Virtual USB Fuzzer Updates
|
|
- Wilfrid Arthur Parsons
- 5 years ago
- Views:
Transcription
1 Virtual USB Fuzzer Updates [ ] usb 1-1: new full-speed USB device number 48 using xhci_hcd [ ] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 10 [ ] usb 1-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 27 [ ] usb 1-1: New USB device found, idvendor=04c5, idproduct=10c7 [ ] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ ] usb 1-1: Product:?<89> [ ] usb 1-1: Manufacturer:?<89> [ ] usb 1-1: SerialNumber: % [ ] usbhid 1-1:1.0: couldn't find an input interrupt endpoint [ ] BUG: unable to handle kernel NULL pointer dereference at f [ ] IP: [<ffffffff8119ff4d>] kmalloc+0x8d/0x190 [ ] PGD 61a0067 PUD 59e5067 PMD 0 [ ] Oops: 0000 [#1] SMP [ ] Modules linked in: io_ti ipaq ftdi_sio usbserial snd_usb_audio snd_usbmidi_lib snd_hwdep snd_pcm snd_page_alloc snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq snd_seq_device snd_timer snd soundcore dvb_usb_dib0700 dib8000 dib7000m dib0090 dib0070 dib7000p dib3000mc dibx000_common dvb_usb dvb_core rc_core gspca_zc3xx gspca_main videodev usbhid hid cirrus ttm drm_kms_helper drm bnep rfcomm psmouse bluetooth serio_raw syscopyarea sysfillrect sysimgblt i2c_piix4 mac_hid parport_pc ppdev lp parport e1000 floppy [ ] CPU: 0 PID: 1252 Comm: systemd-udevd Not tainted generic #46-Ubuntu [ ] Hardware name: QEMU Standard PC (i440fx + PIIX, 1996), BIOS Bochs 01/01/2011 [ ] task: ffff f0 ti: ffff dc000 task.ti: ffff dc000 [ ] RIP: 0010:[<ffffffff8119ff4d>] [<ffffffff8119ff4d>] kmalloc+0x8d/0x190 [ ] RSP: 0018:ffff ddd80 EFLAGS: [ ] RAX: RBX: ffff d7780 RCX: f9e1 [ ] RDX: f9e0 RSI: RDI: ffffffff [ ] RBP: ffff dddb0 R08: R09: [ ] R10: ffff880005d42000 R11: R12: f [ ] R13: d0 R14: f8 R15: ffff [ ] FS: 00007f0081b02880(0000) GS:ffff (0000) knlgs: [ ] CS: 0010 DS: 0000 ES: 0000 CR0: b [ ] CR2: f CR3: CR4: f0 [ ] Stack: [ ] ffffffff ffff d7780 ffff880005d fffffff4 [ ] ffff de f8 ffff dde78 ffffffff [ ] ffff dddd0 ffffffff813199c3 ffff dde38 ffffffff81318d82 [ ] Call Trace: Sergej Schumilo - sergej@os-t.de
2 Bugs in USB Device Drivers USB Code runs inside the Kernel An exploit could potentially compromise the whole OS Privilege Escalation Kernel-Rootkit etc.. History (using HW fuzzers) CVE CVE CVE CVE Sergej Schumilo - sergej@os-t.de
3 Proof CVE CVE Sergej Schumilo - sergej@os-t.de
4 vusbf finds bugs fast! Speed -> more code coverage USB requires HW Solution vusbf: virtualize OS to execute multiple instances on emulate USB-device instead of using real USB-devices for data generation 4 Sergej Schumilo - sergej@os-t.de
5 vusbf Virtualization using QEMU / KVM USB Data injection through USB-Redirection protocol USB-Emulation of core protocol (Enumeration) and subprotocols (HID, SCSI, etc.) Permutation Fuzzing Engine Multiprocessing / Clustering capabilities Logging of crashes in reproducible formats Up to 360 test per second vusbf was initially released at Black Hat Europe Sergej Schumilo - sergej@os-t.de
6 vusbf Performance reload mode non reload mode HW fuzzer 0,5 0,5 vusbf Multiprocessing vusbf Clustering tests per seconds 6 Sergej Schumilo - sergej@os-t.de
7 vusbf CLI it s okay - but difficult to use and to demonstrate the impact 7 Sergej Schumilo - sergej@os-t.de
8 Introducing the new vusbf Frontend 8 Sergej Schumilo - sergej@os-t.de
9 vusbf Fronted 9 Sergej Schumilo - sergej@os-t.de
10 Introducing the CAOS Stick 10 Sergej Schumilo - sergej@os-t.de
11 CAOS-Stick CRASH ANY OPERATING SYSTEM Based on LeoStick Arduino Leonardo compatible vusbf automatically generate compatible firmwares CAOS-Stick is capable to store multiple USB-Payloads Fully programmable Time-To-Wait-Until-Execute Timeout-Between-Payloads UART-Interface for debug purposes 11 Sergej Schumilo - sergej@os-t.de
12 Demo 12 Sergej Schumilo - sergej@os-t.de
