This document provides an overview of GRAPE, a generative fuzzer developed by Fourteenforty Research Institute. GRAPE can fuzz packets, files, and higher-level interactions. It handles stateful protocols by incorporating responses into future test cases. Fuzzing scenarios in GRAPE are defined using rules written in a YAML-like syntax. Rules specify how to generate malformed inputs. GRAPE monitors for crashes and unexpected behavior during fuzzing tests. The document includes examples of how GRAPE rules define packet structures and handle responses.
This document provides an overview of how to find vulnerabilities in software. It discusses different types of vulnerabilities, why vulnerabilities must be found, and techniques for finding vulnerabilities like superficial analysis, internal analysis, and fuzzing. The document also provides examples of how vulnerabilities have been found through source code auditing, including a case study of a buffer overflow vulnerability discovered in the VLC media player through analyzing its MMS streaming code.
Buffer overflow attacks can exploit vulnerabilities in C library functions like strcpy() that do not perform bounds checking on buffers. By passing in a string longer than the buffer size, an attacker can overwrite adjacent memory, such as the return address on the stack, allowing them to execute arbitrary code. Defenses include using type-safe languages, marking the stack as non-executable, static source code analysis, and runtime checks.
The document discusses PHP streams. It defines a stream as a resource that exhibits a flow or succession of data. A wrapper tells a stream how to handle specific protocols and encodings. A context is a set of parameters and options that tell a stream or filter how to behave. Common built-in PHP streams include file, http, and ftp streams. Filters perform operations on stream data and can be used to modify stream contents.
Buffer overflows occur when more data is written to a buffer than it was designed to hold, corrupting the call stack. This can allow arbitrary code execution or modification of return addresses. Developers should use safe string functions, validate user input, grant least privileges, and use compiler tools to help prevent buffer overflows. Reporting vulnerabilities and keeping up to date on security bulletins is also important.
Buffer overflows occur when a program allows user input that exceeds the maximum buffer size, overflowing into adjacent memory and potentially altering the program flow. This is a common security issue that has been exploited in many worms. Proper bounds checking on all buffers and techniques like StackGuard and static analysis can help prevent buffer overflows. Other memory corruption issues also exist, such as format string vulnerabilities and integer overflows.
Buffer overflows occur when a program writes more data to a buffer than it is configured to hold. This can overwrite adjacent memory and compromise the program. Common types of buffer overflows include stack overflows, heap overflows, and format string vulnerabilities. Buffer overflows have been exploited by major computer worms to spread, including the Morris worm in 1988 and the SQL Slammer worm in 2003. Techniques like canaries can help detect buffer overflows by placing check values between buffers and control data. Programming best practices like bounds checking and safe string functions can prevent buffer overflows.
The document provides an introduction to Python programming. It discusses installing and running Python, basic Python syntax like variables, data types, conditionals, and functions. It emphasizes that Python uses references rather than copying values, so assigning one variable to another causes both to refer to the same object.
This document discusses buffer overflow attacks. It begins with an introduction that defines a buffer overflow and examples like the Morris worm. It then explains how buffer overflows work by corrupting the stack and overwriting return addresses. Methods for implementing buffer overflows using Metasploit and injecting shellcode are provided. Countermeasures like stack canaries and bounds checking are described. The document concludes that while defenses have improved, legacy systems remain vulnerable and buffer overflows remain a problem.
This document provides an overview of how to find vulnerabilities in software. It discusses different types of vulnerabilities, why vulnerabilities must be found, and techniques for finding vulnerabilities like superficial analysis, internal analysis, and fuzzing. The document also provides examples of how vulnerabilities have been found through source code auditing, including a case study of a buffer overflow vulnerability discovered in the VLC media player through analyzing its MMS streaming code.
Buffer overflow attacks can exploit vulnerabilities in C library functions like strcpy() that do not perform bounds checking on buffers. By passing in a string longer than the buffer size, an attacker can overwrite adjacent memory, such as the return address on the stack, allowing them to execute arbitrary code. Defenses include using type-safe languages, marking the stack as non-executable, static source code analysis, and runtime checks.
The document discusses PHP streams. It defines a stream as a resource that exhibits a flow or succession of data. A wrapper tells a stream how to handle specific protocols and encodings. A context is a set of parameters and options that tell a stream or filter how to behave. Common built-in PHP streams include file, http, and ftp streams. Filters perform operations on stream data and can be used to modify stream contents.
Buffer overflows occur when more data is written to a buffer than it was designed to hold, corrupting the call stack. This can allow arbitrary code execution or modification of return addresses. Developers should use safe string functions, validate user input, grant least privileges, and use compiler tools to help prevent buffer overflows. Reporting vulnerabilities and keeping up to date on security bulletins is also important.
Buffer overflows occur when a program allows user input that exceeds the maximum buffer size, overflowing into adjacent memory and potentially altering the program flow. This is a common security issue that has been exploited in many worms. Proper bounds checking on all buffers and techniques like StackGuard and static analysis can help prevent buffer overflows. Other memory corruption issues also exist, such as format string vulnerabilities and integer overflows.
Buffer overflows occur when a program writes more data to a buffer than it is configured to hold. This can overwrite adjacent memory and compromise the program. Common types of buffer overflows include stack overflows, heap overflows, and format string vulnerabilities. Buffer overflows have been exploited by major computer worms to spread, including the Morris worm in 1988 and the SQL Slammer worm in 2003. Techniques like canaries can help detect buffer overflows by placing check values between buffers and control data. Programming best practices like bounds checking and safe string functions can prevent buffer overflows.
The document provides an introduction to Python programming. It discusses installing and running Python, basic Python syntax like variables, data types, conditionals, and functions. It emphasizes that Python uses references rather than copying values, so assigning one variable to another causes both to refer to the same object.
This document discusses buffer overflow attacks. It begins with an introduction that defines a buffer overflow and examples like the Morris worm. It then explains how buffer overflows work by corrupting the stack and overwriting return addresses. Methods for implementing buffer overflows using Metasploit and injecting shellcode are provided. Countermeasures like stack canaries and bounds checking are described. The document concludes that while defenses have improved, legacy systems remain vulnerable and buffer overflows remain a problem.
Python is an interpreted, object-oriented programming language created by Guido van Rossum in 1990. It has a clear, readable syntax and is designed to be highly extensible. Python code is often much shorter than equivalent code in other languages like C++ or Java due to features like indentation-based blocks and dynamic typing. It is used for web development, scientific computing, and more.
Python Foundation – A programmer's introduction to Python concepts & styleKevlin Henney
This document provides an overview of a Python Foundation course that introduces Python concepts and programming style. The course covers Python history and culture, multi-paradigm programming in Python including procedural, modular, scripting, object-oriented and functional styles. It also covers Python syntax, logic and flow control, built-in data types, classes and objects. The course includes coding experiments, programming labs and homework assignments.
