Security coding c and c++ ch8 (1)
•
0 likes•688 views
This document discusses secure coding practices for file input/output in C and C++. It covers file I/O basics like file system structures and types, as well as common interfaces for file I/O like stdio.h and iostream. It also discusses access control using UNIX permissions and user IDs. Potential vulnerabilities are outlined, such as setuid programs running with elevated privileges that could allow accessing unintended files if exploited. The document is an outline for a chapter that will continue discussing additional topics like race conditions and mitigation strategies for secure file I/O.
Report
Share
Report
Share
Download to read offline
Recommended
Containers from scratch
What is a container? Is it really a “lightweight VM” or is it more like a Linux process? In this talk you'll see exactly what a container is, as Liz builds one from scratch in a few lines of Go code. You'll learn how namespaces, control groups and chroot are used to construct containers, and how they are isolated from each other and from the host machine they run on.
Basic commands of linux By Adam
The document introduces A. Mohammed Adam, an activist for the Free Software Foundation Tamilnadu. It then provides instructions for extracting files and directories from tar, tar.gz, and tar.bz2 archives using the tar command, including extracting single files or directories or extracting the entire archive.
Cara penggunaan emco
The document provides 5 steps to run a CNC program: 1) Mount drive D to the storage location of files, 2) press enter, 3) enter D:\, 4) enter cd (folder name), 5) enter cnc.exe.
[ETHCon Korea 2019] Kim jiyun 김지윤
The document discusses Ethereum databases and data structures. It covers LevelDB, the database used by Geth clients, and data encoding methods like RLP, SSZ, and SOS. It also describes the data types and structures used to store transactions, blocks, Merkle Patricia Trie nodes, and their references. The document aims to help understand how Ethereum stores transaction and block data by leveraging the structural characteristics of linking current data to previous data references and storing copies across nodes.
Linux and windows file system
This is the presentation I have in OS course. Mainly focus on the linux file system part and only points out the difference about the Windows file system of NTFS, but I have not dig into it.
Ruby on Windows (uru/RubyInstaller/Devkit)
This document outlines the installation of multiple Ruby versions and their associated Devkit packages on Windows. It describes downloading Ruby 1.8.7, 2.0.0, and 2.3.0 installers as well as Devkit packages for 32-bit and 64-bit. It provides instructions to initialize and install the Devkits to support compiling native extensions. Finally, it explains how to initialize a Ruby on Rails project using Bundler to manage gem dependencies.
เครือข่ายคอมพิวเตอร์
1. The document discusses the basic components of a computer network including workstations, file servers, network interface cards, hubs, switches, routers, and cabling.
2. It explains common network topologies like bus, ring, and star and how they connect the different devices.
3. Finally, it lists some common network and workstation operating systems like Windows, Linux, Novell, and Unix.
Disk and file operation
This document discusses disk structure, including file allocation and the file directory. It explains that the file allocation table tracks file locations, and that the file directory stores files in a hierarchical structure like folders on a tree. It describes the components of a file directory entry, including the filename, file attributes, and other metadata.
Recommended
Containers from scratch
What is a container? Is it really a “lightweight VM” or is it more like a Linux process? In this talk you'll see exactly what a container is, as Liz builds one from scratch in a few lines of Go code. You'll learn how namespaces, control groups and chroot are used to construct containers, and how they are isolated from each other and from the host machine they run on.
Basic commands of linux By Adam
The document introduces A. Mohammed Adam, an activist for the Free Software Foundation Tamilnadu. It then provides instructions for extracting files and directories from tar, tar.gz, and tar.bz2 archives using the tar command, including extracting single files or directories or extracting the entire archive.
Cara penggunaan emco
The document provides 5 steps to run a CNC program: 1) Mount drive D to the storage location of files, 2) press enter, 3) enter D:\, 4) enter cd (folder name), 5) enter cnc.exe.
[ETHCon Korea 2019] Kim jiyun 김지윤
The document discusses Ethereum databases and data structures. It covers LevelDB, the database used by Geth clients, and data encoding methods like RLP, SSZ, and SOS. It also describes the data types and structures used to store transactions, blocks, Merkle Patricia Trie nodes, and their references. The document aims to help understand how Ethereum stores transaction and block data by leveraging the structural characteristics of linking current data to previous data references and storing copies across nodes.
Linux and windows file system
This is the presentation I have in OS course. Mainly focus on the linux file system part and only points out the difference about the Windows file system of NTFS, but I have not dig into it.
Ruby on Windows (uru/RubyInstaller/Devkit)
This document outlines the installation of multiple Ruby versions and their associated Devkit packages on Windows. It describes downloading Ruby 1.8.7, 2.0.0, and 2.3.0 installers as well as Devkit packages for 32-bit and 64-bit. It provides instructions to initialize and install the Devkits to support compiling native extensions. Finally, it explains how to initialize a Ruby on Rails project using Bundler to manage gem dependencies.
เครือข่ายคอมพิวเตอร์
1. The document discusses the basic components of a computer network including workstations, file servers, network interface cards, hubs, switches, routers, and cabling.