13 Possible Payloads Multiple drivers of Linux, FreeBSD, OS X, MS Windows are vulnerable at least 30 vulnerable drivers in Linux Nullpointer-Dereferences, Page-Faults, Bufferoverflow, etc. appropriable for DoS-attacks Stack-Bufferoverflows only exploitable in combination of an information leakage 13 Sergej Schumilo - sergej@os-t.de
14 Future Work Manual analyses of discovered bugs Comprehensive vusbf fuzzing of OS X Publishing the bugs Implementation of more advanced USB fuzzing techniques Kernel-land AFL fuzzer USB-redirection fuzzer (learning by intercepting) Fuzz other kernel interfaces by using the already established infrastructure PCI-Express Intel Thunderbolt Local Kernel-Interfaces syscalls ioctl 14 Sergej Schumilo - sergej@os-t.de
15 Thank you! Questions? 15 Sergej Schumilo - sergej@os-t.de
OS-S Security Advisory Linux aiptek Nullpointer Dereference
OS-S Security Advisory 2016-05 Linux aiptek Nullpointer Dereference Date: March 4 th, 2016 Authors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg CVE: CVE-2015-7515 CVSS: 4.9 (AV:L/AC:L/Au:N/C:N/I:N/A:C)
More informationOS-S Security Advisory Linux iowarrior Nullpointer Dereference
OS-S Security Advisory 2016-15 Linux iowarrior Nullpointer Dereference Date: March 4 th, 2016 Authors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg CVE: CVE-2016-2188 CVSS: 4.9 (AV:L/AC:L/Au:N/C:N/I:N/A:C)
More informationOS-S Security Advisory Linux gtco Nullpointer Dereference
OS-S Security Advisory 2016-14 Linux gtco Nullpointer Dereference Date: March 4 th, 2016 Authors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg CVE: CVE-2016-2187 CVSS: 4.9 (AV:L/AC:L/Au:N/C:N/I:N/A:C)
More informationOS-S Security Advisory Linux mct_u232 Nullpointer Dereference
OS-S Security Advisory 2016-08 Linux mct_u232 Nullpointer Dereference Date: March 4 th, 2016 Authors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg CVE: CVE-2016-3136 CVSS: 4.9 (AV:L/AC:L/Au:N/C:N/I:N/A:C)
More informationDecoding Those Inscrutable RCU CPU Stall Warnings
Paul E. McKenney, IBM Distinguished Engineer, Linux Technology Center Member, IBM Academy of Technology Open Source Summit North America, September 12, 2017 Decoding Those Inscrutable RCU CPU Stall Warnings
More informationDecoding Those Inscrutable RCU CPU Stall Warnings
Paul E. McKenney, IBM Distinguished Engineer, Linux Technology Center Member, IBM Academy of Technology linux.conf.au Kernel Miniconf, January 22, 2018 Decoding Those Inscrutable RCU CPU Stall Warnings
More informationTecniche di debugging nel kernel Linux. Andrea Righi -
Tecniche di debugging nel kernel Linux Agenda Overview (kernel programming) Kernel crash classification Debugging techniques Example(s) Q/A What's a kernel? The kernel provides an abstraction layer for
More informationMultiNyx: A Multi-Level Abstraction Framework for Systematic Analysis of Hypervisors. Pedro Fonseca, Xi Wang, Arvind Krishnamurthy
MultiNyx: A Multi-Level Abstraction Framework for Systematic Analysis of Hypervisors Pedro Fonseca, Xi Wang, Arvind Krishnamurthy Hypervisor correctness is critical Hypervisors need to virtualize correctly
More informationOverview of the x86-64 kernel. Andi Kleen, SUSE Labs, Novell Linux Bangalore 2004
Overview of the x86-64 kernel Andi Kleen, SUSE Labs, Novell ak@suse.de Linux Bangalore 2004 What s wrong? x86-64, x86_64 AMD64 EM64T IA32e IA64 x64, CT Names x86-64, x86_64 AMD64 EM64T IA32e x64 CT Basics
More informationMASSIVE SCALE USB DEVICE DRIVER FUZZ WITHOUT DEVICE. HC Tencent s XuanwuLab
MASSIVE SCALE USB DEVICE DRIVER FUZZ WITHOUT DEVICE HC Ma @ Tencent s XuanwuLab whoami Security Researcher@ Used to doing Chemistry; Interested in: Console Hacking; Embedded Device Security; Firmware Reverse
More informationAssembly Language for x86 Processors 7 th Edition. Chapter 2: x86 Processor Architecture
Assembly Language for x86 Processors 7 th Edition Kip Irvine Chapter 2: x86 Processor Architecture Slides prepared by the author Revision date: 1/15/2014 (c) Pearson Education, 2015. All rights reserved.
