The document discusses format string vulnerabilities, which occur when user-supplied input containing format specifiers is used without validation in functions like printf(). Format strings allow viewing process memory, crashing programs, or overwriting memory locations like the instruction pointer. While buffer overflows have thousands of exploits, format string vulnerabilities are less common but easier to find due to programmer mistakes. Exploiting format strings can lead to privilege escalation, crashes, or arbitrary code execution. Examples of past vulnerabilities are discussed.
Scalability, Fidelity and Stealth in the DRAKVUF Dynamic Malware Analysis SystemTamas K Lengyel
The document describes DRAKVUF, a dynamic malware analysis system that aims to improve scalability, fidelity, and stealthiness. It uses Xen virtualization and memory monitoring techniques like EPT to analyze malware behavior in a monitored virtual environment without the malware's knowledge. An evaluation analyzed 1000 malware samples, found key data only existed in memory, and showed throughput could be improved with memory deduplication. The system helps address issues with analyzing large malware sets but challenges remain like handling stalled code.
59. for
• seq start end
• start から endまでの数字を順に出力
• seq start d end
• start から endまでの数字をdおきに出力
!
• for((i=0;i<10;i+=2)) ==> for i in `seq 0 2 9`
60. while
• while cond
• condがtrueの間続く処理をループする
!
• $ while true
> do
> echo hoge
> done
61. while
• while read line
• 標準入力から一行ずつ$lineに読み込む
• $lineを参照することで行単位の処理が可能
• $ cat filelist.txt ¦ while read line
> do
> rm $line
> done
# filelist.txtに書かれているファイルを削除