2. It explains common network topologies like bus, ring, and star and how they connect the different devices.
3. Finally, it lists some common network and workstation operating systems like Windows, Linux, Novell, and Unix.
Disk and file operation
This document discusses disk structure, including file allocation and the file directory. It explains that the file allocation table tracks file locations, and that the file directory stores files in a hierarchical structure like folders on a tree. It describes the components of a file directory entry, including the filename, file attributes, and other metadata.
HoneyCon 2014
This document outlines the agenda for HoneyCon 2014, including a Capture the Flag (CTF) event. The agenda covers past and current cyber attack trends like DDoS, spam, and mobile hacking. It also discusses honeypots and their use for detecting unauthorized users by emulating vulnerable systems and analyzing attack logs. Rules are provided for the CTF competition where teams will defend servers and try to capture flags from other teams' servers while maintaining their own services. The goal is to practice defensive and offensive hacking skills in a legal environment.
Passwd crack introduction
This document discusses password cracking methods, including storing passwords, hashing versus encryption, common hashing algorithms, and rainbow table attacks. It introduces password cracking and describes storing passwords in plaintext or hashed/encrypted formats. It also explains how rainbow table attacks work by pre-computing hash values into a lookup table to crack password hashes more efficiently than brute force methods.
Security coding c and c++ ch8(2)
This document discusses strategies for securing file input/output operations in C and C++ programs. It outlines various file identification issues like directory traversal and equivalence checks that could enable exploits. It also describes race conditions that can occur between checking and using a file. The key strategies recommended to mitigate these risks include closing the window between check and use, eliminating shared race objects, controlling access to race objects, and using tools to detect races. Overall, the document stresses applying concepts like atomic operations, mutual exclusion, and least privilege to securely manage file resources similarly to shared memory.
Build web server
This document provides an overview of how to build a basic web server in 20 minutes. It explains that a web server follows the representational state transfer (REST) architectural style and discusses requests, responses, and parsing request data. It also describes adding dynamic functionality through common gateway interface (CGI) scripts and potential security issues around user inputs. The goal is to help readers understand the core components of a web server through a simple example implementation.
Rootkit 102 - Kernel-Based Rootkit
This document discusses kernel-level rootkits in Linux. It explains that kernel-level rootkits are more robust than user-space rootkits because they can hide processes and prevent system crashes or reboots from revealing the intrusion. It then provides steps for creating a trivial kernel-based rootkit, including loading a kernel module, hooking a system call like getdent64, and overcoming challenges around locating the sys_call_table and modifying kernel memory. The document suggests some new techniques rootkits could use beyond just syscall hooking, and concludes by thanking the reader.
ELF 101
The document discusses creating a minimal ELF (Executable and Linkable Format) file by hand. It explains that an ELF file contains a general header with metadata like the system architecture and endianness. It also contains a program header specifying the memory layout and permissions. The document gives an example of writing a "Hello World" program manually by writing the string to memory, setting registers, and calling syscalls to write to stdout and exit. It then introduces the concept of self-modifying code where the program writes instructions directly to memory at runtime.
State of the Word 2011
The document discusses the benefits of exercise for both physical and mental health. It notes that regular exercise can reduce the risk of diseases like heart disease and diabetes, improve mood, and reduce feelings of stress and anxiety. The document recommends that adults get at least 150 minutes of moderate exercise or 75 minutes of vigorous exercise per week to gain these benefits.
Prog ii
This document provides an outline and overview of topics to be covered in a short course on UNIX systems programming II. The course will cover:
1. Files and devices, including inodes, stat system call, /dev files, ioctl, reading directories, and file descriptor sharing.
2. Process handling, including fork, exec, signals, and inter-process communication using pipes, pseudo-terminals, and sockets.
3. Non-blocking I/O and select, including UNIX events, signals, timers, polling, and an example Internet server.
TLPI Chapter 14 File Systems
This document summarizes key concepts about file systems in Linux:
1. It describes the structure of file systems including superblocks, inodes, and data blocks. Inodes contain metadata about files and pointers to data blocks.
2. It discusses device files that correspond to devices in the system and are represented in the /dev directory. Each device has a major and minor ID.
3. Journaling file systems like ext4 are described which eliminate the need for lengthy consistency checks after crashes by journaling file system updates.
4. The concept of mounting other file systems at mount points under the single directory hierarchy rooted at / is summarized along with the mount() and umount() system calls.
An Introduction To Linux
This document provides an introduction to Linux, including its history and architecture. It describes Linux's origins from Unix in the 1960s and the development of the Linux kernel by Linus Torvalds in 1991. It outlines the key components of a Linux system, including the kernel, shell, file system, processes, networking, and desktop environments. It also discusses booting a Linux system and provides resources for learning more about Linux distributions and building your own operating system.
