The document discusses dynamic memory allocation in C programs. It explains that programs have different memory sections like the stack, heap, data, and bss. The stack grows downward in memory and is used to store function arguments, local variables, and return addresses. The heap grows upward and is used for dynamic memory allocation via functions like malloc.
Here are some ways to optimize the code:
1. Use strtr() instead of preg_replace() since it avoids the overhead of regular expressions.
2. Define the replacement array outside the loop to avoid redefining it on each iteration.
3. Use direct string concatenation instead of sprintf() for better performance.
4. Avoid function calls inside the loop like sizeof(). Define the length before the loop for better performance.
5. Consider using string replacement/manipulation functions like str_replace() instead of redefining/reconcatenating strings on each loop iteration.
So in summary, the optimized code would be:
$rep = ['-' => '*', '.' => '*
This document discusses using Ansible to configure Dell EMC networking devices running OS10. It includes examples of using Ansible ad-hoc commands to ping devices and retrieve information using the dellos10_command module. It also provides a YAML playbook that creates VLAN 11 on different devices and interfaces and configures BFD between spine switches and the access switch.
The document discusses new features in ECMAScript 6 (ES6) that improve code organization, readability, syntax, and functionality. Key additions include classes, modules, arrow functions, destructuring, default parameter values, rest/spread operators, proxies, symbols, iterators, generators, and promises. While browser and compiler support is still partial, features like classes, modules, arrow functions and let/const are widely adopted. ES6 aims to enhance code quality, control and performance in JavaScript.
PHP & Performance document discusses various techniques to improve PHP and web server performance. Some key points:
- Compilation of PHP scripts can consume significant time, opcode caches like APC reduce this.
- Profiling tools like APD and XDebug help identify bottlenecks in PHP code. Optimizations like output buffering, reducing output, content compression and database tuning can improve performance.
- Server configuration like Apache optimizations for file I/O, syscalls and KeepAlive headers also impact performance. PHP settings like disabling register_globals and using opcaches help.
- Application techniques like avoiding unnecessary functions, using class constants, and reducing regex usage in PHP code provide performance benefits.
Fabric is a Python library and command-line tool that allows users to automate and streamline SSH administration tasks like application deployment or systems administration. It provides functions for executing remote shell commands, uploading/downloading files, and other basic SSH operations. Fabric can be used from Python scripts or via the command line.
Linux commands have a basic structure of [Actual Command] [Source] [Destination] [Key of Acceptance]. The prompt provides the username, hostname, and present working directory. Common Linux commands include cp to copy files from one location to another.
[Altibase] 9 replication part2 (methods and controls)altistory
The document discusses replication in ALTIBASE HDB. It describes the query processor and storage manager roles in handling SQL statements and data. It then summarizes 6 methods for replicating data between servers and explains that method 5, which converts redo logs to a replayable logical form and sends them, has good replication performance with some conversion expense. The document also provides details on replication objects, conditions for replication tables, and commands for creating, controlling, and cloning replication objects and tables.
The document discusses stack-based buffer overflow vulnerabilities. It begins with an overview of buffer overflows and demonstrates one using the Filecopa FTP server. It explains the stack structure when functions call each other and how a buffer overflow can overwrite the return address on the stack. The document then discusses three methods for finding security bugs: fuzzing, reverse engineering, and source code auditing. It walks through fuzzing the FTP server, determining the vulnerable function through reverse engineering, calculating the offset needed for the instruction pointer, addressing issues of limited space on the stack, and constructing an exploit to gain remote code execution by manipulating the ECX register and jumping to it.
Here are some ways to optimize the code:
1. Use strtr() instead of preg_replace() since it avoids the overhead of regular expressions.
2. Define the replacement array outside the loop to avoid redefining it on each iteration.
3. Use direct string concatenation instead of sprintf() for better performance.
4. Avoid function calls inside the loop like sizeof(). Define the length before the loop for better performance.
5. Consider using string replacement/manipulation functions like str_replace() instead of redefining/reconcatenating strings on each loop iteration.