More informationCS 16: Assembly Language Programming for the IBM PC and Compatibles
CS 16: Assembly Language Programming for the IBM PC and Compatibles Discuss the general concepts Look at IA-32 processor architecture and memory management Dive into 64-bit processors Explore the components
More informationFault Injection in System Calls
Fault Injection in System Calls Angelo Haller 2015-05-28 Fault Injection in System Calls 1 Angelo Haller 1 Why System Calls? 2 Trinity Bugs Found Inner Workings Fuzzing Process 3 Demo Annotated System
More information6/17/2011. Introduction. Chapter Objectives Upon completion of this chapter, you will be able to:
Chapter 2: The Microprocessor and its Architecture Chapter 2: The Microprocessor and its Architecture Chapter 2: The Microprocessor and its Architecture Introduction This chapter presents the microprocessor
More informationChapter 2: The Microprocessor and its Architecture
Chapter 2: The Microprocessor and its Architecture Chapter 2: The Microprocessor and its Architecture Chapter 2: The Microprocessor and its Architecture Introduction This chapter presents the microprocessor
More informationAn Introduction to Platform Security
presented by An Introduction to Platform Security Spring 2018 UEFI Seminar and Plugfest March 26-30, 2018 Presented by Brent Holtsclaw and John Loucaides (Intel) Legal Notice No computer system can be
More informationKDUMP AND INTRODUCTION TO VMCORE ANALYSIS
KDUMP AND INTRODUCTION TO VMCORE ANALYSIS HOW TO GET STARTED WITH INSPECTING KERNEL FAILURES PATRICK LADD TECHNICAL ACCOUNT MANAGER, RED HAT pladd@redhat.com slides available at https://people.redhat.com/pladd
More informationEscalating Privileges in Linux using Fault Injection. September 25, 2017
Escalating Privileges in Linux using Fault Injection Niek Timmers timmers@riscure.com (@tieknimmers) Cristofaro Mune c.mune@pulse-sec.com (@pulsoid) September 25, 2017 Fault Injection A definition... Introducing
More informationPrinceton University Computer Science 217: Introduction to Programming Systems Exceptions and Processes
Princeton University Computer Science 217: Introduction to Programming Systems Exceptions and Processes Much of the material for this lecture is drawn from Computer Systems: A Programmer s Perspective
More informationAMD SEV Update Linux Security Summit David Kaplan, Security Architect
AMD SEV Update Linux Security Summit 2018 David Kaplan, Security Architect WHY NOT TRUST THE HYPERVISOR? Guest Perspective o Hypervisor is code I don t control o I can t tell if the hypervisor is compromised
More informationECE 471 Embedded Systems Lecture 22
ECE 471 Embedded Systems Lecture 22 Vince Weaver http://www.eece.maine.edu/~vweaver vincent.weaver@maine.edu 31 October 2018 Don t forget HW#7 Announcements 1 Computer Security and why it matters for embedded
More informationLecture (02) The Microprocessor and Its Architecture By: Dr. Ahmed ElShafee
Lecture (02) The Microprocessor and Its Architecture By: Dr. Ahmed ElShafee ١ INTERNAL MICROPROCESSOR ARCHITECTURE Before a program is written or instruction investigated, internal configuration of the
More informationcom_apple_avebridge::submi tdata NULL Dereference
Apple - com_apple_avebridge::submi tdata NULL Dereference Software Affected Versions CVE Reference Author Severity Vendor Vendor Response Apple macos, Apple ios macos 10.13.1 CVE-2017-13858 Alex Plaskett
More informationLab 7 Linux Debugging. EECS 448: Software Engineering I Mark Calnon October 17, 2011
Lab 7 Linux Debugging EECS 448: Software Engineering I Mark Calnon October 17, 2011 GDB Getting Started To start gdb from the command line, first browse to the directory containing the core dump to debug
More informationKVM CPU MODEL IN SYSCALL EMULATION MODE ALEXANDRU DUTU, JOHN SLICE JUNE 14, 2015
KVM CPU MODEL IN SYSCALL EMULATION MODE ALEXANDRU DUTU, JOHN SLICE JUNE 14, 2015 AGENDA Background & Motivation Challenges Native Page Tables Emulating the OS Kernel 2 KVM CPU MODEL IN SYSCALL EMULATION
More informationVirtunoid: Breaking out of KVM
Virtunoid: Breaking out of KVM Nelson Elhage Black Hat USA 2011 July 27, 2011 Nelson Elhage (Black Hat USA 2011) Virtunoid: Breaking out of KVM July 27, 2011 1 / 42 Outline 1 KVM: Architecture overview