When ACLs Attack
This document discusses access control lists (ACLs) and how they are implemented across different platforms and file systems. It provides a history of ACL implementations including POSIX ACLs, NTFS ACLs, and NFSv4 ACLs. It also discusses specifics of how ACLs are supported and some issues that can arise with ACLs on the author's NetApp and FreeBSD environments. Overall, the document aims to educate about ACL standards and interoperability challenges across platforms.
Linux tech talk
This document provides an overview of Linux commands organized into different categories. It begins with explanations of what GNU/Linux is and why it is used. It then discusses the many Linux distributions available. The bulk of the document lists and describes Linux commands for system information, file handling, system administration, compression, networking, process management, SSH, AWK, basic terminal shortcuts, and other "goodies". Commands are explained with examples of typical usage. The document serves as a reference guide for basic Linux commands.
Integrity and Security in Filesystems
This document discusses security and integrity in Linux filesystems. It covers topics such as filesystem sources in the Linux kernel, the virtual filesystem (VFS) layer, common filesystems like ext2/3 and XFS, atomic operations and journaling to improve robustness, cryptography and encryption, and Linux Security Modules (LSM) for access control and security policy enforcement. The goal is to provide an overview of how Linux maintains security and data integrity across its various filesystem implementations.
CS50x Permissions, Files, Users
This document provides an overview of files, users, and permissions in Linux. It discusses that Linux is Unix-like and everything is treated as a file. Permissions include read, write and execute and are based on the file's user, group and others. It also covers users and groups, and how permissions can be changed using chmod, chown and chgrp. The root user has full privileges to do anything on the system. Scripts require execute permission to run.
Tips and Tricks for Increased Development Efficiency
Short presentation targetted at university students showing some tools and software that are usually not talked about in courses which helps development productivity.
Linux fundamental - Chap 10 fs
The document discusses file systems in Linux. It describes block devices, partitioning, filesystem types like Ext2/3/4, and tools for creating, mounting, checking, and monitoring filesystems. It also covers swap space, the /etc/fstab file, mounting options, and implementing disk quotas.
FreeBSD Portscamp, Kuala Lumpur 2016
This document provides an outline for a FreeBSD training course. It covers topics such as why to use FreeBSD and UNIX, installing FreeBSD 10.2, disk partitioning, the directory structure, basic commands, creating and managing user accounts, and configuring networking, filesystems, and services. The outline is divided into multiple sections with subsections covering specific commands, configuration files, and how to accomplish tasks like installing software and shutting down the system.
Fun with FUSE
Dima Krasner talks about FUSE, Filesystem in Userspace, its pros and cons, usage, tips and tricks, and more.
Dima is a senior developer at Sam Seamless Network.
Automotive Grade Linux and systemd
A talk presented at the Automotive Grade Linux All-Members meeting on September 8, 2015. The focus on why AGL should adopt systemd, and highlights two of the more difficult integration issues that may arise while doing so. The embedded SVG image, courtesy Marko Hoyer of ADIT, is at http://she-devel.com/2015-07-23_amm_demo.svg
Native Android Userspace part of the Embedded Android Workshop at Linaro Conn...
This document provides an overview of the native Android user-space environment, including:
1) The filesystem layout and key directories like /system, /data, and /vendor.
2) How the build system determines where files are placed.
3) The adb debugging tool and its capabilities.
4) Common command line tools and properties.
5) The init process and ueventd daemon.
6) Libraries like Bionic and integration options for legacy systems.
More Related Content
Viewers also liked
HoneyCon 2014
This document outlines the agenda for HoneyCon 2014, including a Capture the Flag (CTF) event. The agenda covers past and current cyber attack trends like DDoS, spam, and mobile hacking. It also discusses honeypots and their use for detecting unauthorized users by emulating vulnerable systems and analyzing attack logs. Rules are provided for the CTF competition where teams will defend servers and try to capture flags from other teams' servers while maintaining their own services. The goal is to practice defensive and offensive hacking skills in a legal environment.
Passwd crack introduction
This document discusses password cracking methods, including storing passwords, hashing versus encryption, common hashing algorithms, and rainbow table attacks. It introduces password cracking and describes storing passwords in plaintext or hashed/encrypted formats. It also explains how rainbow table attacks work by pre-computing hash values into a lookup table to crack password hashes more efficiently than brute force methods.
Security coding c and c++ ch8(2)
This document discusses strategies for securing file input/output operations in C and C++ programs. It outlines various file identification issues like directory traversal and equivalence checks that could enable exploits. It also describes race conditions that can occur between checking and using a file. The key strategies recommended to mitigate these risks include closing the window between check and use, eliminating shared race objects, controlling access to race objects, and using tools to detect races. Overall, the document stresses applying concepts like atomic operations, mutual exclusion, and least privilege to securely manage file resources similarly to shared memory.
Build web server
This document provides an overview of how to build a basic web server in 20 minutes. It explains that a web server follows the representational state transfer (REST) architectural style and discusses requests, responses, and parsing request data. It also describes adding dynamic functionality through common gateway interface (CGI) scripts and potential security issues around user inputs. The goal is to help readers understand the core components of a web server through a simple example implementation.
