Synthetic Memory Protections - An update on ROP mitigations
https://www.openbsd.org/papers/csw2023.pdf [www.openbsd.org]
2023-03-25 19:35
tags:
cpu
defense
malloc
openbsd
pdf
security
slides
systems
ROP methods have become increasingly sophisticated
But we can identify system behaviours which only ROP code requires
We can contrast this to what Regular Control Flow code needs
And then, find behaviours to block
source: HN
The New York City Subway Map as You’ve Never Seen It Before
https://www.nytimes.com/interactive/2019/12/02/nyregion/nyc-subway-map.html [www.nytimes.com]
2019-12-03 02:06
tags:
design
maps
nyc
slides
urban
visualization
The three ins of web design: interesting and infuriatingly interactive.
source: DF
The Berlin Wall Fell 30 Years Ago. Where Did It Go?
https://www.wsj.com/graphics/the-berlin-wall-fell-30-years-ago-where-did-it-go/ [www.wsj.com]
2019-11-06 23:32
tags:
history
maps
slides
visualization
Game of Trees
https://www.openbsd.org/papers/eurobsdcon2019-gameoftrees.pdf [www.openbsd.org]
2019-09-27 19:48
tags:
beta
development
git
openbsd
pdf
slides
swtools
Game of Trees is a work-in-progress version control system which attempts to be appealing to OpenBSD developers.
https://gameoftrees.org/
Banding in Games: A Noisy Rant
http://loopit.dk/banding_in_games.pdf [loopit.dk]
2019-07-30 02:36
tags:
gaming
gl
graphics
pdf
slides
If you use sRGB correctly, you’re doing pretty well - you will generally hardly notice banding (though dark areas remain)
If you are not on a platform where it’s readily available, or you want to get rid of the last issues, the rest of this presentation is for you
Dithering. Lots of dithering.
source: HN
Defending against transient execution attacks
https://www.dimva2019.org/wp-content/uploads/sites/31/2019/06/190620-DIMVA-keynote-FP.pdf [www.dimva2019.org]
2019-06-22 21:45
tags:
cpu
pdf
security
sidechannel
slides
It is important to build up a systematic understanding of these attacks and possible defenses
source: grugq
Exploitation and state machines
https://downloads.immunityinc.com/infiltrate-archives/Fundamentals_of_exploitation_revisited.pdf [downloads.immunityinc.com]
2019-05-08 17:46
tags:
development
exploit
pdf
security
slides
Per author, Thomas Dullien / Halvar Flake:
I know this borders on vanity and wanking, but ... re-reading my Infiltrate 2011 slides, I think that talk was probably one of my better talks. It contained many ideas in seed form that take (or took) years to flesh out properly.
source: grugq
Vulnerability in compiler leads to perfect stealth backdoor in software
https://2018.zeronights.ru/wp-content/uploads/materials/04-Vulnerability-in-compiler-leads-to-stealth-backdoor-in-software.pdf [2018.zeronights.ru]
2019-01-18 04:28
tags:
compiler
cpu
pdf
security
slides
Formally speaking, the bug in the compiler does not take into account the
“!” (not) operator in context of equal checks.
In the bogus environment of ml compiler, truth equation of “!” is changed.
From the same line of code, we have a different logic result.
Trusting the source code is now an error. The real logic is masked by the bug.
Some of the slides seem a little wonky with overwritten text, but mostly comprehensible.
source: L
The Rocky Road to TLS 1.3
https://fahrplan.events.ccc.de/congress/2018/Fahrplan/system/event_attachments/attachments/000/003/637/original/tls13.pdf [fahrplan.events.ccc.de]
2019-01-02 18:20
tags:
crypto
networking
pdf
security
slides
standard
Patterns of Refactoring C to Rust: The case of librsvg
https://people.gnome.org/~federico/blog/docs/fmq-refactoring-c-to-rust.pdf [people.gnome.org]
2018-12-05 20:48
tags:
c
development
library
pdf
programming
rust
slides
A year has passed, and now we have a team of people working on the Rustification of librsvg. I want to show you how we are doing it, and some common code patterns that have emerged.
source: L
NUClear explotion
https://embedi.com/event/nuclear-explotion/ [embedi.com]
2018-11-27 19:16
tags:
bios
hardware
security
slides
A major and the most significant approach to UEFI BIOS security is to prevent it from being illegitimately modified and the SPI flash memory from being overwritten. Modern vendors use a wide range of security mechanisms to ensure that (SMM BLE / SMM BWP / PRx / Intel BIOS Guard) and hardware-supported verification technologies (Intel Boot Guard). In other words, they do everything just not to let an attacker place a rootkit into a system.
In this talk, there were some thoughts on how vendors manage to throw all those security flaws together in one system using Intel NUC, a small home PC, as an example. Besides, researchers demonstrated how an adversary can compromise BIOS from the userland.
Powerpoint slides.
source: solar
Archives of POC2018
http://powerofcommunity.net/2018.htm [powerofcommunity.net]
2018-11-27 19:13
tags:
archive
links
pdf
security
slides
Denis Kolegov, Oleg Broslavsky, “WebGoat.SDWAN.Net in Depth”
En He, Jiashui Wang “Hacking Android VoIP for Fun and Profit!”
