploit. It covers basic buffer overflow exploitation techniques like overwriting EIP and using RETURN oriented programming. The document demonstrates a basic stack-based buffer overflow exploit against the FreeFloat FTP server as a tutorial, covering steps like generating a cyclic pattern, finding the offset and using mona to find a JMP ESP instruction to redirect execution. It also discusses using msfpayload to generate Windows bind shellcode and msfencode to escape bad characters before testing the proof of concept exploit.
Backtrack Manual Part6
The document discusses various tools and interfaces available in the Metasploit framework. It describes the purpose of tools like msfconsole, msfcli, msfrpcd, msfd, msfencode and msfpayload which can be used for tasks like exploitation, payload generation, encoding and interacting with the framework remotely. It also provides usage examples and basic syntax for many of these tools.
project_docs
The document describes an automated tool called ipsnapshoter that detects misconfigured HTTP services. It scans IP addresses and ports, uses Nmap to find available hosts, takes screenshots of server responses using EyeWitness, and publishes results in an HTML report. The tool is designed to help security testers identify vulnerabilities by visually exploring misconfigurations before malicious actors. It is written in Python and uses libraries like Nmap, EyeWitness, and a simple HTTP server to efficiently scan thousands of addresses and generate consolidated reports.
Unit5 C
The document discusses various C programming concepts like typedef, bitfields, enumeration, file I/O, text files vs binary files. typedef allows defining a new name for an already defined datatype. Bitfields allow packing structure members efficiently using bits. Enumeration defines a set of named integer constants. File I/O functions like fopen, fclose, fread, fwrite are used to read and write data to files. Text files contain human readable characters while binary files store data as bytes.
Reverse shell
A shell is a user interface for accessing an operating system's services, either through a command-line interface or graphical user interface. A bind shell opens a listener port on the target machine and waits for an incoming connection from the attacker. A reverse shell is when the target machine connects back to the attacking machine. Netcat and PowerShell can be used to create bind and reverse shells for command execution on remote systems. Examples show how netcat can be used to establish each type of shell connection between an attacker and victim machine.
Similar to FORECAST: Fast Generation of Accurate Context-Aware Signatures of Control-Hijacking Attacks (20)
DIRA: Automatic Detection, Identification, and Repair of Controll-Hijacking a...
DIRA: Automatic Detection, Identification, and Repair of Controll-Hijacking a...
MacOS forensics and anti-forensics (DC Lviv 2019) presentation
MacOS forensics and anti-forensics (DC Lviv 2019) presentation
Hunting for APT in network logs workshop presentation
Hunting for APT in network logs workshop presentation
Creating Great REST and gRPC API Experiences (in Swift)
Creating Great REST and gRPC API Experiences (in Swift)
1-Information sharing 2-Computation speedup3-Modularity4-.docx
1-Information sharing 2-Computation speedup3-Modularity4-.docx
C library for input output operations.cstdio.(stdio.h)
C library for input output operations.cstdio.(stdio.h)
Recently uploaded
Climate Impact of Software Testing at Nordic Testing Days
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
National Security Agency - NSA mobile device best practices
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
20240607 QFM018 Elixir Reading List May 2024
Everything I found interesting about the Elixir programming ecosystem in May 2024
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
ABSTRACT: A prima vista, un mattoncino Lego e la backdoor XZ potrebbero avere in comune il fatto di essere entrambi blocchi di costruzione, o dipendenze di progetti creativi e software. La realtà è che un mattoncino Lego e il caso della backdoor XZ hanno molto di più di tutto ciò in comune.
Partecipate alla presentazione per immergervi in una storia di interoperabilità, standard e formati aperti, per poi discutere del ruolo importante che i contributori hanno in una comunità open source sostenibile.
BIO: Sostenitrice del software libero e dei formati standard e aperti. È stata un membro attivo dei progetti Fedora e openSUSE e ha co-fondato l'Associazione LibreItalia dove è stata coinvolta in diversi eventi, migrazioni e formazione relativi a LibreOffice. In precedenza ha lavorato a migrazioni e corsi di formazione su LibreOffice per diverse amministrazioni pubbliche e privati. Da gennaio 2020 lavora in SUSE come Software Release Engineer per Uyuni e SUSE Manager e quando non segue la sua passione per i computer e per Geeko coltiva la sua curiosità per l'astronomia (da cui deriva il suo nickname deneb_alpha).
Removing Uninteresting Bytes in Software Fuzzing
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Best 20 SEO Techniques To Improve Website Visibility In SERP
Boost your website's visibility with proven SEO techniques! Our latest blog dives into essential strategies to enhance your online presence, increase traffic, and rank higher on search engines. From keyword optimization to quality content creation, learn how to make your site stand out in the crowded digital landscape. Discover actionable tips and expert insights to elevate your SEO game.
Infrastructure Challenges in Scaling RAG with Custom AI models
Building Retrieval-Augmented Generation (RAG) systems with open-source and custom AI models is a complex task. This talk explores the challenges in productionizing RAG systems, including retrieval performance, response synthesis, and evaluation. We’ll discuss how to leverage open-source models like text embeddings, language models, and custom fine-tuned models to enhance RAG performance. Additionally, we’ll cover how BentoML can help orchestrate and scale these AI components efficiently, ensuring seamless deployment and management of RAG systems in the cloud.
Artificial Intelligence for XMLDevelopment
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
20240605 QFM017 Machine Intelligence Reading List May 2024
Everything I found interesting about machines behaving intelligently during May 2024
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
Imagine a world where machines not only perform tasks but also learn, adapt, and make decisions. This is the promise of Artificial Intelligence (AI), a technology that's not just enhancing our lives but revolutionizing entire industries.
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
How to Get CNIC Information System with Paksim Ga.pptx
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Mind map of terminologies used in context of Generative AI
Mind map of common terms used in context of Generative AI.
Microsoft - Power Platform_G.Aspiotis.pdf
Revolutionizing Application Development
with AI-powered low-code, presentation by George Aspiotis, Sr. Partner Development Manager, Microsoft
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Video Streaming: Then, Now, and in the Future
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
Recently uploaded (20)
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
Infrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI models
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy