Saturday, July 25, 2015

Software Security - Week 2



1. Consider the following code:
  char *foo(char *buf) {
    char *x = buf+strlen(buf);
    char *y = buf;
    while (y != x) {
      if (*y == 'a')
        break;
      y++;    
    }
    return y;
  }

  void bar() {
    char input[10] = "leonard";
    foo(input);
  }
The definition of spatial safety models pointers as capabilities, which are triples (p,b,e) where p is the pointer, b is the base of the memory region the pointer is allowed to access, and e is the extent of that region. Assuming characters are 1 byte in size, what is a triple (p,b,e) for the variabley when it is returned at the end of the code?
  • (&input+4,&input,&input+10)
y starts out as pointing to the input[] buffer, which has space for 10 characters. y is incremented 4 times, until it reaches the 'a' in the string.

2. Which of the following are true about a language that uses garbage collection or some other automatic means (e.g., reference counting) for memory management?
  • The language will not have temporal memory safety violations
The garbage collector will ensure that memory is only deallocated when it is not reachable, and this decision is not left up to the programmer

3. Which of the following are true about a type-safe language?
  • The language may be used to enforce information flow security, depending on the type system
4. An engineer proposes that in addition to making the stack non-executable, your system should also make the heap non-executable. Doing so would
  • Make the program more secure by disallowing another location for an attacker to place executable code
Then attacker data in the heap cannot be executed, enforcing (W xor X) / DEP for the entire program
5. What is the best choice of value for a stack canary, of the following options?
  • A random value
The canary should be unpredictable, so the attacker cannot easily guess it if he must overwrite it during an attack
6. A return-to-libc attack does not require that the attacker inject executable code into the vulnerable program. Which of the following is the most important reason that return-to-libc attacks are useful to the attacker?
  • There is no need to be able to execute (writable) data
The attacker does not need to inject executable code into an writable buffer, therefore they can exploit systems that enforce (W xor X) / DEP
7. In a return-oriented program (ROP), what is the role of the stack pointer?
  • It's like the program counter in a normal program
the stack pointer is used to select the next instruction to execute via a 'ret'
8. When enforcing Control Flow Integrity (CFI), there is no need to check that direct calls adhere to the control flow graph because:
  • CFI should be deployed on systems that ensure the code is immutable
If the code cannot be changed then direct calls cannot be re-written to point to an attacker-supplied value
9. classic enforcement of CFI requires adding labels prior to branch targets, and adding code prior to the branch that checks the label to see if it's the one that is expected. Now consider the following program:
int cmp1(char *a, char *b) {
    return strcmp(a,b);
}
int cmp2(char *a, char *b) {
    return strcmp(b,a);
}

typedef int (*cmpp)(char*,char*);

int bar(char *buf) {
    cmpp  p;
    char  tmpbuff[512] = { 0 };
    int   l;

    if(buf[0] == 'a') {
      p = cmp1;
    } else {
      p = cmp2;
    }

    printf("%p\n", p);

    strcpy(tmpbuff, buf);

    for(l = 0; l < sizeof(tmpbuff); l++) {
      if(tmpbuff[l] == 0) {
        break;
      } else {
        if(tmpbuff[l] > 97) {
          tmpbuff[l] -= 32;
        }
      }
    }

    return p(tmpbuff,buf);
}
To ensure that the instrumented program runs correctly when not being attacked, which of the following functions would have to be given the same label? Choose at least two, but no more functions than necessary.
  • cmp1
  • cmp2 


10. A project manager proposes a C coding standard where pointer variables must be assigned to NULL after being passed to free(). Doing so:
  • Stops writes to stale pointer values that might otherwise succeed and result in program compromise
Writing NULL means that a dereference will result in a crash, which is undesirable but nevertheless helps prevent exploitable vulnerabilities
11. A colleague proposes using a heap allocator that randomizes the addresses of allocated objects. This:
  • Will make the program more secure, because attackers frequently rely on predicting the locations of heap-allocated objects in exploits
12. A safe string library typically attempts to ensure which of the following?
  • That there is sufficient space in a source and/or target string to perform operations like concatenation, copying, etc.


13. In your review of a program, you discover the following function:
  void aFunction(char *buf) {
    static char  BANNED_CHARACTERS[] = {'>', '<', '!', '*'};
    int l = strlen(buf);
    int i;

    for(i = 0; i < l; i++) {
      int j;
      int k = sizeof(BANNED_CHARACTERS) / sizeof(char);
      for(j = 0; j < k; j++) {
        if(buf[i] == BANNED_CHARACTERS[j])
          buf[i] = ' ';
      }
    }
  }
How would you best describe what this function is doing?
  • Input sanitization by blacklisting  

14. When could an integer overflow impact memory safety?
  • If the integer is passed as an argument to malloc() :
    then the integer value passed to malloc could differ from the integer used to iterate over the buffer (e.g., it could have been multiplied by a data size)
  • If the integer was used to perform pointer arithmetic: if we did something like p = p+i where i is an overflowed integer then we could access outside of p's expected bounds
  • If the integer was used to index into an array 

18 comments:

  1. Could you give your email? I need help to understand some code in C. My regards.
    afonsohralves@gmail.com

    ReplyDelete
    Replies
    1. Hello everyone..

