Posts

To make exploitation more challenging, several mitigations have been developed and widely implemented. Let’s dive into some of the most popular ones and understand how they work: 1. DEP/NX (Data Execution Prevention / No eXecute): Data Execution Prevention (DEP), also called No eXecute (NX), is a security feature that prevents code from running in non-executable memory regions like the stack or heap, blocking buffer overflow attacks that inject shellcode into these areas.

2. Bypassing ASLR (Address Space Layout Randomization): As we discussed earlier, Address Space Layout Randomization, or ASLR, is a security feature designed to make exploitation more difficult by randomizing the memory addresses used by system and application components. Each time a program runs, ASLR repositions critical memory sections, including the stack, heap, libraries, and main executable, to random addresses. ASLR introduces randomness into the memory layout, meaning an exploit that relies on hardcoded addresses will fail unless it can dynamically locate the randomized segments.

Before we dive into exploit countermeasures and bypasses, let’s quickly revisit the essentials of a stack overflow. In simple terms, stack overflows happen when we input more data than a program expects, causing it to spill over into other areas of memory. By controlling this overflow, we can manipulate the program’s execution. Let’s dive deeper into understanding buffer overflows. A buffer is simply a designated space in memory used to store data, often a fixed-size region allocated for handling input or temporary data.

Decoding the Binary: A Prelude to Linux Stack Smashing and Exploit Development Before diving into the world of Linux stack smashing, it’s crucial to begin with binary analysis. Analyzing the binary executable provides us with valuable insights into its structure, functions, and potential vulnerabilities. Through binary analysis, we can identify the layout of the stack, the presence of buffer overflows, and other crucial details that will aid us in crafting our exploit.

Welcome to this comprehensive guide on x86 Linux exploit development. In this series, we’ll delve into the fundamentals of binary exploitation on x86 Linux systems. Throughout this journey, we will explore various techniques and methodologies used by security researchers and hackers alike to exploit vulnerabilities, understand system weaknesses, and ultimately strengthen defenses. What to Expect? In this series, we will cover a range of topics, starting from the basics and gradually moving towards more advanced techniques.

In my previous post on Boofuzz, we explored how powerful fuzzing can be in uncovering vulnerabilities in network protocols by automating the injection of malformed data. While Boofuzz provides an intuitive and Pythonic approach to fuzzing, there’s another tool that’s a classic in the fuzzing toolkit: Spike. Known for its raw power and simplicity, Spike is widely used in penetration testing for fuzzing network protocols, especially in situations where you need a fast, direct fuzzing solution.

In the world of software security, fuzzing is a critical technique used to identify vulnerabilities in software by bombarding it with unexpected or malformed inputs. One of the most popular and versatile fuzzing tools is Boofuzz, an open-source fuzzing framework widely used by security researchers and developers alike. Based on the legacy Sulley Fuzzing Framework, Boofuzz continues its mission of being a robust, modular, and extensible fuzzer for both beginners and seasoned professionals.

In the world of binary exploitation, gadgets are crucial building blocks for bypassing modern security defenses. Whether you’re attacking vulnerable software in a CTF or conducting real-world vulnerability research, Return-Oriented Programming (ROP) and other gadget-based techniques can turn the simplest bug into a powerful exploit. But what are gadgets, and how do tools like Ropper, ROPgadget, and one_gadget help us find and use them? In this blog post, we will take a deep dive into gadgets, from understanding what they are and why they’re essential in modern exploitation, to mastering the use of tools like Ropper, ROPgadget, and one_gadget for advanced gadget hunting.

Welcome to The Art of Cross-Compilation and Emulation: Building and Testing Across Architectures, where we delve deep into the world of compiling code for systems and architectures beyond the familiar environment of your development machine. Whether you’re a seasoned developer or just starting your journey into embedded systems, cross-compilation is an essential skill that you must have. In today’s increasingly interconnected world of devices, the ability to develop software for platforms different from your own is a valuable asset.

Rooting an Android device opens up a world of possibilities, allowing users to customize their devices beyond the limitations set by manufacturers. Magisk has emerged as a popular tool for rooting due to its systemless approach, meaning you can gain root access without modifying the system partition, making it easier to unroot or pass SafetyNet checks. This guide will take you through the process of rooting your android devices using Magisk.

Unlocking the bootloader of a smartphone is a crucial step for users who want to take complete control of their devices. Whether you’re interested in installing a custom ROM, rooting your phone, or simply exploring more advanced development features, unlocking the bootloader opens up these possibilities. However, on certain devices come with carrier locked. When you go in Settings -> Developer Options -> OEM Unlocking, you can see “Connect to the internet or contact your carrier”.

In the realm of cybersecurity, staying ahead of potential vulnerabilities is an ongoing battle. Fuzz testing, or fuzzing, has emerged as a formidable technique to unearth these weaknesses proactively. Among the array of fuzzing tools available, Honggfuzz stands out for its efficiency, speed, and versatility. In this comprehensive guide, we’ll delve into the world of Honggfuzz fuzzing, exploring its features, advantages, and how it empowers developers and security professionals to fortify their systems against cyber threats.

Introduction Building Android libraries with the NDK (Native Development Kit) can greatly enhance the performance and capabilities of your Android apps, especially when dealing with computationally intensive tasks or utilizing native code. Here’s a step-by-step guide to get you started: Prerequisites Before diving into building Android libraries with NDK, ensure you have the following: Android Studio installed Android NDK installed and configured in your project Step 1: Set Up Your Android Project Open Android Studio and create a new Android project or open an existing one.

Introduction Java Native Interface (JNI) is a framework that allows Java code running in the Java Virtual Machine (JVM) to call and be called by native applications and libraries written in other languages such as C and C++. This can be incredibly useful in Android development when you need to incorporate native code for performance optimization or to utilize existing libraries. In this guide, we’ll walk through the steps to add JNI to your Android app.

In the ever-evolving landscape of technology, where innovation and progress are constant companions, there exists a parallel necessity for robust security measures. ARM Mali, renowned for its high-performance graphics processing units (GPUs) found in a multitude of devices, is no stranger to this reality. However, behind its impressive graphics capabilities lies a history of vulnerabilities, some of which have been brought to light through Common Vulnerabilities and Exposures (CVE) reports.

In this step-by-step tutorial, we’ll walk through the entire process of building a custom Linux kernel, creating a minimal filesystem using Busybox, running it on QEMU, and debugging the kernel. Finally, we’ll wrap up by learning how to compile and add custom Linux kernel modules to enhance our kernel. I’m using a Linux system for this demonstration, specifically Ubuntu 16.04.7 LTS with kernel version 4.15.0-142-generic. However, the steps should be similar for other Linux distributions.

Introduction: Java Native Interface (JNI) is a powerful tool that allows Java code running in the Java Virtual Machine (JVM) to interact with code and libraries written in other languages, such as C and C++. JNI opens up a world of possibilities for Java developers, enabling them to access native code, leverage platform-specific features, and optimize performance. In this guide, we’ll delve into the world of JNI, exploring its benefits, how it works, and how you can start using it in your Java projects.

After analyzing the binaries using tools like objdump, strace, and nm as explored in our Linux Binary Analysis series, it’s time to delve into debugging with GDB. What is GDB? GDB is a command-line debugger that allows developers to inspect and manipulate the execution of programs. It provides a range of features for analyzing the state of a program, examining variables, setting breakpoints, and stepping through code. GDB, short for the GNU Debugger, is a versatile and portable debugging tool designed to run on a wide range of Unix-like systems.