As part of ESSoS ‘17 we have organized a joint ESSoS/DIMVA panel on exploit mitigations, discussing the past, present, and future of mitigations. If we look at the statistics of reported memory corruptions we see an upward trend in number of reported vulnerabilities. Given the success of contests such …
read moreSyScan+360 in Seattle
Just a couple of days after Oakland '17 I attended my next information security conference. This year, SyScan+360 was in Seattle and I used the time between Oakland and SyScan for a nice road trip from San Jose to Seattle. SyScan is not an academic but an industry conference …
read moreOakland'17, the IEEE Symposium on Security and Privacy
Every year, the Oakland conference is one of the highlights of security research. As likely the most competitive of the big four conferences, Oakland is always a great place to sync up with friends and learn about new trends in security (then again, being in the PC committees for most …
read moreAsiaCCS'17 in Abu Dhabi
This was my second AsiaCCS. After an interesting experience in China last year, this year's AsiaCCS was in the United Arab Emirates (UAE) in Abu Dhabi. My program for this conference was quite packed. Two of my students had presentations, Daniele Midi's nesCheck work and Scott Carr's selective memory safety …
read more33C3 CTF: Fun times
pdfmaker (75 points)
The first challenge I tried was pdfmaker. Surprisingly I spent way too much time on this simple starter challenge. I initially planned to use this challenge as a warm up but ended spending about 10 hours on it, mostly due to me overlooking simpler solutions that are …
TUM CTF: boot2brainfuck
According to the description, hxp provides us with a brainfuck (BF) execution service where we can send BF programs over netcat and execute them. To help, they provide us with a script that translated BF programs into a DOS, 16-bit COM executable.
Now as a reminder, DOS COM executables are …
read moreAMD SEV attack surface: a tale of too much trust
AMD recently announced the new Secure Encrypted Virtualization (SEV) extension that intends to protect virtual machines against compromised hypervisors/Virtual Machine Monitors (VMMs). An intended use-case of SEV is to protect a VM against a malicious cloud provider. All memory contents are encrypted and the cloud provider cannot recover any …
read moreControl-Flow Integrity: An Introduction
At a high level, Control-Flow Integrity (CFI) restricts the control-flow of an application to valid execution traces. CFI enforces this property by monitoring the program at runtime and comparing its state to a set of precomputed valid states. If an invalid state is detected, an alert is raised, usually terminating …
read moreAsiaCCS and China
The last three weeks I've been traveling through China, Hong Kong, and Macau on an interesting security tour thanks to this year's AsiaCCS being held in Xi'an, China. AsiaCCS was right after Oakland, so I flew directly from San Francisco to Xi'an China and then continued to visit friends at …
read moreOakland from a system security perspective
This year's Oakland (the IEEE Symposium on Security and Privacy, formerly held in Oakland, California) has been a wild ride. Just a little more than a week before Oakland I've been in the bay area at the Usenix Security PC meeting at Google in Mountain View, talking to many folks …
read more