At OSDI'14 we published our paper on  where we introduce two new security properties that protect programs against control-flow hijack attacks enabled by memory corruption vulnerabilities. The design space in this area is already very cluttered and we use this blog post to highlight the differences between the ...read more
As part of the weekly CTF meetings we discussed some basic stack-based, heap-based, and format string based exploits. For system security challenges these are bread and butter techniques and rely on a huge amount of pre-existing knowledge about operating systems, kernels, process creation, dynamic loading, C programming, stack layouts, and ...read more
An introduction article that explains what symbolic execution is and how it can be chained to trigger vulnerabilities hidden deep inside binaries.read more
Protect your passwords for low-security websites using cryptographic hashes.read more
Memory corruption (e.g., buffer overflows, random writes, memory allocation bugs, or uncontrolled format strings) is one of the oldest and most exploited problems in computer science. Low-level languages like C or C++ trade memory safety and type safety for performance: the compiler adds no bound checks and no type ...read more
As you might have heard (or not) YouPorn Chat had a huge information leak on February 21st 2012. One of their servers served a directory with all registration log files from the last couple of years (http://chat.youporn.com/tmp). Apparently this chat server is not serviced by ...
A couple of hours ago I read a post from a friend on Facebook that said "Secret tool shows who stalks your pics". The text was followed by a shortened link (tweet, anyone?). As I opened the link (in an incognito browser window of course) I was greeted by instructions ...read more
« Page 2 / 2