      I'm selling fresh leads. Details in leads are:

      Full name
      SSN
      DOB
      Phone Numbers
      Address
      City
      State
      Zip
      Residential Status
      Account Number
      DL number
      Emails

      All leads are genuine, fresh & generated by spaming, I Will provide you samples for checking if u want.

      Dealing in almost all types of leads.

      SSN Leads
      Dead Fullz
      Premium Leads
      Mortgage Leads
      Bank Account Leads
      Employee Leads
      Business Leads
      Home Owners Leads
      DL Leads
      Emails Leads
      Phone Numbers Leads

      Each lead will b cost $1.

      Also cvv Fullz available track 1 & track 2 with pin.

      Interested person contact, scamers stay away, sampling is free of cost.

      email > leads.sellers1212@gmail.com
      Whatsapp > +923172721122
      Telegram > @leadsupplier
      ICQ > 752822040

      Delete
  2. And for this post, could you explain more the question? I want to understand the details. I have been watching several videos and tutorials in C, but there are some points that I dont understand, yet...

    ReplyDelete
    Replies
    1. What are the details you are looking for? I think these example questions are simple C program. I suggest you look more into pointers and referencing. This will help you a lot.
      If you are looking for special help please let me know where exactly you are missing the details. I will point you out where to look these.
      Thank you for your comments :)

      Delete
    2. The user X wants to securely transfer a file F of size 350MB to some user Y, via network is best secure
      solution and how to make secure channel, or by mailing an usb disk is secure and if yes then please
      explain why mailing usb is secure. Explain in depth the steps involved for X and Y. Assume that X and Y
      have no prior LINK established.

      Delete
  3. In fact, I am reading a lot of Stuff in C, but my focus is to understand this test - http://wiki.ruihan.org/index.php/Coursera_Software_Security/Project1 - but i can't understand yet all the answers. I am learning every day to catch the meaning. I will study more heavy...
    In the 13 question - How can I input sanitation in that code?
    And 9 - cmp1 and cmp2 - At the beginning they have almost the same code and after i don't see cmp1 been repeat.

    ReplyDelete
    Replies
    1. I have not looked into this project before. Therefore, I will require some time in understanding this. Moreover, I couldn't correlate your questions to the project.

      Like in Q13 you said. But there is no Q13 in the project. Could you please elaborate more on?

      Delete
  4. haiii
    can you please explain me the code for program 1 briefly?

    ReplyDelete
  5. A few tips for cyber security- Keep software up to date, Avoid Phishing scams - beware of suspicious emails and phone calls, Practice good password management, Be careful what you click, Never leave devices unattended, Protect sensitive data, Use mobile devices safely, Install anti-virus protection, and Back up your data. Thank you! Contact us for application security testing service!

    ReplyDelete
  6. It become an attractive part of a blog when author uses indirect speech while writing a blog. It shows your creative mind as well as make your written essay different from others. Stove repair

    ReplyDelete
  7. Your post is providing some really good information. I liked its essence and enjoyed reading it. Keep sharing such important posts about this blog and its much more helpful for us . Subzero appliance repair

    ReplyDelete
  8. I must admit that your post is really interesting. I have spent a lot of my spare time reading your content. Thank you a lot! air monitor

    ReplyDelete
  9. Hello everyone..

    I'm selling fresh leads. Details in leads are:

    Full name
    SSN
    DOB
    Phone Numbers
    Address
    City
    State
    Zip
    Residential Status
    Account Number
    DL number
    Emails

    All leads are genuine, fresh & generated by spaming, I Will provide you samples for checking if u want.

    Dealing in almost all types of leads.

    SSN Leads
    Dead Fullz
    Premium Leads
    Mortgage Leads
    Bank Account Leads
    Employee Leads
    Business Leads
    Home Owners Leads
    DL Leads
    Emails Leads
    Phone Numbers Leads

    Each lead will b cost $1.

    Also cvv Fullz available track 1 & track 2 with pin.

    Interested person contact, scamers stay away, sampling is free of cost.

    email > leads.sellers1212@gmail.com
    Whatsapp > +923172721122
    Telegram > @leadsupplier
    ICQ > 752822040

    ReplyDelete
  10. Noteworthy utilization of tenses and additionally creative method for composing made this blog appealing. I read this blog deliberately and discovered nothing unfortunate identified with any reality. First rate work. internet in corozal

    ReplyDelete
  11. Thank you for posting such a great blog. I found your website perfect for my needs. Read About Secure coding learning paths

    ReplyDelete
  12. Great Post!!