This document discusses text mining techniques in R, including importing text, working with strings, regular expressions, for loops, and preprocessing text. It provides examples of functions like readLines(), grep(), gsub(), strsplit(), and for loops. It also covers topics like tokenization, stemming, stopword removal, and bag-of-words representations for text analysis.
Introduction to Python Pandas for Data AnalyticsPhoenix
Pandas is an open-source, BSD-licensed Python library providing high-performance, easy-to-use data structures and data analysis tools for the Python programming language. Python with Pandas is used in a wide range of fields including academic and commercial domains including finance, economics, Statistics, analytics, medical...
“What should I work on next?” Code metrics can help you answer that question. They can single out sections of your code that are likely to contain bugs. They can help you get a toehold on a legacy system that’s poorly covered by tests.
A for loop is probably the most common type of loop in Python. A for loop will select items from any iterable. In Python an iterable is any container (list, tuple, set, dictionary), as well as many other important objects such as generator function, generator expressions, the results of builtin functions such as filter, map, range and many other items.
Kernel Recipes 2019 - GNU poke, an extensible editor for structured binary dataAnne Nicolas
GNU poke is a new interactive editor for binary data. Not limited to editing basic ntities such as bits and bytes, it provides a full-fledged procedural, interactive programming language designed to describe data structures and to operate on them. Once a user has defined a structure for binary data (usually matching some file format) she can search, inspect, create, shuffle and modify abstract entities such as ELF relocations, MP3 tags, DWARF expressions, partition table entries, and so on, with primitives resembling simple editing of bits and bytes. The program comes with a library of already written descriptions (or “pickles” in poke parlance) for many binary formats.
GNU poke is useful in many domains. It is very well suited to aid in the development of programs that operate on binary files, such as assemblers and linkers. This was in fact the primary inspiration that brought me to write it: easily injecting flaws into ELF files in order to reproduce toolchain bugs. Also, due to its flexibility, poke is also very useful for reverse engineering, where the real structure of the data being edited is discovered by experiment, interactively. It is also good for the fast development of prototypes for programs like linkers, compressors or filters, and it provides a convenient foundation to write other utilities such as diff and patch tools for binary files.
This talk (unlike Gaul) is divided into four parts. First I will introduce the program and show what it does: from simple bits/bytes editing to user-defined structures. Then I will show some of the internals, and how poke is implemented. The third block will cover the way of using Poke to describe user data, which is to say the art of writing “pickles”. The presentation ends with a status of the project, a call for hackers, and a hint at future works.
Jose E. Marchesi
An overview of functional programming in Python, introduction to exceptions.
(C) Sumitava Mukherjee
[smukh@cognobytes.com/ smukh@cbcs.ac.in
URL: http://people.cognobytes.com/smukh]
At a previous JRubyConf, we talked about Thnad, a fictional programming language. Thnad served as a vehicle to explore the joy of building a compiler using JRuby, BiteScript, Parslet, and other tools. Now, Thnad is back with a second runtime: Rubinius. Come see the Rubinius environment through JRuby eyes. Together, we'll see how to grapple with multiple instruction sets and juggle contexts without going cross-eyed.
This document provides examples and explanations of rules options and techniques used in Snort intrusion detection rules. It begins with an introduction and overview of the topics to be covered. It then provides examples of rules that detect buffer overflows, protocol decoding, and the Kaminsky DNS cache poisoning bug. For each rule example, it breaks down the rule components and explains what each option is doing. It also provides additional explanations and examples for specific rule options like content, isdataat, byte_test, byte_jump, and PCRE. The document aims to explain both common and non-obvious uses of rule options through examples of real Snort rules.
The document provides hints and solutions for various levels of a CTF (capture the flag) competition. It includes 7 sections with 5 levels each related to topics like trivia, cryptography, programming, web exploitation, reverse engineering, log analysis, and forensics. For each level, it describes the challenge, any provided hints, analysis of clues, and the final flag solution. The author encourages readers to try solving the challenges independently before reviewing the writeup.
The document discusses Python interview questions and answers related to Python fundamentals like data types, variables, functions, objects and classes. Some key points include:
- Python is an interpreted, interactive and object-oriented programming language. It uses indentation to identify code blocks rather than brackets.
- Python supports dynamic typing where the type is determined at runtime. It is strongly typed meaning operations inappropriate for a type will fail with an exception.
- Common data types include lists (mutable), tuples (immutable), dictionaries, strings and numbers.
- Functions use def, parameters are passed by reference, and variables can be local or global scope.
- Classes use inheritance, polymorphism and encapsulation to create
The PyConTW (http://tw.pycon.org) organizer wishes to improve the quality and quantity of the programming cummunities in Taiwan. Though Python is their core tool and methodology, they know it's worth to learn and communicate with wide-ranging communities. Understanding cultures and ecosystem of a language takes me about three to six months. This six-hour course wraps up what I - an experienced Java developer - have learned from Python ecosystem and the agenda of the past PyConTW.
你可以在以下鏈結找到中文內容:
http://www.codedata.com.tw/python/python-tutorial-the-1st-class-1-preface
The speaker discussed the benefits of type hints in Python. Type hints allow specifying the expected types of function parameters and return values, improving code readability, enabling code completion in editors, and allowing static type checking tools to analyze the code for type errors. The speaker demonstrated how to write type hints according to PEP 484 and PEP 526 standards and how to retrieve type information. Tools like Mypy were presented for doing static type analysis to catch errors. Using type hints and type checkers in continuous integration was recommended to catch errors early when collaborating on projects. The speaker concluded by explaining how using type hints made it easier for their team to port code from Python 2 to Python 3.
JRuby, Not Just For Hard-Headed Pragmatists AnymoreErin Dees
JRuby bills itself as the pragmatic Ruby, the go-to implementation when you need to fit into the Java universe or support a ton of platforms.
Who knew it was also a tool for having fun exploring the realms of computer science?
This document discusses automatically detecting package clones and inferring security vulnerabilities. It proposes using statistical classification techniques to identify cloned code between software packages. Features like common filenames, hashes, and fuzzy content would be used for classification. Packages found to share code could then be checked against known vulnerabilities to see if any vulnerabilities may affect the cloned code. The approach aims to scale the analysis to thousands of packages and help identify vulnerabilities in packages with cloned code that may not otherwise be tracked.
This document summarizes a talk given by Ian Dees on writing your own JVM compiler. The talk discusses three main reasons why someone may want to write their own compiler: a hardware background, a computer science background, or following a self-made path of learning computer science topics. It then previews the fictional Thnad programming language that will be used to demonstrate creating a compiler. The talk outlines the main stages of creating a compiler: parsing, transforming, and emitting bytecode. Various Ruby tools like Parslet and BiteScript that will be used are also introduced.
Python is an interpreted, object-oriented programming language created by Guido van Rossum in 1990. It has a clear, readable syntax and is designed to be highly extensible. Python code is often much shorter than equivalent code in other languages like C++ or Java due to features like indentation-based blocks and dynamic typing. It is used for web development, scientific computing, and more.