Rootkit 102 - Kernel-Based Rootkit
This document discusses kernel-level rootkits in Linux. It explains that kernel-level rootkits are more robust than user-space rootkits because they can hide processes and prevent system crashes or reboots from revealing the intrusion. It then provides steps for creating a trivial kernel-based rootkit, including loading a kernel module, hooking a system call like getdent64, and overcoming challenges around locating the sys_call_table and modifying kernel memory. The document suggests some new techniques rootkits could use beyond just syscall hooking, and concludes by thanking the reader.
ELF 101
The document discusses creating a minimal ELF (Executable and Linkable Format) file by hand. It explains that an ELF file contains a general header with metadata like the system architecture and endianness. It also contains a program header specifying the memory layout and permissions. The document gives an example of writing a "Hello World" program manually by writing the string to memory, setting registers, and calling syscalls to write to stdout and exit. It then introduces the concept of self-modifying code where the program writes instructions directly to memory at runtime.
State of the Word 2011
The document discusses the benefits of exercise for both physical and mental health. It notes that regular exercise can reduce the risk of diseases like heart disease and diabetes, improve mood, and reduce feelings of stress and anxiety. The document recommends that adults get at least 150 minutes of moderate exercise or 75 minutes of vigorous exercise per week to gain these benefits.
Viewers also liked (9)
Similar to Security coding c and c++ ch8 (1)
Prog ii
This document provides an outline and overview of topics to be covered in a short course on UNIX systems programming II. The course will cover:
1. Files and devices, including inodes, stat system call, /dev files, ioctl, reading directories, and file descriptor sharing.
2. Process handling, including fork, exec, signals, and inter-process communication using pipes, pseudo-terminals, and sockets.
3. Non-blocking I/O and select, including UNIX events, signals, timers, polling, and an example Internet server.
TLPI Chapter 14 File Systems
This document summarizes key concepts about file systems in Linux:
1. It describes the structure of file systems including superblocks, inodes, and data blocks. Inodes contain metadata about files and pointers to data blocks.
2. It discusses device files that correspond to devices in the system and are represented in the /dev directory. Each device has a major and minor ID.
3. Journaling file systems like ext4 are described which eliminate the need for lengthy consistency checks after crashes by journaling file system updates.
4. The concept of mounting other file systems at mount points under the single directory hierarchy rooted at / is summarized along with the mount() and umount() system calls.
An Introduction To Linux
This document provides an introduction to Linux, including its history and architecture. It describes Linux's origins from Unix in the 1960s and the development of the Linux kernel by Linus Torvalds in 1991. It outlines the key components of a Linux system, including the kernel, shell, file system, processes, networking, and desktop environments. It also discusses booting a Linux system and provides resources for learning more about Linux distributions and building your own operating system.
When ACLs Attack
This document discusses access control lists (ACLs) and how they are implemented across different platforms and file systems. It provides a history of ACL implementations including POSIX ACLs, NTFS ACLs, and NFSv4 ACLs. It also discusses specifics of how ACLs are supported and some issues that can arise with ACLs on the author's NetApp and FreeBSD environments. Overall, the document aims to educate about ACL standards and interoperability challenges across platforms.
Linux tech talk
This document provides an overview of Linux commands organized into different categories. It begins with explanations of what GNU/Linux is and why it is used. It then discusses the many Linux distributions available. The bulk of the document lists and describes Linux commands for system information, file handling, system administration, compression, networking, process management, SSH, AWK, basic terminal shortcuts, and other "goodies". Commands are explained with examples of typical usage. The document serves as a reference guide for basic Linux commands.
Integrity and Security in Filesystems
This document discusses security and integrity in Linux filesystems. It covers topics such as filesystem sources in the Linux kernel, the virtual filesystem (VFS) layer, common filesystems like ext2/3 and XFS, atomic operations and journaling to improve robustness, cryptography and encryption, and Linux Security Modules (LSM) for access control and security policy enforcement. The goal is to provide an overview of how Linux maintains security and data integrity across its various filesystem implementations.
CS50x Permissions, Files, Users
This document provides an overview of files, users, and permissions in Linux. It discusses that Linux is Unix-like and everything is treated as a file. Permissions include read, write and execute and are based on the file's user, group and others. It also covers users and groups, and how permissions can be changed using chmod, chown and chgrp. The root user has full privileges to do anything on the system. Scripts require execute permission to run.
Tips and Tricks for Increased Development Efficiency
Short presentation targetted at university students showing some tools and software that are usually not talked about in courses which helps development productivity.
Linux fundamental - Chap 10 fs
The document discusses file systems in Linux. It describes block devices, partitioning, filesystem types like Ext2/3/4, and tools for creating, mounting, checking, and monitoring filesystems. It also covers swap space, the /etc/fstab file, mounting options, and implementing disk quotas.
