Showing posts from January, 2022

C++ Memory Corruption (std::vector) - part 2

Summary This is the 2nd part of the C++ memory corruption series*. In this post, we'll look at corrupting the std::vector class in Linux and see what exploitation primitives we can gain. We'll see that we can build arbitrary read/write primitives. *   Author: Dr Silvio Cesare Introduction C++ is a common language for memory corruption. However, there is much more literature on exploiting C and not C++ programs. C++ presents new classes, objects, and data structures which can all be effectively used for building exploitation primitives.  In this post, we'll look at the std::vector class and see what specific primitives we can obtain.  Let's start by looking at /usr/include/c++/bits/stl_vector.h namespace std _GLIBCXX_VISIBILITY ( default ) { _GLIBCXX_BEGIN_NAMESPACE_VERSION _GLIBCXX_BEGIN_NAMESPACE_CONTAINER /// See bits/stl_deque.h's _Deque_base for an explanation. template < typename

InfoSect Training Demographics for 2021

InfoSect is an Australian based training computer security company that started in 2016, offering professional training from the end of 2018.  In 2021 we had the following courses on offer: Reverse Engineering Code Review Linux Heap Exploitation Browser (JS Engine) Exploitation IoT Security InfoSect teaches both in-person (COVID-19 permitting) and live, interactive online training options and keeps low class sizes.   The following are the demographics of our course offerings for 2021 taken from course booking details and post-course surveys. Geography InfoSect was traditionally a local training company, but opened itself up to International training in 2020 when we began offering live, online training delivery. In 2021 InfoSect's overseas' students made up just under 20% of its trainings.  The below graph shows a breakdown of the continent the students were located. It is apparent that we are still primarily an Australian training company. Delivery Format In 2020 InfoSect began