Python Foundation – A programmer's introduction to Python concepts & styleKevlin Henney
This document provides an overview of a Python Foundation course that introduces Python concepts and programming style. The course covers Python history and culture, multi-paradigm programming in Python including procedural, modular, scripting, object-oriented and functional styles. It also covers Python syntax, logic and flow control, built-in data types, classes and objects. The course includes coding experiments, programming labs and homework assignments.
This document discusses text mining techniques in R, including importing text, working with strings, regular expressions, for loops, and preprocessing text. It provides examples of functions like readLines(), grep(), gsub(), strsplit(), and for loops. It also covers topics like tokenization, stemming, stopword removal, and bag-of-words representations for text analysis.
Introduction to Python Pandas for Data AnalyticsPhoenix
Pandas is an open-source, BSD-licensed Python library providing high-performance, easy-to-use data structures and data analysis tools for the Python programming language. Python with Pandas is used in a wide range of fields including academic and commercial domains including finance, economics, Statistics, analytics, medical...
“What should I work on next?” Code metrics can help you answer that question. They can single out sections of your code that are likely to contain bugs. They can help you get a toehold on a legacy system that’s poorly covered by tests.
A for loop is probably the most common type of loop in Python. A for loop will select items from any iterable. In Python an iterable is any container (list, tuple, set, dictionary), as well as many other important objects such as generator function, generator expressions, the results of builtin functions such as filter, map, range and many other items.
Kernel Recipes 2019 - GNU poke, an extensible editor for structured binary dataAnne Nicolas
GNU poke is a new interactive editor for binary data. Not limited to editing basic ntities such as bits and bytes, it provides a full-fledged procedural, interactive programming language designed to describe data structures and to operate on them. Once a user has defined a structure for binary data (usually matching some file format) she can search, inspect, create, shuffle and modify abstract entities such as ELF relocations, MP3 tags, DWARF expressions, partition table entries, and so on, with primitives resembling simple editing of bits and bytes. The program comes with a library of already written descriptions (or “pickles” in poke parlance) for many binary formats.
GNU poke is useful in many domains. It is very well suited to aid in the development of programs that operate on binary files, such as assemblers and linkers. This was in fact the primary inspiration that brought me to write it: easily injecting flaws into ELF files in order to reproduce toolchain bugs. Also, due to its flexibility, poke is also very useful for reverse engineering, where the real structure of the data being edited is discovered by experiment, interactively. It is also good for the fast development of prototypes for programs like linkers, compressors or filters, and it provides a convenient foundation to write other utilities such as diff and patch tools for binary files.
This talk (unlike Gaul) is divided into four parts. First I will introduce the program and show what it does: from simple bits/bytes editing to user-defined structures. Then I will show some of the internals, and how poke is implemented. The third block will cover the way of using Poke to describe user data, which is to say the art of writing “pickles”. The presentation ends with a status of the project, a call for hackers, and a hint at future works.
Jose E. Marchesi
An overview of functional programming in Python, introduction to exceptions.
(C) Sumitava Mukherjee
[smukh@cognobytes.com/ smukh@cbcs.ac.in
URL: http://people.cognobytes.com/smukh]
At a previous JRubyConf, we talked about Thnad, a fictional programming language. Thnad served as a vehicle to explore the joy of building a compiler using JRuby, BiteScript, Parslet, and other tools. Now, Thnad is back with a second runtime: Rubinius. Come see the Rubinius environment through JRuby eyes. Together, we'll see how to grapple with multiple instruction sets and juggle contexts without going cross-eyed.
This document provides examples and explanations of rules options and techniques used in Snort intrusion detection rules. It begins with an introduction and overview of the topics to be covered. It then provides examples of rules that detect buffer overflows, protocol decoding, and the Kaminsky DNS cache poisoning bug. For each rule example, it breaks down the rule components and explains what each option is doing. It also provides additional explanations and examples for specific rule options like content, isdataat, byte_test, byte_jump, and PCRE. The document aims to explain both common and non-obvious uses of rule options through examples of real Snort rules.
The document provides hints and solutions for various levels of a CTF (capture the flag) competition. It includes 7 sections with 5 levels each related to topics like trivia, cryptography, programming, web exploitation, reverse engineering, log analysis, and forensics. For each level, it describes the challenge, any provided hints, analysis of clues, and the final flag solution. The author encourages readers to try solving the challenges independently before reviewing the writeup.
The document discusses Python interview questions and answers related to Python fundamentals like data types, variables, functions, objects and classes. Some key points include:
- Python is an interpreted, interactive and object-oriented programming language. It uses indentation to identify code blocks rather than brackets.
- Python supports dynamic typing where the type is determined at runtime. It is strongly typed meaning operations inappropriate for a type will fail with an exception.
- Common data types include lists (mutable), tuples (immutable), dictionaries, strings and numbers.
- Functions use def, parameters are passed by reference, and variables can be local or global scope.
- Classes use inheritance, polymorphism and encapsulation to create
The PyConTW (http://tw.pycon.org) organizer wishes to improve the quality and quantity of the programming cummunities in Taiwan. Though Python is their core tool and methodology, they know it's worth to learn and communicate with wide-ranging communities. Understanding cultures and ecosystem of a language takes me about three to six months. This six-hour course wraps up what I - an experienced Java developer - have learned from Python ecosystem and the agenda of the past PyConTW.
你可以在以下鏈結找到中文內容:
http://www.codedata.com.tw/python/python-tutorial-the-1st-class-1-preface
The speaker discussed the benefits of type hints in Python. Type hints allow specifying the expected types of function parameters and return values, improving code readability, enabling code completion in editors, and allowing static type checking tools to analyze the code for type errors. The speaker demonstrated how to write type hints according to PEP 484 and PEP 526 standards and how to retrieve type information. Tools like Mypy were presented for doing static type analysis to catch errors. Using type hints and type checkers in continuous integration was recommended to catch errors early when collaborating on projects. The speaker concluded by explaining how using type hints made it easier for their team to port code from Python 2 to Python 3.
JRuby, Not Just For Hard-Headed Pragmatists AnymoreErin Dees
JRuby bills itself as the pragmatic Ruby, the go-to implementation when you need to fit into the Java universe or support a ton of platforms.
Who knew it was also a tool for having fun exploring the realms of computer science?
This document discusses automatically detecting package clones and inferring security vulnerabilities. It proposes using statistical classification techniques to identify cloned code between software packages. Features like common filenames, hashes, and fuzzy content would be used for classification. Packages found to share code could then be checked against known vulnerabilities to see if any vulnerabilities may affect the cloned code. The approach aims to scale the analysis to thousands of packages and help identify vulnerabilities in packages with cloned code that may not otherwise be tracked.
This document summarizes a talk given by Ian Dees on writing your own JVM compiler. The talk discusses three main reasons why someone may want to write their own compiler: a hardware background, a computer science background, or following a self-made path of learning computer science topics. It then previews the fictional Thnad programming language that will be used to demonstrate creating a compiler. The talk outlines the main stages of creating a compiler: parsing, transforming, and emitting bytecode. Various Ruby tools like Parslet and BiteScript that will be used are also introduced.