So in summary, the optimized code would be:
$rep = ['-' => '*', '.' => '*
This document discusses using Ansible to configure Dell EMC networking devices running OS10. It includes examples of using Ansible ad-hoc commands to ping devices and retrieve information using the dellos10_command module. It also provides a YAML playbook that creates VLAN 11 on different devices and interfaces and configures BFD between spine switches and the access switch.
The document discusses new features in ECMAScript 6 (ES6) that improve code organization, readability, syntax, and functionality. Key additions include classes, modules, arrow functions, destructuring, default parameter values, rest/spread operators, proxies, symbols, iterators, generators, and promises. While browser and compiler support is still partial, features like classes, modules, arrow functions and let/const are widely adopted. ES6 aims to enhance code quality, control and performance in JavaScript.
PHP & Performance document discusses various techniques to improve PHP and web server performance. Some key points:
- Compilation of PHP scripts can consume significant time, opcode caches like APC reduce this.
- Profiling tools like APD and XDebug help identify bottlenecks in PHP code. Optimizations like output buffering, reducing output, content compression and database tuning can improve performance.
- Server configuration like Apache optimizations for file I/O, syscalls and KeepAlive headers also impact performance. PHP settings like disabling register_globals and using opcaches help.
- Application techniques like avoiding unnecessary functions, using class constants, and reducing regex usage in PHP code provide performance benefits.
Fabric is a Python library and command-line tool that allows users to automate and streamline SSH administration tasks like application deployment or systems administration. It provides functions for executing remote shell commands, uploading/downloading files, and other basic SSH operations. Fabric can be used from Python scripts or via the command line.
Linux commands have a basic structure of [Actual Command] [Source] [Destination] [Key of Acceptance]. The prompt provides the username, hostname, and present working directory. Common Linux commands include cp to copy files from one location to another.
[Altibase] 9 replication part2 (methods and controls)altistory
The document discusses replication in ALTIBASE HDB. It describes the query processor and storage manager roles in handling SQL statements and data. It then summarizes 6 methods for replicating data between servers and explains that method 5, which converts redo logs to a replayable logical form and sends them, has good replication performance with some conversion expense. The document also provides details on replication objects, conditions for replication tables, and commands for creating, controlling, and cloning replication objects and tables.
The document discusses stack-based buffer overflow vulnerabilities. It begins with an overview of buffer overflows and demonstrates one using the Filecopa FTP server. It explains the stack structure when functions call each other and how a buffer overflow can overwrite the return address on the stack. The document then discusses three methods for finding security bugs: fuzzing, reverse engineering, and source code auditing. It walks through fuzzing the FTP server, determining the vulnerable function through reverse engineering, calculating the offset needed for the instruction pointer, addressing issues of limited space on the stack, and constructing an exploit to gain remote code execution by manipulating the ECX register and jumping to it.
This document provides instructions on installing Linux, including collecting hardware information beforehand, preparing disk partitions, booting from CD-ROM, continuing the installation process by preparing filesystems and installing packages, and basic parts of an installation kit like README files, boot disk images, and the installation CD-ROM. It also covers uninstalling or removing software packages using either the graphical Synaptic tool or command line apt-get commands. Basic Linux commands like mkdir, cd, pwd, rmdir, chown, chmod, ls, and cp are described.
The document discusses how to install, configure, and uninstall the Apache web server on Linux systems. It provides instructions for installing Apache using packages or compiling from source, editing configuration files to set up the server, and different methods for uninstalling Apache including using package managers or manually deleting files. The document also covers Apache configuration directives for the Prefork and Worker MPM modules and gives an overview of Apache filters and how to use them to manipulate HTTP request and response data.