FreeBSD Portscamp, Kuala Lumpur 2016
This document provides an outline for a FreeBSD training course. It covers topics such as why to use FreeBSD and UNIX, installing FreeBSD 10.2, disk partitioning, the directory structure, basic commands, creating and managing user accounts, and configuring networking, filesystems, and services. The outline is divided into multiple sections with subsections covering specific commands, configuration files, and how to accomplish tasks like installing software and shutting down the system.
Fun with FUSE
Dima Krasner talks about FUSE, Filesystem in Userspace, its pros and cons, usage, tips and tricks, and more.
Dima is a senior developer at Sam Seamless Network.
Automotive Grade Linux and systemd
A talk presented at the Automotive Grade Linux All-Members meeting on September 8, 2015. The focus on why AGL should adopt systemd, and highlights two of the more difficult integration issues that may arise while doing so. The embedded SVG image, courtesy Marko Hoyer of ADIT, is at http://she-devel.com/2015-07-23_amm_demo.svg
Native Android Userspace part of the Embedded Android Workshop at Linaro Conn...
This document provides an overview of the native Android user-space environment, including:
1) The filesystem layout and key directories like /system, /data, and /vendor.
2) How the build system determines where files are placed.
3) The adb debugging tool and its capabilities.
4) Common command line tools and properties.
5) The init process and ueventd daemon.
6) Libraries like Bionic and integration options for legacy systems.
What you most likely did not know about sudo…
Sudo allows system administrators to delegate authority by giving users the ability to run some commands with root privileges or as another user while providing an audit trail. It provides more capabilities than just prefixing commands, including aliases, defaults, digest verification, session recording, LDAP integration, plugins, and logging/alerting. Upcoming features in Sudo 1.9 include recording sudo I/O logs centrally and an approval plugin framework.
Description of GRUB 2
Describes features of grub followed by installation,exploration, customizing , error recovery and password hacking grub.
Linux redhat final
This document provides information about installing and using the Linux Redhat version 9 operating system. It discusses the file system structure, types of files and partitions used in Linux, and provides step-by-step instructions for installing Redhat 9 manually through the command line interface. The summary also lists some basic Linux commands for navigating directories, viewing files, copying/moving files, and removing files or folders.
Intro to linux systems administration
This Project Report of Web Server contains the description of Linux Operating System Administration. This is based on Redhat Linux 6. In this, the topics covered are System Administration, Server Administration, Scheduling, Web Server, Samba Server and FTP Server. This also contains the information related to configuration file like passwd. This presentation was prepared as a record of Industrial training Project.
SFO15-200: Linux kernel generic TEE driver
SFO15-200: Linux kernel generic TEE driver
Speaker: Jens Wiklander
Date: September 22, 2015
★ Session Description ★
At this session we will get more knowledge about the TEE driver that Linaro has been working on for the last couple of months. Questions to be answered are for example: What are the API’s? How does the TEE driver work as a communication channel. What will a developer need to think of when adding support for another TEE solution?
★ Resources ★
Video: https://www.youtube.com/watch?v=BhLndLUQamM
Presentation: http://www.slideshare.net/linaroorg/sfo15200-linux-kernel-generic-tee-driver
Etherpad: pad.linaro.org/p/sfo15-200
Pathable: https://sfo15.pathable.com/meetings/302831
★ Event Details ★
Linaro Connect San Francisco 2015 - #SFO15
September 21-25, 2015
Hyatt Regency Hotel
http://www.linaro.org
http://connect.linaro.org
Bsdtw17: george neville neil: realities of dtrace on free-bsd
This document summarizes a talk on the history and current state of DTrace, a dynamic tracing framework originally developed for Solaris and later ported to FreeBSD and MacOS. It discusses how DTrace has been used for performance analysis, distributed systems tracing, and teaching operating systems. Recent improvements include machine-readable output, new providers, and performance tuning. Future work includes the OpenDTrace cross-platform project and improving the D programming language used to write probes.
Diy containers
You have probably heard a lot about containers. But what are they really? Some talk about them as lightweight VMs, others put an equation sign between containers and projects like LXC, Docker and Rocket. It is so confusing! In reality containers are simple. They are built by direct usage of modern linux kernel features and all aforementioned projects are generally doing the same thing while providing a slightly different mental model. If you want to build a container all you really need is a relatively new linux distro on your laptop. Join us to learn what a container is and how to build one by yourself without installing Docker or LXC, even without writing code.
Similar to Security coding c and c++ ch8 (1) (20)
Tips and Tricks for Increased Development Efficiency
Tips and Tricks for Increased Development Efficiency
Native Android Userspace part of the Embedded Android Workshop at Linaro Conn...
Native Android Userspace part of the Embedded Android Workshop at Linaro Conn...
Bsdtw17: george neville neil: realities of dtrace on free-bsd
Bsdtw17: george neville neil: realities of dtrace on free-bsd
More from Chia-Hao Tsai
[2019.05] HST - RegEx 101 ~ 1001
Regular expressions (regex) are patterns used to match character combinations in strings. This document covers regex grammar including:
- Common regex patterns like . (any character), | (or), * + ? (quantifiers), character sets [], grouping (), lookahead/behind.