Black Hat USA 2016 Survey Report (FFRI Monthly Research 2016.8)FFRI, Inc.
• About Black Hat USA
• Hot Research
• Vehicle
– CANSPY: A Platform For Auditing CAN Devices
– Advanced CAN Injection Techniques For Vehicle Networks
– Can You Trust Autonomous Vehicles: Contactless Attacks against Sensors of Self-driving Vehicle
• IoT
– Into The Core – In-Depth Exploration of Windows 10 IoT Core
– GATTAttacking Bluetooth Smart Devices
– Introducing A New BLE Proxy Tool
– GreatFET: Making GoodFET Great Again
• Conclusions
• References
An Example of use the Threat Modeling Tool (FFRI Monthly Research Nov 2016)FFRI, Inc.
• About threat analysis support tool
• Examples of tools
• Analysis target system
• Analysis result
– How to read result
– Overview of threats
• Effective usage
– About template
– Additional definition of threat information
• Conclusions
• References
The document provides biographies and background information on two cyber threat hunters, Teymur Kheirkhabarov and Sergey Soldatov. It then discusses the process of cyber threat hunting, including collecting log and system event data from endpoints, analyzing that data using tools like Yara and Cuckoo Sandbox, and manually investigating anomalies through iterative hypothesis testing to detect advanced threats. Examples are given of how threat hunters traced back the steps of an attacker who compromised a system by injecting code into the LSASS process and establishing persistence via a scheduled task. The document emphasizes that threat hunting requires both machine analysis of large datasets as well as human reasoning to uncover sophisticated threats that evade other security solutions.
This document summarizes integrating the OpenNMS network monitoring platform with modern configuration management tools like Puppet. It discusses using Puppet to provision and automatically configure nodes in OpenNMS from Puppet's configuration data. The authors provide code for pulling node data from Puppet's REST API and generating an XML file for OpenNMS to import the nodes and their configuration. They also discuss opportunities to further improve the integration by developing a Java object model for Puppet's YAML output and filtering imports based on node attributes.
This document provides an introduction to Java programming. It discusses what computer science and programming are, and introduces basic Java concepts like classes, methods, and print statements. It also covers data types, variables, operators, and control structures that allow programmers to write algorithms and programs. The document uses examples like simple print programs and a cookie baking algorithm to demonstrate core Java programming concepts.
Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program to detect bugs. Coverage-guided fuzzing uses genetic algorithms to generate inputs that maximize code coverage. It is effective at finding security bugs like overflows, memory errors, and crashes. The presenter demonstrates finding 13 bugs in Boost regex in 30 minutes using libFuzzer. Fuzzing is widely used at Google to test critical software like browsers, libraries, and the Linux kernel due to its ability to find many bugs without requiring test cases.
Writing and using php streams and sockets tek11Elizabeth Smith
Streams provide a generic way to access input and output in PHP and were originally introduced in the 1950s as a standard way to handle input/output. PHP implements streams using wrappers that tell streams how to handle specific protocols and encodings, and filters that can transform stream data. Common stream wrappers in PHP include file, http, ftp, and php streams for interacting with system inputs and outputs.
BioMake is a language for specifying build networks of interdependent computational tasks. It allows defining targets with logical patterns that represent tasks. Targets have dependencies on other targets and are built by running actions. This allows automating sequencing analysis pipelines by specifying the execution of tasks like formatting databases and running BLAST alignments in a declarative way.
1. The Fletcher Framework provides a standardized way to integrate FPGAs into heterogeneous computing systems using the Apache Arrow in-memory data format.
2. Arrow avoids serialization overhead by using a standardized columnar format that allows for efficient data movement and hardware interfacing.
3. Fletcher generates hardware interfaces from Arrow schemas and provides runtime interfaces for languages like C++ and Python to accelerate algorithms on FPGAs using the Arrow data format.
This document discusses Automatic Test Packet Generation (ATPG), which automatically generates test packets to check the health and functionality of a network. It aims to detect common network failures like hardware failures, software bugs, reachability issues, and performance degradation. The ATPG system works by performing reachability analysis to determine all possible packet flows, generating a minimum set of test packets to exercise the entire rule set, and using the results to localize any faults by eliminating passing rules and identifying broken ones. Implementing ATPG could provide more efficient network testing than current tools like ping and traceroute, helping reduce downtime and costs associated with network outages.
This document provides an introduction to Java programming concepts such as data types, variables, operators, input/output, control flow, methods, and classes. It explains what computer science and programming are, gives examples of basic Java programs using print statements, and discusses programming fundamentals like program structure, naming conventions, comments, and static methods. Methods are introduced as a way to organize code and eliminate redundancy. Overall, the document orients the reader to fundamental Java programming concepts.
The document discusses practical incident response in heterogeneous environments and overcoming limitations of traditional approaches. It proposes utilizing intelligence-driven investigation and actionable IOCs to more flexibly shape the triage process across different operating systems. Examples are provided of using software fingerprinting and debugging symbols to attribute malware and build structured knowledge bases of attackers.
This is part 1 of fuzzing, an introduction to the subject. This presentation covers some of theory and thought process behind the subject, as well as an introduction to environment variable fuzzing and file format fuzzing.
Regex Considered Harmful: Use Rosie Pattern Language InsteadAll Things Open
The document discusses using the Rosie Pattern Language (RPL) instead of regular expressions for parsing log and data files. RPL aims to address issues with regex like readability, maintainability, and performance. It describes how RPL is designed like a programming language with common patterns. RPL patterns are loaded into the Rosie Pattern Engine which can parse files and annotate text with semantic tags.
A Java Implementer's Guide to Better Apache Spark PerformanceTim Ellison
This document discusses techniques for improving the performance of Apache Spark applications. It describes optimizing the Java virtual machine by enhancing the just-in-time compiler, improving the object serializer, enabling faster I/O using technologies like RDMA networking and CAPI flash storage, and offloading tasks to graphics processors. The document provides examples of code style guidelines and specific Spark optimizations that further improve performance, such as leveraging hardware accelerators and tuning JVM heuristics.
These slides contain an introduction to Symbolic execution and an introduction to KLEE.
I made this for a small demo/intro for my research group's meeting.
This document provides an overview of advanced socket programming concepts including socket options, POSIX name and address conversion functions like getaddrinfo() and getnameinfo(), out-of-band data, and signal driven I/O. It describes common socket options, their uses, and functions for getting and setting option values. It also summarizes POSIX replacement functions for hostname lookups and discusses how out-of-band data can be used to send high priority messages and when SIGIO signals may be generated.
The document discusses process management in operating systems. It covers process concepts like process states, process control blocks (PCBs), and process scheduling. It also covers operations on processes like creation using fork() and exec(), and inter-process communication mechanisms like pipes, shared memory, message queues, semaphores, signals, and FIFOs. Key process management functions like fork(), exec(), wait(), signal(), and alarm() are explained.