Gmliu, “Windows Kernel Fuzzing”
Jaanus Kääp, “Document parsers “research” as passive income”
Jiafeng Li, Zuotong Feng, “How to Exploit Blockchain Public Chain and Smart Contract Vulnerability”
Jin Liu & Chong Xu, “Pwning Microsoft Edge Browser: From Memory Safety Vulnerability to Remote Code Execution”
Kang Li, “Practical evading attacks on commercial AI image recognition services”
Liang Chen, “Era of iOS 12 with A12: End of iOS War?”
Lidong LI & Naijie XU, “802.11 Smart Fuzzing”
Ned Williamson, “Exploiting Chrome IPC”
Nikita Tarakanov, “Automating Windows Kernel Pool Overflow/Corruption Exploits Development”
Samuel Groß, “IPC MitM: Exploiting a Fun Logic Bug for Kernel-Mode Code Execution on MacOS”
Tielei Wang, Hao Xu, “IOService Becomes a Grandpa”
WYP, “Vulnerability analysis of Z-wave products used in Korea”
Yannay Livneh, “Baby I can drive your car: remotely hacking Telematics CAN-connected devices”
Yongtao Wang, Sai Cheng, Jie Fu, “SSRF To RCE In Java ”
Yunhai Zhang, “Diving into Windows Defender Application Guard”
source: solar
Turning your BMC into a revolving door
https://airbus-seclab.github.io/ilo/ZERONIGHTS2018-Slides-EN-Turning_your_BMC_into_a_revolving_door-perigaud-gazet-czarny.pdf [airbus-seclab.github.io]
2018-11-27 19:09
tags:
admin
bios
hardware
pdf
security
slides
Baseboard Management Controller (BMC) embedded in most of HP servers for more than 10 years. Chipset directly integrated on the server’s motherboard.
There’s a computer inside your computer.
source: solar
OpenBSD EuroBSDcon 2018
https://www.openbsd.org/events.html#eurobsdcon2018 [www.openbsd.org]
2018-09-26 18:27
tags:
defense
development
openbsd
security
slides
Marc Espie, Advances in OpenBSD packages: https is a lie (slides)
Kristaps Džonsons, OpenBSD and Diving (slides)
Ingo Schwarze, Better documentation - on the web and for LibreSSL (slides, source)
Bob Beck, Unveil in OpenBSD (slides)
Todd Mortimer, Removing ROP Gadgets from OpenBSD (slides)
Bob Beck, LibTLS Tutorial for TLS beginners (tutorial)
Peter Hessler, Introduction to BGP for developers and sysadmins
Fuzzing the OpenBSD Kernel
https://www.openbsd.org/papers/fuzz-slides.pdf [www.openbsd.org]
2018-09-06 19:35
tags:
fuzzing
openbsd
pdf
slides
systems
Fuzzing the OpenBSD kernel using the syzkaller kernel fuzzer.
kcov(4)
A driver for tracking kernel code coverage.
Enabled on a per thread basis.
The kernel program counter is tracked during syscalls made by the same thread.
Not a strict requirement for syzkaller but improves its ability to generate interesting programs.
A Modern History of Offensive Security Research
https://docs.google.com/presentation/d/19HfkIojyLE8L8X8aZT-lJont96JqIg4PqEhb2juIK2c/edit#slide=id.p [docs.google.com]
2018-08-20 00:59
tags:
development
exploit
links
retro
security
slides
Links in the slide notes.
source: grugq
Pledge, and Unveil, in OpenBSD
https://www.openbsd.org/papers/BeckPledgeUnveilBSDCan2018.pdf [www.openbsd.org]
2018-06-11 09:58
tags:
defense
fs
openbsd
pdf
security
slides
Unveiling a directory unveils everything underneath it in the filesystem
source: L
Reverse Engineering Windows Defender’s JavaScript Engine
https://recon.cx/2018/brussels/resources/slides/RECON-BRX-2018-Reverse-Engineering-Windows-Defender-s-JavaScript-Engine.pdf [recon.cx]
2018-04-09 16:15
tags:
exploit
investigation
javascript
pdf
programming
security
slides
windows
More than you ever wanted to know about the JS engine most people never think about.
source: solar
OpenBSD vmm/vmd Update
https://www.openbsd.org/papers/asiabsdcon2018-vmm-slides.pdf [www.openbsd.org]
2018-03-09 18:11
tags:
openbsd
pdf
slides
update
virtualization
New guests, better hardware emulation, send and receive, etc.
source: L
The Evolution of CFI Attacks and Defenses
https://raw.githubusercontent.com/Microsoft/MSRC-Security-Research/master/presentations/2018_02_OffensiveCon/The%20Evolution%20of%20CFI%20Attacks%20and%20Defenses.pdf [raw.githubusercontent.com]
2018-03-08 18:36
tags:
compiler
defense
pdf
security
slides
windows