More informationEEM336 Microprocessors I. The Microprocessor and Its Architecture
EEM336 Microprocessors I The Microprocessor and Its Architecture Introduction This chapter presents the microprocessor as a programmable device by first looking at its internal programming model and then
More informationCharm: Facilitating Dynamic Analysis of Device Drivers of Mobile Systems
Charm: Facilitating Dynamic Analysis of Device Drivers of Mobile Systems Seyed Mohammadjavad Seyed Talebi, Hamid Tavakoli, Hang Zhang, Zheng Zhang, Ardalan Amiri Sani, Zhiyun Qian UC Irvine UC Riverside
More informationIntel Architecture. Compass Security Schweiz AG Werkstrasse 20 Postfach 2038 CH-8645 Jona
Intel Architecture Compass Security Schweiz AG Werkstrasse 20 Postfach 2038 CH-8645 Jona Tel +41 55 214 41 60 Fax +41 55 214 41 61 team@csnc.ch www.csnc.ch Content Intel Architecture Memory Layout C Arrays
More informationComputer Organization (II) IA-32 Processor Architecture. Pu-Jen Cheng
Computer Organization & Assembly Languages Computer Organization (II) IA-32 Processor Architecture Pu-Jen Cheng Materials Some materials used in this course are adapted from The slides prepared by Kip
More informationSecure Containers with EPT Isolation
Secure Containers with EPT Isolation Chunyan Liu liuchunyan9@huawei.com Jixing Gu jixing.gu@intel.com Presenters Jixing Gu: Software Architect, from Intel CIG SW Team, working on secure container solution
More informationConfigurations. Make menuconfig : Kernel hacking/
Kernel Debugging Configurations Make menuconfig : Kernel hacking/ Timing info on printks depreciated logic Detection of hung tasks SLUB debugging Kernel memory leak detector Mutext/lock debugging Kmemcheck
More informationSubverting the Linux Kernel Linux Kernel Rootkits 101
Subverting the Linux Kernel Linux Kernel Rootkits 101 Kernel Rootkits? A collection of program(s) that hide an attacker's presence and activities on a compromised system Typically allows an attacker to
More informationBuffer Overflow Attack (AskCypert CLaaS)
Buffer Overflow Attack (AskCypert CLaaS) ---------------------- BufferOverflow.c code 1. int main(int arg c, char** argv) 2. { 3. char name[64]; 4. printf( Addr;%p\n, name); 5. strcpy(name, argv[1]); 6.
More informationOperating Systems. Part 8. Operating Systems. What is an operating system? Interact with Applications. Vector Tables. The master software
Part 8 Operating Systems Operating Systems The master software Operating Systems What is an operating system? Master controller for all of the activities that take place within a computer Basic Duties:
More informationTesting System Virtual Machines
Testing System Virtual Machines Lorenzo Martignoni 1 Roberto Paleari 2 Giampaolo Fresi Roglia 2 Danilo Bruschi 2 1 Università degli Studi di Udine 2 Università degli Studi di Milano International Conference
More informationComputer Processors. Part 2. Components of a Processor. Execution Unit The ALU. Execution Unit. The Brains of the Box. Processors. Execution Unit (EU)
Part 2 Computer Processors Processors The Brains of the Box Computer Processors Components of a Processor The Central Processing Unit (CPU) is the most complex part of a computer In fact, it is the computer
More informationIntroduction to software exploitation ISSISP 2017
Introduction to software exploitation ISSISP 2017 1 VM https://drive.google.com/open?id=0b8bzf4ybu s1kltjsnlnwqjhss1e (sha1sum: 36c32a596bbc908729ea9333f3da10918e24d767) Login / pass: issisp / issisp 2
More information18-600: Recitation #4 Exploits
18-600: Recitation #4 Exploits 20th September 2016 Agenda More x86-64 assembly Buffer Overflow Attack Return Oriented Programming Attack 3 Recap: x86-64: Register Conventions Arguments passed in registers:
More informationVirtualization Device Emulator Testing Technology. Speaker: Qinghao Tang Title 360 Marvel Team Leader
Virtualization Device Emulator Testing Technology Speaker: Qinghao Tang Title 360 Marvel Team Leader 1 360 Marvel Team Established in May 2015, the first professional could computing and virtualization
More information1.1 For Fun and Profit. 1.2 Common Techniques. My Preferred Techniques