This document provides information about cipher-based encryption in Java, including:
- It describes common cipher categories like block ciphers and stream ciphers, and symmetric vs asymmetric key algorithms.
- It explains the Cipher class in Java and algorithms supported like DES, Triple DES, and Blowfish. It also covers cipher modes like ECB, CBC, CFB and padding schemes.
- It provides details on how to use the Cipher class to initialize ciphers, encrypt/decrypt data by feeding it in blocks, and obtaining results. It includes a sample code example.
- It discusses special considerations for initializing password-based ciphers that require a salt and iteration count.
This document provides an overview of StormCrawler, an open source distributed crawler built on Apache Storm. It discusses key components like the FetcherBolt for fetching URLs, ParserBolt for parsing content and extracting metadata, and StatusUpdaterBolt for tracking crawl status. It also covers common configurations like URL partitioning, politeness policies, and filters. The document recommends using ConfigurableTopology or the archetype to simplify development, and describes how StormCrawler is used in production crawls involving news, images, and archiving to WARC files.
This document contains an agenda and summaries of sections from a presentation on messaging architectures and using messaging data with Splunk. The agenda includes an overview of common messaging systems like JMS, AMQP, and Kafka. It also covers customizing message handling and scaling modular inputs. Additionally, it discusses using ZeroMQ to access messages and using underutilized computers with JMS tasks.
Appearances are deceiving: Novel offensive techniques in Windows 10/11 on ARMFFRI, Inc.
In 2017, Microsoft announced the ARM version of Windows. The number of devices with ARM version of Windows is increasing, such as Surface Pro X series and HP ENVY x2, and it is gradually becoming popular.
When using these ARM devices, there is a compatibility issue that existing x86/x64 applications cannot be used.
However, this problem has been addressed by providing x86/x64 emulation capabilities. In recent years, ARM64EC has been announced, allowing for the gradual migration of x64 applications to ARM. The aggressive introduction of these compatibility technologies is a sign of Microsoft's strong will to promote the ARM version of Windows.
On the other hand, doesn't the introduction of new compatibility technologies provide a new avenue of attack for attackers? As far as we know, this point has not even been discussed much at this point. Therefore, we reverse engineered the compatibility technology that exists in Windows on ARM and examined its exploitability.
We found that various techniques are available, such as code injection by modifying XTA cache files, and obfuscation by exploiting newly introduced relocation entries. All of these techniques have in common the characteristic that the binary "appearance" and runtime behavior are different, making them difficult to detect and track. In addition, some of the techniques can be widely exploited to interfere with static analysis or sandbox analysis. Therefore, there is a high possibility that they will become a threat to the ARM version of Windows in the future.
In this presentation, we will explain the details of our new method and its features with demonstrations. We hope that this presentation will be a good opportunity to develop and promote the security research of Windows on ARM.
The PoC code and detailed reverse engineering results will be available on GitHub.
Appearances are deceiving: Novel offensive techniques in Windows 10/11 on ARMFFRI, Inc.
In 2017, Microsoft announced the ARM version of Windows. The number of devices with ARM version of Windows is increasing, such as Surface Pro X series and HP ENVY x2, and it is gradually becoming popular.
When using these ARM devices, there is a compatibility issue that existing x86/x64 applications cannot be used.
However, this problem has been addressed by providing x86/x64 emulation capabilities. In recent years, ARM64EC has been announced, allowing for the gradual migration of x64 applications to ARM. The aggressive introduction of these compatibility technologies is a sign of Microsoft's strong will to promote the ARM version of Windows.
On the other hand, doesn't the introduction of new compatibility technologies provide a new avenue of attack for attackers? As far as we know, this point has not even been discussed much at this point. Therefore, we reverse engineered the compatibility technology that exists in Windows on ARM and examined its exploitability.
We found that various techniques are available, such as code injection by modifying XTA cache files, and obfuscation by exploiting newly introduced relocation entries. All of these techniques have in common the characteristic that the binary "appearance" and runtime behavior are different, making them difficult to detect and track. In addition, some of the techniques can be widely exploited to interfere with static analysis or sandbox analysis. Therefore, there is a high possibility that they will become a threat to the ARM version of Windows in the future.
In this presentation, we will explain the details of our new method and its features with demonstrations. We hope that this presentation will be a good opportunity to develop and promote the security research of Windows on ARM.
The PoC code and detailed reverse engineering results will be available on GitHub.
TrustZone use case and trend (FFRI Monthly Research Mar 2017) FFRI, Inc.
Table of Contents
• About TrustZone
– Use case of TrustZone
– Cortex-A TrustZone
– Cortex-M TrustZone
– TEE implementation
• Vulnerability of TEE implementation
• Conclusions
• References
Android Things Security Research in Developer Preview 2 (FFRI Monthly Researc...FFRI, Inc.
Table of Contents
• Background • Use case and Weave
• Android Things Security Considerations
• Android Things Version Information
• File system information • Firewall setting
• ADB port setting
• SELinux setting
• Conclusions
• Reference
An Overview of the Android Things Security (FFRI Monthly Research Jan 2017) FFRI, Inc.
• Security incidents related to IoT devices
• About the Android Things
• Major features
• Installation and Settings
• Accessible network service
• Security configurations
• Conclusions
• References
Black Hat Europe 2016 Survey Report (FFRI Monthly Research Dec 2016) FFRI, Inc.
• About Black Hat
• Intriguing reports – Breaking BHAD: Abusing Belkin Home Automation Devices – (PEN)TESTING VEHICLES WITH CANTOOLZ YACHT – YET ANOTHER CAR HACKING TOOL – Mobile Espionage in the Wild: Pegasus and Nation-State Level Attacks
• Conclusions
• References
Black Hat Asia 2016 Survey Report (FFRI Monthly Research 2016.4)FFRI, Inc.
The document summarizes key presentations from Black Hat Asia 2016 on mobile, IoT, and Windows security. It discusses research on detecting Android commercial spyware, demonstrating iOS malware techniques on non-jailbroken phones, mapping vulnerabilities in wireless IoT devices, hacking a professional drone via MITM attacks, and a novel Windows DSC attack framework to persistently infect systems. The document provides context and the researcher's comments on each presentation.
ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...FFRI, Inc.
In this slide, we introduce the TrustZone of information that has published at this time in relation to ARMv8-M.
It is possible to separate/isolate the security level by adding the security state.
ARMv8-M architecture has a different mechanism than TrustZone to provide traditional ARMv8-A architecture, which is optimized for embedded systems.
CODE BLUE 2015 Report (FFRI Monthly Research 2015.11)FFRI, Inc.
•CODE BLUE 2015 had over 600 visitors from many countries.
–It had started two track presentation and youth track.
–Two teenagers and a student were on stage.
•IoT Security
–Medical equipment and social infrastructure were studied.
–The white hackers reported these vulnerabilities.
•Bug Bounty
–Japanese bug hunters are active in the world.
