crazylazy.info

The hardended heap

What a long headline...

The attack surfaces of modern NT 6 systems shifted. Nowadays there's no generic way to bypass heap protection mechanisms. There're many requirements to meet to exploit vulnerabilities with current approaches. In the following this is a about attacking heap data (application specific) and not heap metadata (generic).

The Heap and its Memory API

Stack buffer overflows are extinct

Exploiting stack buffer overflows on modern operating systems is harder these days, because lots of mitigations are to overcome.
For example on Windows there's not only /GS - which is activated by default on Visual Studio nowadays - but also nx stack pages, ASLR, DEP and what not. This may lead to return-oriented attacks, but I personally think that even secure programming has improved in case of stack buffer overflows. So they're rare and relatively cumbersome to exploit, because they're understood and mitigated.

Is everybody being deceptive?

When we're not there, we aren't there to know that we're not there.

I recently listened to the 7th episode of the Social Engineering podcast. - That made me take some notes, and I think I remember some quotes.
In short it was simply about using familiar routines - or those routines which should be familiar - in order to successfully blind somebody else's mind into a routine workflow.

It's the famous data-kraken! He'll get us all.

When I was playing around with Facebook lately to setup an excuse account with my valid eMail address, in case some retard wants to impersonate me, I found out that social networks not only collect member data. Newer (iPhone/i* - stuff) applications for example make users synchronize their phone contacts into these web-services.

wishi's Fuzz-Box

A Fuzz-Box for me is a standalone machine. It has to:

• host multiple virtual machines at once (max 2 in my case)
• effectively manage ~4 GB RAM
• be Linux compatible with, stable clean device drivers
• energy efficient and ergonomically able to run 24h/day 7d/week...

Scaling Hardware?

You don't want a performance monster. - Or a gaming machine. And you do not want trash, because you're going to spend valuable time with it.

Reach the registers

"Hey, it's easy"

Practical Cryptography by Niels Ferguson and Bruce Schneier is not necessarily scientific. In fact that's where it's making a difference: it's not just theory and addresses modern problems with cryptographic  implementations pragmatically. It's for people who audit these kinds of source code; for example.