HowTo: Turn off Linux Security Mechanisms
You are probably going to want to do this to make your initial exploit examples easier to work with and understand.
HowTo: Using MSF to Make Linux Shellcode
Here’s a quick one liner to make linux shell code that runs “exec /bin/bash”. The last argument of c to msfencode generates the c.
Rationality & Privacy: How People Make Decisions About Confidentiality
“In everything one thing is impossible: rationality.” –Friedrich Nietzsche
The GNU Compiler Collection has a FORTIFY_SOURCE option that does automatic bounds checking of dangerous functions to prevent simple buffer overflows. The FORTIFY_SOURCE code will do static and dynamic checks on buffer sizes to prevent these buffer overflows.
OWASP VicNum Project
Vicnum is a training game put out by OWASP. If you play the game the first page will ask you for your name. Enter anything then hit continue. I typed ‘Name’. You should be at this URL now:
Simple Intro to Interposition in C
This is a toy program that we want to monkeypatch. It really doesn’t do anything except call socket().
Beware: A New Approach To Cyber Security That's Not Safe For Coders
Hi there! So this post will be the first in a series that focuses on an interdisciplinary approach to cyber security- with an emphasis on finance. The series of posts will address the growing evidence that security can only be achieved through a thorough, well-rounded understanding of all the issues that play a role in cyber security. Thanks for reading, and I hope you enjoy!
Gera's Insecure Programming Format String #1
A well-known set of vulnerable programs to practice exploitation can be found at gera’s insecure programming. I will go through several challenges over the coming weeks. Ideally, I want to complete them all. Let’s see how far I can go. In this post I will go over how to solve format string #1 (fs1.c).