- Examples of regex to match HTML tags, validate dates in MM-DD-YYYY format, match ETH/BTC addresses and imgur image links.
- The difference between capturing groups like ab(ab) and lookbehinds like (?<=ab)ab which matches ab without capturing it.
[2019.02.16] hst - orm
This document provides an overview of using Object Relational Mapping (ORM) with Python SQLAlchemy and MariaSQL. It discusses using ORM for database access, mapping database tables to Python classes, querying relationships between tables, and more advanced topics like adding virtual columns without changing the database schema. The document also includes examples of querying data from multiple related tables and creating database views using alembic migrations.
[2019.01.12] hst iptables 101 to 301
This document provides an overview of iptables and nftables. Iptables is a user-space tool that controls netfilter, the Linux kernel module for network packet filtering and network address translation (NAT). It operates on tables, chains, and rules to filter packets. Nftables is the newer replacement for iptables that offers a more concise syntax without default tables or chains. It is based on network families and uses expressions, statements, and sets to filter packets as they pass through hooks and chains.
[2018.12.15] hst python object 102
This document discusses various concepts related to Python objects including abstraction, with-statements, copying objects, object properties and attributes, object references, and special methods. It notes that with-statements make use of the __enter__ and __exit__ methods, and that objects can be copied using the copy module's copy and deep copy functions or the __copy__ and __deepcopy__ methods. The document also covers the difference between __dict__ and __slots__ for storing object attributes, using weak references via the __weakref__ attribute and weakref module, and special methods related to type conversions like string to integer.
[2018.11.16] Python Object 101
This document provides an overview of Python objects and their associated special methods. It discusses common object methods like __repr__, __str__, and __dir__ that are used for object representation and properties. Comparison methods like __eq__ and attribute methods like __setattr__ are also covered. The document outlines object instantiation methods like __new__ and __init__ as well as serialization methods like __reduce__. Finally, it briefly discusses object-oriented concepts like metaclasses, inheritance, and pickling security concerns.
[2017.03.18] hst binary training part 1
The document provides an overview of binary formats and machine code. It discusses the Mach-O binary format used on Mac OS X, including the header, commands, segments, and sections. It also covers x86-64 machine code layout and opcodes. A minimal Mach-O 64 binary is listed as an example, containing a header, commands, and 12 bytes of machine code while consuming only 4K of space.
Rootkit 101 - 2nd Edition
Computer security 101 - rootkit introduction based on linux. In the 102 I need to introduce the kernel-based rootkit in linux, if possible.
Maker - WiFi AP
This document discusses designing a WiFi access point (AP) using open source tools. It describes setting up a basic WiFi AP using hostapd to expose the device, dnsmasq for IP address assignment, and iptables for packet routing. It then discusses enhancing the design to allow WiFi roaming between multiple APs using the same SSID, authentication, and password. The document stresses that controlling the network's router gives complete visibility and control over all network traffic and devices.
More from Chia-Hao Tsai (11)
Recently uploaded
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...Edge AI and Vision Alliance
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/temporal-event-neural-networks-a-more-efficient-alternative-to-the-transformer-a-presentation-from-brainchip/
Chris Jones, Director of Product Management at BrainChip , presents the “Temporal Event Neural Networks: A More Efficient Alternative to the Transformer” tutorial at the May 2024 Embedded Vision Summit.
The expansion of AI services necessitates enhanced computational capabilities on edge devices. Temporal Event Neural Networks (TENNs), developed by BrainChip, represent a novel and highly efficient state-space network. TENNs demonstrate exceptional proficiency in handling multi-dimensional streaming data, facilitating advancements in object detection, action recognition, speech enhancement and language model/sequence generation. Through the utilization of polynomial-based continuous convolutions, TENNs streamline models, expedite training processes and significantly diminish memory requirements, achieving notable reductions of up to 50x in parameters and 5,000x in energy consumption compared to prevailing methodologies like transformers.
Integration with BrainChip’s Akida neuromorphic hardware IP further enhances TENNs’ capabilities, enabling the realization of highly capable, portable and passively cooled edge devices. This presentation delves into the technical innovations underlying TENNs, presents real-world benchmarks, and elucidates how this cutting-edge approach is positioned to revolutionize edge AI across diverse applications.[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
The typical problem in product engineering is not bad strategy, so much as “no strategy”. This leads to confusion, lack of motivation, and incoherent action. The next time you look for a strategy and find an empty space, instead of waiting for it to be filled, I will show you how to fill it in yourself. If you’re wrong, it forces a correction. If you’re right, it helps create focus. I’ll share how I’ve approached this in the past, both what works and lessons for what didn’t work so well.
A Deep Dive into ScyllaDB's Architecture
This talk will cover ScyllaDB Architecture from the cluster-level view and zoom in on data distribution and internal node architecture. In the process, we will learn the secret sauce used to get ScyllaDB's high availability and superior performance. We will also touch on the upcoming changes to ScyllaDB architecture, moving to strongly consistent metadata and tablets.
