Posts

C++ Memory Corruption (std::string) - part 4

  Summary This is the next part of the C++ memory corruption series*. In this post, we'll look at corrupting the std:string object in Linux and see what exploitation primitives we can gain. * https://blog.infosectcbr.com.au/2020/08/c-memory-corruption-part-1.html * https://blog.infosectcbr.com.au/2022/01/c-memory-corruption-stdvector-part-2.html  *  https://blog.infosectcbr.com.au/2022/03/c-memory-corruption-stdlist-part-3.html Author: Dr Silvio Cesare Introduction C++ is a common language for memory corruption. However, there is much more literature on exploiting C programs and little on C++ programs. C++ presents new classes, objects, and data structures which can all be effectively used for building exploitation primitives. In this post, we'll look at corrupting the std::string class and see what specific primitives we can obtain. std::string We note that the object stored in memory for a basic string consists firstly of the backing pointer to the string contents. Se

C++ Memory Corruption (std::list) - part 3

  Summary This is the 3rd part of the C++ memory corruption series*. In this post, we'll look at corrupting the std::list class in Linux and see what exploitation primitives we can gain. We'll see that we can build arbitrary read/write primitives. * https://blog.infosectcbr.com.au/2020/08/c-memory-corruption-part-1.html * https://blog.infosectcbr.com.au/2022/01/c-memory-corruption-stdvector-part-2.html Author: Dr Silvio Cesare Introduction C++ is a common language for memory corruption. However, there is much more literature on exploiting C and not C++ programs. C++ presents new classes, objects, and data structures which can all be effectively used for building exploitation primitives.  In this post, we'll look at the std::list class and see what specific primitives we can obtain. Let's start by looking at /usr/include/c++/10/bits/stl_list.h /// Common part of a node in the %list. struct _List_node_base { _List_node_base * _M_next; _L

InfoSect announces HackerChix edition - training opportunities for women

Image
InfoSect has long been a supporter of increasing the number of women in the Cyber Security industry, particularly in the technical streams. HackerChix was established by the InfoSect founders in 2017 to provide a community of women to support and encourage one another. It has been a regular staple of BSides Canberra every year and has resumed monthly meetings on the 2nd Monday of every month . We wanted to do more, so InfoSect has partnered with the Australian Signals Directorate (ASD) to offer a suite of its courses in 2022. The courses will be heavily subsidised for those that identify as a woman to participate in. Three of our most popular courses will be taught by women, for women. Reverse Engineering Code Review Network Security The courses will be facilitated by Kylie McDevitt. Kylie has worked in technology for 22 years, the last 13 years have been in cyber security research and development. She has taught cyber security courses at UNSW Canberra and at 0xCC for the past 5 years

C++ Memory Corruption (std::vector) - part 2

Summary This is the 2nd part of the C++ memory corruption series*. In this post, we'll look at corrupting the std::vector class in Linux and see what exploitation primitives we can gain. We'll see that we can build arbitrary read/write primitives. * https://blog.infosectcbr.com.au/2020/08/c-memory-corruption-part-1.html   Author: Dr Silvio Cesare Introduction C++ is a common language for memory corruption. However, there is much more literature on exploiting C and not C++ programs. C++ presents new classes, objects, and data structures which can all be effectively used for building exploitation primitives.  In this post, we'll look at the std::vector class and see what specific primitives we can obtain.  Let's start by looking at /usr/include/c++/bits/stl_vector.h namespace std _GLIBCXX_VISIBILITY ( default ) { _GLIBCXX_BEGIN_NAMESPACE_VERSION _GLIBCXX_BEGIN_NAMESPACE_CONTAINER /// See bits/stl_deque.h's _Deque_base for an explanation. template < typename

InfoSect Training Demographics for 2021

Image
InfoSect is an Australian based training computer security company that started in 2016, offering professional training from the end of 2018.  In 2021 we had the following courses on offer: Reverse Engineering Code Review Linux Heap Exploitation Browser (JS Engine) Exploitation IoT Security InfoSect teaches both in-person (COVID-19 permitting) and live, interactive online training options and keeps low class sizes.   The following are the demographics of our course offerings for 2021 taken from course booking details and post-course surveys. Geography InfoSect was traditionally a local training company, but opened itself up to International training in 2020 when we began offering live, online training delivery. In 2021 InfoSect's overseas' students made up just under 20% of its trainings.  The below graph shows a breakdown of the continent the students were located. It is apparent that we are still primarily an Australian training company. Delivery Format In 2020 InfoSect began