    Thanks for sharing this wonderful post with us. This is more helpful for find the best IT Security Services Provider in the Bhutan Country.

    ReplyDelete
  13. TOOLS & FULLZ SHOP
    ________________

    hi EveryonE!

    Are you been stuck for looking valid products or been scammed by scammers :(

    Here the Valid store available for all kind of tools,tutorials & Fullz with quality

    Learn hacking and spamming and do it on your own way & enjoy..........

    __________________

    1)FRESHLY SPAMMED USA FULLZ
    2)HACKING & SPAMMING TOOLS
    3)TUTORIALS
    ________________

    ****Contact****
    *ICQ :748957107
    *Gmail : groothighx@gmail.com
    *Telegram : @James307
    *Skype : Jamesvince$
    ________________
    USA SSN FULLZ WITH ALL PERSONAL DATA+DL NUMBER
    -FULLZ FOR PUA & SBA
    -FULLZ FOR TAX REFUND
    *fullz/lead with DL num
    *SSN+DOB
    *Premium info
    ID's Photos For any state (back & front)
    ________________
    +US cc Fullz
    +(Dead Fullz)
    +(Email leads with Password)
    +(Dumps track 1 & 2 with pin and without pin)
    +HACKING & CARDING TUTORIALS
    +SMTP LINUX
    +SAFE SOCK
    +CPANEL
    +RDPs
    +Spamming Tutorial
    +SERVER I.Ps
    +EMAIL COMBO
    +DUMPS TUTORIAL
    +BTC FLASHER
    +KEYLOGGER COMP&MOB
    +EMAIL BOMBER
    +SQLI INJECTOR
    +ETHICAL HACKING TUTORIAL
    +GMAIL HACKING TUTORIAL
    +PENETRATION TESTING TUTORIAL
    +PayPal Cracker
    +BTC Cracker
    +BLUE PRINTS BLOCKCHAIN
    +EMAIL BLASTER
    +SMS SENDER
    +NORD VPN
    +ONION LINKS AND TOR BROWSER (LATEST VERSION)
    +DARK HORSE TROJAN
    +NETFLIX CHECKER
    +IP ROUTING
    +KEYSTROKE LOGGER
    +WESTERN UNION LOGINs
    +ALI BABA IPs
    +KEYLOGGER
    +SHELL SCRIPTING
    __________________
    *Let's do a long term business with good profit
    *Contact for more details & deal

    ****Contact****
    *ICQ :748957107
    *Gmail: groothighx@gmail.com
    *Telegram :@James307
    *Skype : Jamesvince$

    ReplyDelete
  14. **FULLZ WITH HIGH CREDIT SCORES AVAILABLE**
    **HACKING TOOLS WITH TUTORIALS AVAILABLE**
    (High Quality, Genuine Seller)

    =>Contact 24/7<=
    Telegram> @killhacks
    ICQ> 752822040
    Skype> Peeterhacks

    Fullz info included
    NAME+SSN+DOB+DL+DL-STATE+ADDRESS
    Employee & Bank details included
    High credit fullz with DL 700+
    (bulk order negotiable)
    **Payment in all crypto currencies will be accepted**

    ->You can buy few for testing
    ->Invalid or wrong info will be replaced
    ->Serious buyers needed for long term

    TOOLS & TUTORIALS AVAILABLE:

    "SPAMMING" "HACKING" "CARDING" "CASH OUT"
    "KALI LINUX" "BLOCKCHAIN BLUE PRINTS"

    **TOOLS & TUTORIALS LIST**

    ->US CC Fullz
    ->Ethical Hacking Tools & Tutorials
    ->Kali Linux
    ->Keylogger & Keystroke Logger
    ->Facebook & Google Hacking
    ->Bitcoin Flasher
    ->SQL Injector
    ->Paypal Logins/Amazon Logins/Coinbase Logins
    ->Bitcoin Cracker
    ->SMTP Linux Root
    ->Shell Scripting
    ->DUMPS with pins track 1 and 2 with and without pin
    ->SMTP's, Safe Socks, Rdp's brute
    ->Php mailer
    ->SMS Sender & Email Blaster
    ->Cpanel
    ->Server I.P's & Proxies
    ->Viruses & VPN's
    ->Premium Accounts (netflix cracker, paypal logins, pornhub, amazon)
    ->HQ Email Combo

    If you are searching for a valid vendor, I'm here for you.
    You'll never be disappointed.
    **You should try at least once**

    Contact 24/7
    Telegram> @killhacks
    ICQ> 752822040
    Skype> Peeterhacks

    ReplyDelete