1 Bug Hunting Bug hunting is the process of finding bugs in software or hardware. In this book, however, the term bug hunting will be used specifically to describe the process of finding security-critical
More informationHITB Amsterdam
Closer to metal: Reverse engineering the Broadcom NetExtreme s firmware Guillaume Delugré Sogeti / ESEC R&D guillaume(at)security-labs.org HITB 2011 - Amsterdam Purpose of this presentation G. Delugré
More informationPrinceton University COS 217: Introduction to Programming Systems Fall 2017 Final Exam Preparation
Princeton University COS 217: Introduction to Programming Systems Fall 2017 Final Exam Preparation The exam is a three-hour, closed-book, closed-notes, closed-handouts exam. The exam is cumulative, but
More informationFrom Thousands of Hours to a Couple of Minutes: Towards Automating Exploit Generation for Arbitrary Types of Kernel Vulnerabilities
From Thousands of Hours to a Couple of Minutes: Towards Automating Exploit Generation for Arbitrary Types of Kernel Vulnerabilities 1 Who are We? Wei Wu @wu_xiao_wei Visiting scholar at JD.com Conducting
More informationAdvanced Microprocessors
Advanced Microprocessors Notes #2 Software Architecture & Instruction Set Architecture Part 1 EE 467/567 Winter 2012 by Avinash Kodi SWA.1 Background Materials Textbook: 2.1, 2.2, 3.1 Other: IA-32 Intel
More informationProcesses and Exceptions
Princeton University Computer Science 217: Introduction to Programming Systems Processes and Exceptions Much of the material for this lecture is drawn from Computer Systems: A Programmer s Perspective
More informationAssembly Language Programming 64-bit environments
Assembly Language Programming 64-bit environments October 17, 2017 Some recent history Intel together with HP start to work on 64-bit processor using VLIW technology. Itanium processor is born with the
More informationIntroduction to The x86 Microprocessor
Introduction to The x86 Microprocessor Prof. V. Kamakoti Digital Circuits And VLSI Laboratory Indian Institute of Technology, Madras Chennai - 600 036. http://vlsi.cs.iitm.ernet.in Protected Mode Memory
More informationLecture 4 CIS 341: COMPILERS
Lecture 4 CIS 341: COMPILERS CIS 341 Announcements HW2: X86lite Available on the course web pages. Due: Weds. Feb. 7 th at midnight Pair-programming project Zdancewic CIS 341: Compilers 2 X86 Schematic
More informationUNIT 2 PROCESSORS ORGANIZATION CONT.
UNIT 2 PROCESSORS ORGANIZATION CONT. Types of Operand Addresses Numbers Integer/floating point Characters ASCII etc. Logical Data Bits or flags x86 Data Types Operands in 8 bit -Byte 16 bit- word 32 bit-
More informationVirtually Impossible
Virtually Impossible The Reality of Virtualization Security Gal Diskin / Chief Research Officer / Cyvera LTD. /WhoAmI? Chief Research Officer @ Cvyera LTD Formerly Security Evaluation Architect of the
More informationBinghamton University. CS-220 Spring X86 Debug. Computer Systems Section 3.11
X86 Debug Computer Systems Section 3.11 GDB is a Source Level debugger We have learned how to debug at the C level But the machine is executing X86 object code! How does GDB play the shell game? Makes
More informationGeneral-purpose computing with VirtualBox on Genode/NOVA. Norman Feske
General-purpose computing with VirtualBox on Genode/NOVA Norman Feske Outline 1. VirtualBox 2. NOVA microhypervisor and Genode 3. Transplantation of VirtualBox to NOVA 4.
More informationCrashOS: Hypervisor testing tool
ISSRE 2017 Anaïs GANTET - Airbus Digital Security October 2017 Outline 1 Why CrashOS? 2 CrashOS presentation 3 Vulnerability research and results October 2017 2 ISSRE Outline 1 Why CrashOS? 2 CrashOS presentation
More informationCS3210: Booting and x86. Taesoo Kim
1 CS3210: Booting and x86 Taesoo Kim 2 What is an operating system? e.g. OSX, Windows, Linux, FreeBSD, etc. What does an OS do for you? Abstract the hardware for convenience and portability Multiplex the
More information64 bit Bare Metal Programming on RPI-3. Tristan Gingold
64 bit Bare Metal Programming on RPI-3 Tristan Gingold gingold@adacore.com What is Bare Metal? Images: Wikipedia No box What is Bare Metal? No Operating System Your application is the OS Why Bare Board?
