Operating Systems Security
- Sebek tool.
- Smashing the Stack for Fun and Profit
- Writing buffer overflow exploits
- Buffer Overflow 7: The Stack Operation
- A Complete Tutorial, with
findeggaddr. Not sure how useful that has been, since
gdbseemed to more easily find the areas of interest.
- Also, see Hacking: The Art of Exploitation, 0x331.
- Typical Linux program stack.
Industrial control and security. Intersection of Artificial Intelligence and Information Security.
- Text classification.
- Reducing False Alarms, grouping alarms for root causes.
- Incorrect protocol use.
- Training systems.
- Siemens PLC Security Vulnerabilities – It Just Gets Worse
- SCADA HoneyNet Project
- On PLC Controllers and Obvious Statements
- Concept of Virus in PLCs Software
- PLCs on the Internet
- Repository of Industrial Security
- Use Red Hat Enterprise Linux 4.4 Base (image)" or "Xinu (CSC501)". Some people mess with these images. Do all individuals have re-install rights? ASLR.
- Output assembly:
gcc -S -o example1.s example1.c
-gif you want debugging symbols.
- On older kernels:
/sbin/sysctl -w kernel.exec-shield=0; /sbin/sysctl -w kernel.exec-shield-randomize=0
- On newer kernels (2.6):
/sbin/sysctl -w kernel.exec-shield=0; /sbin/sysctl -w kernel.randomize_va_space=0
- Described in brk-fix-2.patch.
/sbin/sysctlallows you modify kernel parameters at runtime.
gdb seems to have a serious issue aligning what people actually want to do with it, versus what most tutorials seem interested in describing.
- If you can't figure out how to debug from the very, very beginning of the program, try
- Linux software debugging with GDB
- The GNU Project Debugger, documentation.
killto kill the current process if you've goofed.
- Disassemble instructions in hex format.
objdump --disassemble-all file.bin
- File to test shellcode.
- Shellcode: the assembly cocktail.
- Producing assembly code.
- From the GDB manual: How do I examine memory? Short answer: use
- Print registers with
info reg, for example
info reg esp.
- Write directly to memory:
set *(long *) 0xabcd = -1
- Some more information on environment addresses: What do the perl codes do?
Working with Environment Variables
show envto show all environment variables.
- To set:
- To clear all:
environis located at
0xbfffff00 and points to
- The EGG is at
- Core dump at:
- CSAW CTF Kernel Exploitation Challenge. Competition. Stack canary.
- The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage by Cliff Stoll
- Hacking: The Art of Exploitation, 2nd Edition by John Erickson
- The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler by Chris Eagle
- Computer and Information Security Handbook by John Vacca
- Introduction to Computer Security by Michael Goodrich