Terraform has changed the way many organizations deploy to the cloud. With a clear configuration language you can manage countless services (providers in Terraform) and ensure they are kept in sync with your deployment needs. Learn how to build out some of the most common patterns and infrastructures against AWS and Google Cloud, and start writing your infrastructure as code today.
http://www.alfresco.com/about/events/ondemand
Watch Richard Im, our prodigy Solutions Engineer, install Alfresco from scratch.
First, doing a custom install, and then, using the Windows installer.
The process will include:
Using the tomcat bundle:
The pros and cons of using the bundle
Custom start up options
Configuring open office connection
Ensuring imagemagick binaries on path
Ensure pdf2swf
Why we have these 3 binaries part of Alfresco.
Configure Alfresco Web Content Management
Configure your database
Configuring CIFS
how linux you configure ports
How to configure Alfresco Share remotely
Starting your evaluation of alfresco Explorer:
- Configuring your own document management scenarios using content models, aspects, rules and actions.
Starting your evaluation of Alfresco Share:
- Creating your own team site so you can start your collaboratin'
And now, doing it all over again!
Except this time with the Windows installer.
This will be a very hands-on webinar. So come prepared to take notes, and do some work yourself.
The document provides instructions for installing and configuring Hadoop, HDFS, YARN, Hive, Pig, Sqoop, HBase and Spark on a single node Linux system. It includes steps for setting environment variables and configuration properties for each component as well as starting relevant services and verifying successful installations.
Ansible 2.0 includes many new features and improvements such as a revamped core, better error handling, improved inheritance models, new strategies, dynamic includes, refreshed inventory, and additional plugins. It summarizes some of the key new capabilities in Ansible 2.0 and notes that future releases will focus on continued bug fixes, bringing Windows fully out of beta, increased networking support, and improving the community process.
This document provides an overview of setting up an optimal UNIX development environment. It discusses customizing shell functions and aliases, using package managers like Homebrew and Apt to install tools, and configuring Tmux, Vim, and Zsh for productivity. Key tools demonstrated include Htop, Iftop, Grc, Glances, Oh-My-Zsh plugins, and the 'z' command for navigating directories. The document aims to remove boring defaults and make the environment highly usable for developers.
The document provides an overview of basic Linux commands and utilities for PHP developers, including commands for navigating directories (pwd, ls, cd), viewing file contents (cat, less, more), piping output between commands, file redirection, accessing systems via SSH/SCP, managing file permissions (chmod, chown), and more. The document is intended as an introduction to basic "Linux-Fu" or skills for PHP developers working with Linux systems.
This document summarizes a presentation about hacking Ansible to make it more customizable. It discusses how Ansible's plugin system allows it to be extended through modules, filters, lookups, callbacks and caches. Examples are provided of extending Ansible's core functionality by modifying files in the lib directory and writing custom plugins. The presentation also outlines how Ansible's object model works and provides an overview of its growth in modules and plugins over time.
PE Packers Used in Malicious Software - Part 2amiable_indian
The document discusses techniques for unpacking packed executable (PE) files. It begins by explaining that packed executables must eventually be unpacked in memory to be executed. It then outlines the objectives and steps to manually unpack a PE file, including locating the original entry point, dumping memory to disk, modifying the entry point and import address table. It notes that automation is preferable to manual unpacking. The document also discusses how some packers use tricks like structured exception handling and debugger detection to make unpacking more difficult.
MySQL is an open-source relational database management system that was created to be very fast, reliable and easy to use. It discusses how to install and configure MySQL, describes basic data management commands like creating databases and tables, inserting and querying data. The document also covers advantages of MySQL like being multi-threaded and some disadvantages like not supporting stored procedures initially.
Setting up a HADOOP 2.2 cluster on CentOS 6Manish Chopra
Create your own Hadoop distributed cluster using 3 virtual machines. Linux (CentOS 6 or RHEL 6) can be used, along with Java and Hadoop binary distributions.
This document summarizes some new features in PHP 5.4:
- Array syntax can now be written more concisely using square brackets instead of array functions.
- PHP 5.4 includes a built-in web server for development purposes, allowing PHP scripts to be run without Apache.
