HowTo: Turn off Linux Security Mechanisms

You are probably going to want to do this to make your initial exploit examples easier to work with and understand.

HowTo: Using MSF to Make Linux Shellcode

Here’s a quick one liner to make linux shell code that runs “exec /bin/bash”. The last argument of c to msfencode generates the c.

Rationality & Privacy: How People Make Decisions About Confidentiality

“In everything one thing is impossible: rationality.” –Friedrich Nietzsche

FORTIFY_SOURCE Semantics

The GNU Compiler Collection has a FORTIFY_SOURCE option that does automatic bounds checking of dangerous functions to prevent simple buffer overflows. The FORTIFY_SOURCE code will do static and dynamic checks on buffer sizes to prevent these buffer overflows.

OWASP VicNum Project

Vicnum is a training game put out by OWASP. If you play the game the first page will ask you for your name. Enter anything then hit continue. I typed ‘Name’. You should be at this URL now:

Simple Intro to Interposition in C

This is a toy program that we want to monkeypatch. It really doesn’t do anything except call socket().

Beware: A New Approach To Cyber Security That's Not Safe For Coders

Hi there! So this post will be the first in a series that focuses on an interdisciplinary approach to cyber security- with an emphasis on finance.  The series of posts will address the growing evidence that security can only be achieved through a thorough, well-rounded understanding of all the issues that play a role in cyber security.  Thanks for reading, and I hope you enjoy!              

Gera's Insecure Programming Format String #1

A well-known set of vulnerable programs to practice exploitation can be found at gera’s insecure programming. I will go through several challenges over the coming weeks. Ideally, I want to complete them all. Let’s see how far I can go. In this post I will go over how to solve format string #1 (fs1.c).