–There are things to learn from their way.
•APT
–APT would have invaded various organizations in Japan.
–Forum for information exchange, such as the CODE BLUE is required to counter APT.
Latest Security Reports of Automobile and Vulnerability Assessment by CVSS v3...FFRI, Inc.
•Automobile security is hot topic in many conferences.
•Cyber security measures are essential for the automobile.
•We summarize the following topics based on the above background.
–Presentations at the conferences other than Black Hat USA 2015 and DEF CON 23.
–Introduction of vulnerability assessment methods of automobile security by CVSS v3.
Black Hat USA 2015 Survey Report (FFRI Monthly Research 201508)FFRI, Inc.
This document summarizes security research presented at the Black Hat USA 2015 conference. Several talks demonstrated remote attacks against vehicles, including exploiting vulnerabilities in Chrysler Jeeps and Tesla Model S vehicles. Other research targeted IoT devices, like hacking a Linux-powered rifle and exploiting vulnerabilities in ZigBee wireless protocols. Additional briefings covered mobile and malware attacks, like exploiting the TrustZone security architecture on Android and using return-oriented programming for antivirus evasion. The document provides high-level overviews and comments on many of the featured talks from Black Hat USA 2015 and related conferences.
A Survey of Threats in OS X and iOS(FFRI Monthly Research 201507)FFRI, Inc.
This document provides an overview of threats to OS X and iOS. It summarizes recent malware cases like iWorm and WireLurker that infected devices through pirated software or sync functions. It also describes vulnerabilities like those allowing denial of service attacks or unauthorized access. The document outlines infection routes like drive-by downloads and recommends security settings for Macs and iPhones like installing updates, using passwords, and adjusting privacy and firewall settings.
Security of Windows 10 IoT Core(FFRI Monthly Research 201506)FFRI, Inc.
•Windows 10 IoT is successor platform of Windows Embedded that optimized for embedded devices.
•Windows 10 IoT Core Insider Preview has been provided for single-board computers such as the Raspberry Pi 2.
•We show tutorial about security of Windows 10 IoT Core using the Raspberry Pi 2.
Trend of Next-Gen In-Vehicle Network Standard and Current State of Security(F...FFRI, Inc.
Background
•Automobiles equip a lot of ECUs which communicate mutually on In-Vehicle Network to control engine, power window, and so on
•IVI devices such as navigation system and ADAS*known-as lane-keeping or brake-assist systems often are connected in the same network
•BecauseIn-Vehicle network becoming complicated by various devices, next-generation In-Vehicle network attracts interest as feasible technology at low cost
•This slide summarized about following topics
–Ethernet prospective as next-generation In-Vehicle network
–Recent security research about conventional In-Vehicle network andproposal of measures for the CAN
This document discusses malware samples that abuse PowerShell on Windows systems. It provides examples of malware behaviors like generating batch files to execute PowerShell scripts, downloading data from command and control servers, dumping browser cookies, checking for sandbox detection, and downloading/executing files. The document concludes that PowerShell is commonly used by malware in a similar way that AutoIt is abused, and that the focus should be on malicious behaviors rather than the scripting language itself.
MR201504 Web Defacing Attacks Targeting WordPressFFRI, Inc.
Large number web sites defacing for various purposes are increasing.
Many used technique within of the these attacks is targeting a popular product or these plug-ins like WordPress.
In this report, was analyses about vulnerability that made 18,000 websites victims by exploiting “Slider Revolution".
The point different from general attacks like SQL injection is that using normal function.
Many of these vulnerabilities within of the CMS product are often in where there are assume used by admin.
So, Limit of access to "/wp-admin" or "/admin" by editing ".htaccess" is very important.
MR201502 Intel Memory Protection Extensions OverviewFFRI, Inc.
• Intel MPX provides primitive functions for runtime memory protection via compiler’s code instrumentation
• Performance impact is not clear
– However, we guess it is faster than another approach of memory protection such as software fault isolation or runtime instrumentation
• After all, Intel MPX and runtime memory protection are not expected to come into wide use for some time because we need replacement our
desktops and servers for to use buffer overflow protection
This document discusses trends in Linux malware. It outlines several Chinese DDoS botnets like IptabLes/IptabLex, XOR.DDoS, and AES.DDoS that have targeted Linux systems through exploits. It notes the increasing prevalence of Linux-based devices and rise in ELF malware submissions to services like VirusTotal. The document recommends approaches like SELinux, firewalls, anti-malware tools, and integrity checking to detect and mitigate Linux malware infections.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
20 Comprehensive Checklist of Designing and Developing a WebsitePixlogix Infotech
Dive into the world of Website Designing and Developing with Pixlogix! Looking to create a stunning online presence? Look no further! Our comprehensive checklist covers everything you need to know to craft a website that stands out. From user-friendly design to seamless functionality, we've got you covered. Don't miss out on this invaluable resource! Check out our checklist now at Pixlogix and start your journey towards a captivating online presence today.
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
Full-RAG: A modern architecture for hyper-personalizationZilliz
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
1. Fourteenforty Research Institute, Inc.
1
Fourteenforty Research Institute, Inc.
GRAPE : Generative Fuzzing
Fourteenforty Research Institute, Inc.
http://www.fourteenforty.jp
Nicholas Green
Darren Willis, Takahiko Funakubo
2. Fourteenforty Research Institute, Inc.
2
Grape
A Generative Fuzzer
– Inspired by Scapy , Sulley, PeachFuzz, et cetera
– Generalized Fuzzing: can fuzz packets, files, higher level
interactions
– Handles responses: can interact with stateful protocols
3. Fourteenforty Research Institute, Inc.
Outline
• What is fuzzing (very briefly)
– Types of fuzzing
– Challenges in fuzzing
• Our fuzzer (GRAPE)
– Overview of a fuzzing ‘scenario’
– How GRAPE specifies its rules
– How GRAPE handles complex logic (macros)
– How GRAPE handles statefulness and participates in ‘conversations’
• Demo
– Grape vs Windows 7
– Grape vs a router
3
4. Fourteenforty Research Institute, Inc.
Fuzzing: most basic case
4
Normal response
Normal Data
Abnormal data
No normal responseProblem found
Normal Data
System
Under
Test
5. Fourteenforty Research Institute, Inc.
Fuzzing (Very Much In Brief)
• Testing a system by subjecting it to malformed inputs
• Broadly, two types
– Mutating - Take existing inputs, tweak them
– Random Bit Flipping
– Field alteration (requires knowledge of fuzzed
format)
– Input samples important
– Generative - Use set of rules to create new inputs
– Also requires knowledge of fuzzed format
– Rules determine coverage
5
6. Fourteenforty Research Institute, Inc.
Fuzzing steps
• Find or define attack surface
• Generate Input Cases
• Feed Them To Target
• Monitor For Crashes / Unusual Behaviour
• Collect & Analyse Crash Data
6
7. Fourteenforty Research Institute, Inc.
Fuzzers - Generality
• Most fuzzers are quite specific
– Fuzzers for various protocols
• SNMP/DHCP/ICMP/etc
– Fuzzers for specific file formats
• PDF/HTML/SWF/etc
Scapy is an example of a more general fuzzing system, but still
network focused.