More information18-600: Recitation #4 Exploits (Attack Lab)
18-600: Recitation #4 Exploits (Attack Lab) September 19th, 2017 Announcements Some students have triggered the bomb multiple times Use breakpoints for explode_bomb() Attack lab will be released on Sep.
More informationEthical Hacking: Preventing & Writing Buffer Overflow Exploits
Ethical Hacking: Preventing & Writing Buffer Overflow Exploits Rochester Security Summit 2014 Rochester OWASP Chapter Lead Ralph Durkee - Durkee Consulting, Inc. info@rd1.net Ralph Durkee Background Founder
More informationHuawei Frame Buffer Driver Arbitrary Memory Write
Huawei Frame Buffer Driver Arbitrary Memory Write 18/07/2017 Software Affected Versions Author Severity Vendor Vendor Response MediaTek Frame Buffer Driver Huawei Y6 Pro Dual SIM (TIT-L01C576B115) Mateusz
More informationLinux Kernel Exploitation. Where no user has gone before
Linux Kernel Exploitation Where no user has gone before Overview Background The Vulnerabilities The Plans The Exploits Lessons Questions Background A kernel is: the main OS program to run after boot a
More informationan infinite loop Processes and Exceptions doing nothing on a busy system timing nothing
an infinite loop Processes and Exceptions int main(void) { while (1) { /* waste CPU time */ If I run this on a lab machine, can you still use it? even if the machine only has one core? 1 2 timing nothing
More informationDigtool: A Virtualization-Based Framework for Detecting Kernel Vulnerabilities
Digtool: A Virtualization-Based Framework for Detecting Kernel Vulnerabilities Jianfeng Pan, Guanglu Yan, and Xiaocao Fan, IceSword Lab, 360 Internet Security Center https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/pan
More informationFacebook LinkedIn Twitter. Dmitry Vostokov Software Diagnostics Services
Facebook LinkedIn Twitter Dmitry Vostokov Software Diagnostics Services Prerequisites Working C or C++ knowledge Basic assembly language knowledge Audience Novices Learn x64 assembly language Experts Learn
More informationHands-on Ethical Hacking: Preventing & Writing Buffer Overflow Exploits
Hands-on Ethical Hacking: Preventing & Writing Buffer Overflow Exploits OWASP AppSec 2013 Rochester OWASP Chapter Lead Ralph Durkee - Durkee Consulting, Inc. info@rd1.net Hands-on Ethical Hacking: Preventing
More information18-600: Recitation #3
18-600: Recitation #3 Bomb Lab & GDB Overview September 12th, 2017 1 Today X86-64 Overview Bomb Lab Introduction GDB Tutorial 2 3 x86-64: Register Conventions Arguments passed in registers: %rdi, %rsi,
More informationSeiji Aguchi. Development Status of Troubleshooting Features, Tracing, Message Logging in Linux Kernel 5/20/2014
Development Status of Troubleshooting Features, Tracing, Message Logging in Linux Kernel 5/20/2014 Seiji Aguchi Information & Telecommunication Systems Company IT Platform Division Group, IT Platform R&D
More informationHardware Involved Software Attacks
Hardware Involved Software Attacks Jeff Forristal CanSecWest 2012 Once you have root/admin, what s left to do? Question Rootkits VM escapes hacking/ priv escalation BIOS hacking Jail breaking Relevance
More informationVirtualization. Operating Systems, 2016, Meni Adler, Danny Hendler & Amnon Meisels
Virtualization Operating Systems, 2016, Meni Adler, Danny Hendler & Amnon Meisels 1 What is virtualization? Creating a virtual version of something o Hardware, operating system, application, network, memory,
More information2006/7/22. NTT Data Intellilink Corporation Fernando Luis Vázquez Cao. Copyright(C)2006 NTT Data Intellilink Corporation
Evaluating Linux Kernel Crash Dumping Mechanisms 2006/7/22 NTT Data Intellilink Corporation Fernando Luis Vázquez Cao 1 Who am I? LKDTT (Linux Kernel Dump Test Tool) maintainer MKDump (Mini Kernel Dump)
More informationComputer Architecture Background
CSE 5095 & ECE 4451 & ECE 5451 Spring 2017 Lecture 2b Computer Architecture Background Marten van Dijk Syed Kamran Haider, Chenglu Jin, Phuong Ha Nguyen Department of Electrical & Computer Engineering
More informationcom_apple_avebridge::query Completion Invalid Read
Apple - com_apple_avebridge::query Completion Invalid Read Software Affected Versions CVE Reference Author Severity Vendor Vendor Response Apple macos, Apple ios macos 10.13.1 CVE-2017-13848 Alex Plaskett
More informationHow Software Executes
How Software Executes CS-576 Systems Security Instructor: Georgios Portokalidis Overview Introduction Anatomy of a program Basic assembly Anatomy of function calls (and returns) Memory Safety Programming
More informationCopyright 2000 by Barry B. Brey The CPU Scheduling Processes
Copyright 2000 by Barry B. Brey The CPU Scheduling Processes One method used to schedule processes in a small real-time operating system (RTOS) is via a time slice to switch between various processes.