Dandelion Hashtable: beyond billion requests per second on a commodity server
This slide deck presents DLHT, a concurrent in-memory hashtable. Despite efforts to optimize hashtables, that go as far as sacrificing core functionality, state-of-the-art designs still incur multiple memory accesses per request and block request processing in three cases. First, most hashtables block while waiting for data to be retrieved from memory. Second, open-addressing designs, which represent the current state-of-the-art, either cannot free index slots on deletes or must block all requests to do so. Third, index resizes block every request until all objects are copied to the new index. Defying folklore wisdom, DLHT forgoes open-addressing and adopts a fully-featured and memory-aware closed-addressing design based on bounded cache-line-chaining. This design offers lock-free index operations and deletes that free slots instantly, (2) completes most requests with a single memory access, (3) utilizes software prefetching to hide memory latencies, and (4) employs a novel non-blocking and parallel resizing. In a commodity server and a memory-resident workload, DLHT surpasses 1.6B requests per second and provides 3.5x (12x) the throughput of the state-of-the-art closed-addressing (open-addressing) resizable hashtable on Gets (Deletes).
Demystifying Knowledge Management through Storytelling
The Department of Veteran Affairs (VA) invited Taylor Paschal, Knowledge & Information Management Consultant at Enterprise Knowledge, to speak at a Knowledge Management Lunch and Learn hosted on June 12, 2024. All Office of Administration staff were invited to attend and received professional development credit for participating in the voluntary event.
The objectives of the Lunch and Learn presentation were to:
- Review what KM ‘is’ and ‘isn’t’
- Understand the value of KM and the benefits of engaging
- Define and reflect on your “what’s in it for me?”
- Share actionable ways you can participate in Knowledge - - Capture & Transfer
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Dmitrii Kamaev, PhD
Senior Product Owner - QIAGEN
Taking AI to the Next Level in Manufacturing.pdf
Read Taking AI to the Next Level in Manufacturing to gain insights on AI adoption in the manufacturing industry, such as:
1. How quickly AI is being implemented in manufacturing.
2. Which barriers stand in the way of AI adoption.
3. How data quality and governance form the backbone of AI.
4. Organizational processes and structures that may inhibit effective AI adoption.
6. Ideas and approaches to help build your organization's AI strategy.
What is an RPA CoE? Session 1 – CoE Vision
In the first session, we will review the organization's vision and how this has an impact on the COE Structure.
Topics covered:
• The role of a steering committee
• How do the organization’s priorities determine CoE Structure?
Speaker:
Chris Bolin, Senior Intelligent Automation Architect Anika Systems
"Choosing proper type of scaling", Olena Syrota
Imagine an IoT processing system that is already quite mature and production-ready and for which client coverage is growing and scaling and performance aspects are life and death questions. The system has Redis, MongoDB, and stream processing based on ksqldb. In this talk, firstly, we will analyze scaling approaches and then select the proper ones for our system.
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays, June 2024 with Maria Copot 20
Northern Engraving | Nameplate Manufacturing Process - 2024
Manufacturing custom quality metal nameplates and badges involves several standard operations. Processes include sheet prep, lithography, screening, coating, punch press and inspection. All decoration is completed in the flat sheet with adhesive and tooling operations following. The possibilities for creating unique durable nameplates are endless. How will you create your brand identity? We can help!
AppSec PNW: Android and iOS Application Security with MobSF
Mobile Security Framework - MobSF is a free and open source automated mobile application security testing environment designed to help security engineers, researchers, developers, and penetration testers to identify security vulnerabilities, malicious behaviours and privacy concerns in mobile applications using static and dynamic analysis. It supports all the popular mobile application binaries and source code formats built for Android and iOS devices. In addition to automated security assessment, it also offers an interactive testing environment to build and execute scenario based test/fuzz cases against the application.
This talk covers:
Using MobSF for static analysis of mobile applications.
Interactive dynamic security assessment of Android and iOS applications.
Solving Mobile app CTF challenges.
Reverse engineering and runtime analysis of Mobile malware.
How to shift left and integrate MobSF/mobsfscan SAST and DAST in your build pipeline.
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
At this talk we will discuss DDoS protection tools and best practices, discuss network architectures and what AWS has to offer. Also, we will look into one of the largest DDoS attacks on Ukrainian infrastructure that happened in February 2022. We'll see, what techniques helped to keep the web resources available for Ukrainians and how AWS improved DDoS protection for all customers based on Ukraine experience
GNSS spoofing via SDR (Criptored Talks 2024)
In the realm of cybersecurity, offensive security practices act as a critical shield. By simulating real-world attacks in a controlled environment, these techniques expose vulnerabilities before malicious actors can exploit them. This proactive approach allows manufacturers to identify and fix weaknesses, significantly enhancing system security.
This presentation delves into the development of a system designed to mimic Galileo's Open Service signal using software-defined radio (SDR) technology. We'll begin with a foundational overview of both Global Navigation Satellite Systems (GNSS) and the intricacies of digital signal processing.