7
8. Fourteenforty Research Institute, Inc.
Fuzzers - Smartness
• Fuzzers vary in ‘randomness’
• Most fuzzers are smart
– Requires understanding the format of the input being
fuzzed
– Mutate/Generate input such that it’s likely to break the
system (length fields, etc)
Generally: Try to imagine how someone would have messed
up trying to implement the code parsing the input you’re
attacking.
8
9. Fourteenforty Research Institute, Inc.
Statefulness
• Sometimes protocols requiring keeping state
• A particular problem for generative fuzzers (mutative fuzzers
can usually playback their inputs)
• Need to incorporate responses from target into future fuzz
cases
• Examples
– Fuzzing an FTP server’s command line parsing
– Fuzzing a TCP implementation (sequence and
acknowledgement numbers)
9
10. Fourteenforty Research Institute, Inc.
Grape
• Generative Fuzzer
• Handles responses for stateful fuzzing
• Rules for generation written in a YAML-like dialect
• Compose rules into fuzz scenarios with Scapy-like syntax
• Pluggable backends – output can be to file, network, etc
• Sensible default low-level protocols – fuzz HTTP without
fuzzing (or thinking about) IPv4
• Heartbeat-based monitoring
• No crash data collection yet
10
12. Fourteenforty Research Institute, Inc.
12
Scenario
Config
Heartbeat
Fuzzing
Group
Group
Configuration for this
scenario.
E.g. setting a path and
low layer.
Example:
config {
rule_path: http/
low_layer: ether/ipv4/tcp
}
13. Fourteenforty Research Institute, Inc.
13
Scenario
Config
Heartbeat
Fuzzing
Group
Group
Monitor the target with a
“heartbeat”
Example:
heart_beat {
group {
send: http_head
recv: recv_http_head
}
}
14. Fourteenforty Research Institute, Inc.
14
Scenario
Config
Heartbeat
Fuzzing
Group
Group
The “fuzzing” category
describes a set of
“groups” which control the
real fuzzing
fuzzing {
group {
…
}
group {
…
}
}
15. Fourteenforty Research Institute, Inc.
15
Scenario
Config
Heartbeat
Fuzzing
Group
Group
A group describes a
“conversation” or series
of generations.
Example:
group {
send: http_init
recv: recv_basic
send: tricky_stuff
}
16. Fourteenforty Research Institute, Inc.
16
Group
Packet Description
A packet description is
one “send” or “receive”
line from the groups:
Example:
send: http_init
Rule
Rule
Packet Description
Rule
Rule
17. Fourteenforty Research Institute, Inc.
17
Group
Packet Description
A rule describes how an actual
input or series of inputs is created
(this is the generative bit!):
Example:
mostly_harmless:
method/s: ["GET", "PUT"]
space/s: " "
path/s: ["/index.html", "/“]
http/s: " HTTP/1.1¥r¥n"
done/s: "¥r¥n"
Rule
Rule
Packet Description
Rule
Rule
18. Fourteenforty Research Institute, Inc.
Simple Interactions
send: send this to (network/ a file)
recv: Receive this response (network only for now)
recv rules match the incoming data with certain rules
–If no match, skips to next fuzzing fuzzing case
Note: no ‘real’ flow control
–Use several groups, instead
18
19. Fourteenforty Research Institute, Inc.
Packet Structure Description
Here’s where we took inspiration from Scapy
There’s ‘layers’
ether/ipv4/tcp(syn:1)/payload(data:”AAAAA”)
‘/’ separates layers, parentheses allow overwriting of named
values inside the ‘rules’
‘sublayers’ can be placed in parentheses
ether/ipv6(routing(type:0))/udp/random(50)
19
20. Fourteenforty Research Institute, Inc.
Rule Definitions
The structures of generated inputs are composed
from ‘rules’ These rules are defined in separate files.
YAML-inspired syntax, but not really YAML
A Rule:
gif_basic:
signature/s3 : "GIF"
version/s3 : ["89a","87a"]
logical_screen_width/I2 : 32
logical_screen_height/I2 : 52
global_color_table_flag/b1 : 1
color_resolution/b3 : 7
20
21. Fourteenforty Research Institute, Inc.
Primitive Definitions II
Primitives are given by name, followed with a type and a length,
and then possible values for that primitive to take.
These values are automatically used in fuzzing.
Type is one of:
I: Big Endian Integer (that’s a capital i)
i: Little Endian Integer
S: Symbol
s: String
B: Binary
b: Bitfield
Lengths are in bytes, except for bitfields, where they are in
bits.
21
version/s3: ["89a","87a"]
22. Fourteenforty Research Institute, Inc.
Rule Definitions
The structures of generated inputs are composed
from ‘rules’ These rules are defined in separate files.
YAML-inspired syntax, but not really YAML
A Rule:
gif_basic:
signature/s3 : "GIF"
version/s3 : ["89a","87a"]
logical_screen_width/I2 : 32
logical_screen_height/I2 : 52
global_color_table_flag/b1 : 1
color_resolution/b3 : 7
22
23. Fourteenforty Research Institute, Inc.
Fuzzing Combinations
Fields like version/s3: ["89a","87a"] with multiple values
are automatically fuzzed by the fuzzing engine.
Output is generated such that every value given for a field is
present at least once in the output. One field per output is
‘fuzzed’; that field is iterated over. All others take their leftmost
value.
Fuzzing is not combinatorial, however:
version/s3: [“A",“B"]
width/I2: [1, 2, 3]
produces 4 combinations:
(“A”, 1) (“B”,1) (“A”, 2) (“A”, 3)
23
24. Fourteenforty Research Institute, Inc.
Combinatorial fuzzing
• We can also have fields that we want to fuzz as a
“combination”. i.e. This Rule:
24
CombinationMultiFieldFuzz:
value1%combo1/s1: [“A” , “B”]
value2%combo1/I1: [1, 2, 3]
Produces the following 6 combinations:
(“A”, 1) (“B”,1) (“A”, 2) (“B”, 2”) (“A”, 3) (“B”, 3)
25. Fourteenforty Research Institute, Inc.
Response Definitions
Responses are matched against response rules. These are similar
to the generation rules. Specifying a value indicates that part of
the response should match that value.
_ is “Don’t care”, and matches anything
Can also capture values using $() syntax:
recv_tcp:
src/i2 : _
dest/i2 : _
seqno/I4: $(sequence_number)
Captured values are available as variables.
25
26. Fourteenforty Research Institute, Inc.
Response Definitions II - Regexes
Response Definitions can include simplified regexps for string
matching
HTTP:
response: [“%s %d %s¥r¥n”, $(version), $(code),
$(status)”]
These are powered by Oniguruma; the results of the scanf –style
capture directives get saved to corresponding variables.’