More informationKSMA: Breaking Android kernel isolation and Rooting with ARM MMU features. WANG, YONG a.k.a. Pandora Lab of Ali Security
KSMA: Breaking Android kernel isolation and Rooting with ARM MMU features WANG, YONG a.k.a. ThomasKing(@ThomasKing2014) Pandora Lab of Ali Security About WANG, YONG a.k.a. ThomasKing(@ThomasKing2014) Security
More informationClear Hat Consulting, Inc.
Clear Hat Consulting, Inc. www.clearhatconsulting.com Assessment of Software & Hardware Approaches to Building a USB Fuzzer 1. Background The USB protocol defines communication between a host controller
More informationRevealing Embedded Fingerprints: Deriving intelligence from USB stack interactions
Revealing Embedded Fingerprints: Deriving intelligence from USB stack interactions Andy Davis, Research Director NCC Group Image from: p1fran.com UK Offices Manchester - Head Office Cheltenham Edinburgh
More informationHardware-Software Collaboration for Secure Coexistence with Kernel Extensions
Hardware-Software Collaboration for Secure Coexistence with Kernel Extensions Daniela Oliveira University of Florida Dept. of Electrical and Computer Engineering daniela@ece.ufl.edu Jesus Navarro NVIDIA
More informationKeeping customer data safe in EC2 a deep dive. Martin Pohlack Amazon Web Services
Keeping customer data safe in EC2 a deep dive Martin Pohlack Amazon Web Services 1 Bio... Principal Engineer with Amazon Web Services I like to play with Low-level stuff Synchronization, hardware transactional
More informationVirtualization. Adam Belay
Virtualization Adam Belay What is a virtual machine Simulation of a computer Running as an application on a host computer Accurate Isolated Fast Why use a virtual machine? To run multiple
More informationMalware
reloaded Malware Research Team @ @xabiugarte Motivation Design principles / architecture Features Use cases Future work Dynamic Binary Instrumentation Techniques to trace the execution of a binary (or
More informationXen VT status and TODO lists for Xen-summit. Arun Sharma, Asit Mallick, Jun Nakajima, Sunil Saxena
Xen VT status and TODO lists for Xen-summit Arun Sharma, Asit Mallick, Jun Nakajima, Sunil Saxena R Outline VMX Guests Status Summary Status Domain0 restructuring PCI/IOAPIC X86-64 VMX guests enhancements
More informationGeneral Pr0ken File System
General Pr0ken File System Hacking IBM s GPFS Felix Wilhelm & Florian Grunow 11/2/2015 GPFS Felix Wilhelm && Florian Grunow #2 Agenda Technology Overview Digging in the Guts of GPFS Remote View Getting
More informationMonitoring Hypervisor Integrity at Runtime. Student: Cuong Pham PIs: Prof. Zbigniew Kalbarczyk, Prof. Ravi K. Iyer ACC Meeting, Oct 2015
Monitoring Hypervisor Integrity at Runtime Student: Cuong Pham PIs: Prof. Zbigniew Kalbarczyk, Prof. Ravi K. Iyer ACC Meeting, Oct 2015 Motivation - Server Virtualization Trend x86 servers were virtualized
More informationMicroprocessor (COM 9323)
Microprocessor (COM 9323) Lecture 3: The Microprocessor and Its Architecture Ahmed Elnakib, PhD Assistant Professor, Mansoura University, Egypt Feb 24 th, 2016 1 Text Book/References* Textbook: The Intel
More informationLecture Dependable Systems Practical Report Software Implemented Fault Injection. July 31, 2010
Lecture Dependable Systems Practical Report Software Implemented Fault Injection Paul Römer Frank Zschockelt July 31, 2010 1 Contents 1 Introduction 3 2 Software Stack 3 2.1 The Host and the Virtual Machine.....................