The presentation culminates in a live demonstration. We'll showcase the manipulation of Galileo's Open Service pilot signal, simulating an attack on various software and hardware systems. This practical demonstration serves to highlight the potential consequences of unaddressed vulnerabilities, emphasizing the importance of offensive security practices in safeguarding critical infrastructure.
Essentials of Automations: Exploring Attributes & Automation Parameters
Building automations in FME Flow can save time, money, and help businesses scale by eliminating data silos and providing data to stakeholders in real-time. One essential component to orchestrating complex automations is the use of attributes & automation parameters (both formerly known as “keys”). In fact, it’s unlikely you’ll ever build an Automation without using these components, but what exactly are they?
Attributes & automation parameters enable the automation author to pass data values from one automation component to the next. During this webinar, our FME Flow Specialists will cover leveraging the three types of these output attributes & parameters in FME Flow: Event, Custom, and Automation. As a bonus, they’ll also be making use of the Split-Merge Block functionality.
You’ll leave this webinar with a better understanding of how to maximize the potential of automations by making use of attributes & automation parameters, with the ultimate goal of setting your enterprise integration workflows up on autopilot.
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Simplify your search for a reliable Python development partner! This list presents the top 10 trusted US providers offering comprehensive Python development services, ensuring your project's success from conception to completion.
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
A Mix Chart displays historical data of numbers in a graphical or tabular form. The Kalyan Rajdhani Mix Chart specifically shows the results of a sequence of numbers over different periods.
Session 1 - Intro to Robotic Process Automation.pdf
👉 Check out our full 'Africa Series - Automation Student Developers (EN)' page to register for the full program:
https://bit.ly/Automation_Student_Kickstart
In this session, we shall introduce you to the world of automation, the UiPath Platform, and guide you on how to install and setup UiPath Studio on your Windows PC.
📕 Detailed agenda:
What is RPA? Benefits of RPA?
RPA Applications
The UiPath End-to-End Automation Platform
UiPath Studio CE Installation and Setup
💻 Extra training through UiPath Academy:
Introduction to Automation
UiPath Business Automation Platform
Explore automation development with UiPath Studio
👉 Register here for our upcoming Session 2 on June 20: Introduction to UiPath Studio Fundamentals: https://community.uipath.com/events/details/uipath-lagos-presents-session-2-introduction-to-uipath-studio-fundamentals/
Recently uploaded (20)
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
Demystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through Storytelling
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024
AppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSF
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
Session 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdf
Security coding c and c++ ch8 (1)
- 1. Secure Coding in C and C++ ch8 - File I/O (1) cmj
- 2. Outline ● 8.1 File I/O Basic ● 8.2 File I/O Interfaces ● 8.3 Access Control ● 8.4 File Identification ● 8.5 Race Conditions ● 8.6 Mitigation Strategies
- 3. File I/O Basic ● What’s the file system? ○ A hierarchical structure which non-terminal nodes are directory and terminal nodes are files. ● Many file systems ○ Older system: MS-DOS, ext2 ○ journaling file system: ext4 ○ Distributed File System: gluster, GFS, Ceph ○ Network File System: SMB, AFP ● Special Files ○ Regular File / Directory / Link ○ Pipe / Socket ○ Char device / Block device
- 4. File I/O Interfaces ● File I/O need <stdio.h> in C ○ Byte or char type I/O ○ Wide-character type I/O ● Using <iostream> in C++ ○ Wide-character use wifstream/wofstream/wiofstream/wfstream
- 5. File I/O Interfaces (Cont’d) ● Data Stream ○ FILE * ○ fopen: mode (r/w/a/b/+) ○ w is added in C11 ■ Failed if file is already existed. ● POSIX way ○ File descriptor, from 0 to OPEN_MAX ■ sysconf(_SC_OPEN_MAX); ○ fopen is wrappered as open
- 6. Access Control ● File in UNIX system has UID and GID ○ Read(r) / Write(w) / Execute(x) ○ std.id(s): /usr/bin/passwd ■ Execute as the owner/group. ○ sticky(t): usually used in /tmp ■ Only owner or root can remove. ■ Should run on physical memory only.
- 7. IDs ● ID ○ RUID (real user ID) ○ EUID (effective user ID) ○ SSUID (saved set-user-ID) ● setuid() ○ Need root but cannot su - ○ setuid workable for RUID/SSUID ● Processes instantiated by ○ system / fork / exec ○ Inherit RUID and EUID
- 8. IDs (Cont’d) ● wall ○ -rwxr-sr-x 1 root tty /usr/bin/wall ○ crw--w---- 1 root tty /dev/tty1 ● passwd ○ -rwsr-xr-x 1 root root /usr/bin/passwd
- 9. Vulnerabilities ● Run with elevated privileges and access files ○ Chance to exploit you program. ○ OpenSSH: ■ open copyright file with root privileges. ■ copyright=/etc/shadow ● setuid program carry significant risk ○ Do anything the owner of file is allowed ○ If owner is root, everything is possible.