Real regexes can also be used for more power (i.e. non-scanf-
style).
26
27. Fourteenforty Research Institute, Inc.
Response Definitions III
Primitives in responses can be marked with an asterisk ‘*’ to
indicate 0 or more of the primitive should be matched.
Useful for matching higher-level patterns:
HTTP:
header-line/s*: “%s¥r¥n”
cache-expires/s: “EXPIRES blah blah ¥r¥n”
header-line/s*: “%s¥r¥n”
done/s: “¥r¥n”
This matches an expires line at any point in the header
27
28. Fourteenforty Research Institute, Inc.
Variables
tcp:
srcport/I2: 0
dstport/I2: $tcp_dst_port
…
The syntax ‘$tcp_dst_port ‘ inserts the value of a variable
named ‘tcp_dst_port’.
Variables can be set by the user initially, captured from incoming
packets, or calculated by macro statements.
28
29. Fourteenforty Research Institute, Inc.
Symbols
• Symbols go inside <angle_brackets>
• Similar to variables but for internal use within the rules.
• Get substituted like rules
fuzzable_thing:
type%comb/i1 : [0,1,2,3, 256]
length%comb/i1 : [1,127, 128, 255, 256, 32767, 32768, 65535, 65536]
data%/comb/B : $repeat(<padding>, ($ivalue(<length>) + 1) / 2)
padding:
data1%comb/I1 : [0,1,2,3,4]
data2%comb/I1 : [0,1,2,3,4]
29
30. Fourteenforty Research Institute, Inc.
Macros
ipv4[6]:
version/b4 : 4
header_length/b4 : [($ilength(<ipv4>) -$ilength(<payload>)) / 4, 0, 15]
dscp_or_tos/S : [ <tos>, <dscp> ]
packet_length/I2 : [$ilength(<ipv4>), 1, 16, 32]
Various macros are provided, e.g. $ilength(<symbol>)
Arithmetic permitted – header_length can be the length of the
whole ipv4 block, minus the length of the payload block, divided
by 4.
Other macros include $tcp_checksum, $md5, $repeatA
30
31. Fourteenforty Research Institute, Inc.
Macro Example
void Macros::macro_irandom(Field *f, Var &out,
int argc, Var *argv)
{
int ret = rand();
out.setInteger(ret);
}
The macro interface is still work-in-progress.
Var types hold values used during generation; the result of a
macro can be set by calling ‘setInteger’, ‘setString’, etc, on
the ‘out’ argument of the macro.
argv is an array of argc pointers to Vars.
31
32. Fourteenforty Research Institute, Inc.
Backends
How the generated data is actually used.
Currently Provided:
Raw-Ethernet IPv4 IPv6 UDP TCP HTTP File
Lower level network backends use raw sockets and libpcap
Higher level network backends use OS provided sockets
32
33. Fourteenforty Research Institute, Inc.
Multiple Backends
Backends can be named
command: ether/ipv4/tcp
data: ether/ipv4/tcp(tcp_dst_port: 20)
Packets can be sent to any named backend
send(command): ftp/login(uname: ”foo”, pword: “bar”)
send(data): ftp/payload(data: “hogehogehoge”)
Sent to default(first) backend if no name specified.
Connection-based backends automatically opened on first send
33
34. Fourteenforty Research Institute, Inc.
Monitoring
• Currently an optional ‘heartbeat’ can be defined
• Detects when the target stops responding
• Usually, ICMP or ICMPv6 Echo Requests (pings)
• Can specify heartbeat interval (once every n packets)
34
35. Fourteenforty Research Institute, Inc.
HeartBeat
heart_beat {
group {
send: ipv4/icmp(icmp_echo_req)
recv: recv_ipv4/recv_icmp(recv_icmp_echo)
}
}
The monitoring heartbeat is specified like any other fuzzing rule.
Heartbeat can have a different backend.
35
36. Fourteenforty Research Institute, Inc.
Example – IPv6 Fuzzing
ipv6:
version/b4 : 6
trafficclass/b8 : 0
flowlabel/b20 : 0
packet_length/I2: $ilength(<payload>) + $ilength(<headers>)
next_header/I1 : $id(<next>)
hoplimit/I1 : [127, 255, 0]
src_address/B16 : $ipv6_addr($ipv6_src)
dest_address/B16 : $ipv6_addr($ipv6_dst)
headers/S : <next_sublayer>
payload/S : <next_layer>
Generates an IPv6 header, and continues into the extension headers.
36
37. Fourteenforty Research Institute, Inc.
IPv6 Fuzzing - contd
For IPv6, instead of fuzzing values we fuzz structures -
Various combinations of chains of extension headers and
associated options:
send: ipv6(hopbyhop(home_address/quick_start)/routing/esp)/tcp
send: ipv6(hopbyhop(home_address/endpoint_ID)/routing/esp)/tcp
send: ipv6(hopbyhop(home_address/tunnel_limit)/routing/esp)/tcp
send: ipv6(hopbyhop(home_address/router_alert)/routing/esp)/tcp
Of course, these are generated by a script.
37
38. Fourteenforty Research Institute, Inc.
Example: TCP Fuzzing
tcp[0x6]:
srcport/I2: 0
dest/I2: $tcp_dst_port
seqno/I4: 0
ackno/I4: 0
dataoff/b4: ($ilength($<opts>) / 4) + 5
reserved/b4: 0
cwr/b1: 0
ece/b1: 0
urg/b1: 0
ack/b1: 0
… etc.
TCP control bits can be set using overwrites in the scenario file.
38
39. Fourteenforty Research Institute, Inc.
TCP Scenario Excerpt
group{
send: tcp(seqno:1747422, srcport: 6295, syn: 1, cwr:1, ece:1)
recv: recv_tcp
send: tcp(seqno:$recv_ack, srcport: 6295, ack: 1, ackno: $recv_seq + 1 ,
cwr:1, ece:1)
recv: recv_tcp
send: tcp(seqno:1747423, srcport: 6295,cwr:1, ece:1)/tcp_payload
recv: recv_tcp
send: tcp(seqno:1747449, srcport: 6295,fin: 1, cwr:1, ece:1)/tcp_payload
}
Scenario file uses overwrites to control the higher-level
behaviour to comply with the TCP protocol.
39
42. Fourteenforty Research Institute, Inc.
Limitations
• Speed
– Research quality code
• Expressiveness
– Flow Control in scenarios
Small set of backends at present
42
43. Fourteenforty Research Institute, Inc.
Future Work
• Speediness
• Flow Control
• More Backends
• Macro programming for everyone
– Scripting language
• More sophisticated monitoring
– Likely requires cooperation with vendors for embedded
devices
– Develop a protocol?
• More file-oriented fuzzing support (spawning processes to
open generated files, etc)
43
44. Fourteenforty Research Institute, Inc.
44
Thank you!
Questions?
Fourteenforty Research Institute, Inc.
http://www.fourteenforty.jp
Nicholas Green
green@fourteenforty.jp