More informationAssembly Language for Intel-Based Computers, 4 th Edition. Chapter 2: IA-32 Processor Architecture Included elements of the IA-64 bit
Assembly Language for Intel-Based Computers, 4 th Edition Kip R. Irvine Chapter 2: IA-32 Processor Architecture Included elements of the IA-64 bit Slides prepared by Kip R. Irvine Revision date: 09/25/2002
More informationCS3210: Booting and x86
CS3210: Booting and x86 Lecture 2 Instructor: Dr. Tim Andersen 1 / 34 Today: Bootstrapping CPU -> needs a first instruction Memory -> needs initial code/data I/O -> needs to know how to communicate 2 /
More informationInfecting the Embedded Supply Chain
SESSION ID: PDAC-F01 Infecting the Embedded Supply Chain Zach Miller Security Researcher in8 Solutions (Formerly Somerset Recon) @bit_twidd1er Inspiration Inspiration Countless embedded devices exist Each
More informationOperating Systems Engineering Recitation #3 (part 2): Interrupt and Exception Handling on the x86. (heavily) based on MIT 6.
236366 Operating Systems Engineering Recitation #3 (part 2): Interrupt and Exception Handling on the x86 (heavily) based on MIT 6.828 (2005, lec8) x86 Interrupt Nomenclature Hardware Interrupt (external)
More informationFlash filesystem benchmarks
Embedded Linux Conference Europe 21 Flash filesystem benchmarks Michael Opdenacker Free Electrons Copyright 21, Free Electrons. 1 Free FreeElectrons Electrons Free embedded Linux and kernel materials http://free
More informationMWR InfoSecurity Security Advisory. Linux USB Device Driver - Buffer Overflow. 29 th October Contents
Contents MWR InfoSecurity Security Advisory Linux USB Device Driver - Buffer Overflow 29 th October 2009 2009-10-29 Page 1 of 8 Contents Contents 1 Detailed Vulnerability Description... 4 1.1 Technical
More informationAssembly Language for Intel-Based Computers, 4 th Edition. Chapter 2: IA-32 Processor Architecture. Chapter Overview.
Assembly Language for Intel-Based Computers, 4 th Edition Kip R. Irvine Chapter 2: IA-32 Processor Architecture Slides prepared by Kip R. Irvine Revision date: 09/25/2002 Chapter corrections (Web) Printing
More informationIntel SGX Virtualization
Sean Christopherson Intel Intel SGX Virtualization KVM Forum 2018 Traditional VM Landscape App s secrets accessible by any privileged entity, e.g. VMM and OS App App App or a malicious app that has exploited
More informationCS 550 Operating Systems Spring Interrupt
CS 550 Operating Systems Spring 2019 Interrupt 1 Revisit -- Process MAX Stack Function Call Arguments, Return Address, Return Values Kernel data segment Kernel text segment Stack fork() exec() Heap Data
More informationWhat You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices
What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices Marius Muench 1 Jan Stijohann 2,3 Frank Kargl 3 Aurélien Francillon 1 Davide Balzarotti 1 1 EURECOM 2 Siemens AG 3 Ulm University
More informationA Hardware-Assisted Virtualization Based Approach on How to Protect the Kernel Space from Malicious Actions
A Hardware-Assisted Virtualization Based Approach on How to Protect the Kernel Space from Malicious Actions Eric Lacombe 1 Ph.D Supervisors: Yves Deswarte and Vincent Nicomette 1 eric.lacombe@security-labs.org
More informationLINUX KVM FRANCISCO JAVIER VARGAS GARCIA-DONAS CLOUD COMPUTING 2017
LINUX KVM FRANCISCO JAVIER VARGAS GARCIA-DONAS CLOUD COMPUTING 2017 LINUX KERNEL-BASED VIRTUAL MACHINE KVM (for Kernel-based Virtual Machine) is a full virtualization solution for Linux on x86 hardware
More informationProjects on the Intel Single-chip Cloud Computer (SCC)
Projects on the Intel Single-chip Cloud Computer (SCC) Jan-Arne Sobania Dr. Peter Tröger Prof. Dr. Andreas Polze Operating Systems and Middleware Group Hasso Plattner Institute for Software Systems Engineering
More informationRegister Allocation, i. Overview & spilling
Register Allocation, i Overview & spilling 1 L1 p ::=(label f...) f ::=(label nat nat i...) i ::=(w
More informationHiding in the Shadows: Empowering ARM for Stealthy Virtual Machine Introspection ACSAC 2018
Hiding in the Shadows: Empowering ARM for Stealthy Virtual Machine Introspection ACSAC 2018 Sergej Proskurin, 1 Tamas Lengyel, 3 Marius Momeu, 1 Claudia Eckert, 1 and Apostolis Zarras 2 1 2 Maastricht
More information