- Traits allow sharing of methods across classes to reduce code duplication, similar to mixins in Ruby.
- Closures now support accessing properties of the enclosing class scope via $this.
How to Save, backup and restore IOS on Cisco routertcpipguru
This document provides instructions for saving, backing up, and restoring configurations on a Cisco 1751 router. It describes how to save the running configuration to the startup configuration, backup the running configuration to a TFTP server, and restore a running configuration stored on a TFTP server. The TFTP server IP address is 192.168.1.15. To backup the configuration, the router copies the running configuration file to the TFTP server and names it "run-config backup". To restore, it copies the "run-config" file from the TFTP server to the router's running configuration.
SecZone 2011 - Cali, Colombia
(29th Nov. 2011)
SAP (in)security:
Scrubbing SAP clean with SOAP
------
Note
------
This is a slightly updated version of my Hashdays 2011 talk.
----------
Abstract:
----------
At the heart of any large enterprise, lies a platform misunderstood and feared by all but the bravest systems administrators. Home to a wealth of information, and key to infinite wisdom. This platform is SAP. For years this system has been amongst the many "red pen" items on penetration tests and audits alike... but no more! We will no longer accept the cries of "Business critical, out-of-scope". The time for SAP has come, the cross-hairs of attackers are firmly focused on the soft underbelly that is ERM, and it's our duty to follow suit. Join me as we take the first steps into exploring SAP, extracting information and popping shells. Leave your Nessus license at the door! It's time to scrub this SAP system clean with SOAP!
----------
Mercurial is a decentralized version control system with a simple design and high performance. It uses a graph model to represent the history of commits, with each commit having a unique identifier and references to its parent commits. Basic operations in Mercurial include checking out revisions, making commits on branches, and pulling/pushing changes between repositories to share work. Mercurial avoids problems like multiple branch heads through its branching model and by disallowing amendments to existing commits.
This document provides an overview of Flask-SQLAlchemy, which is an extension for Flask that adds support for SQLAlchemy to Flask applications. It covers basics like setting up a Flask-SQLAlchemy application, defining models, and performing CRUD operations. It also discusses more advanced topics like relationships between models, using the ORM vs manual mapping, and using the underlying SQLAlchemy API. The document includes numerous code examples to illustrate the concepts.
The document provides an overview of building Apache modules. It discusses Apache's request handling process, memory handling, and module architecture. The module architecture section describes how to structure an Apache module, including necessary includes, the module name, definition, commands (options), and configuration. It also covers registering hooks, initialization, creating new configuration directives, and logging.
Exploring Async PHP (SF Live Berlin 2019)dantleech
(note slides are missing animated gifs and video)
As PHP programmers we are used to waiting for network I/O, in general we may not even consider any other option. But why wait? Why not jump on board the Async bullet-train and experience life in the fast lane and give Go and NodeJS a run for the money. This talk will aim to make the audience aware of the benefits, opportunities, and pitfalls of asynchronous programming in PHP, and guide them through the native functionality, frameworks and PHP extensions though which it can be facilitated.
The document provides information about a reversing and malware analysis training program. It begins with a disclaimer stating that the views expressed are solely of the trainer and not the company. It then acknowledges those who supported the training program. It states that the presentation is part of a reversing and malware analysis training program currently only offered locally for free. It introduces the two trainers and provides their backgrounds and contact information. It outlines topics that will be covered including x86 assembly, instructions, stack operations, and calling conventions. It notes that a demonstration will be included.
The document discusses stack buffer overflows in Linux. It explains how functions use the stack, with arguments and return addresses pushed onto the stack. A stack buffer overflow occurs when a program writes past the end of a fixed-length buffer on the stack. This can overwrite the return address, allowing arbitrary code execution. The document demonstrates this by having a program read user input into a buffer without bounds checking. Entering more data than the buffer size crashes the program by overwriting the return address. This vulnerability can be exploited to gain control of a program's execution flow.
This document provides instructions on installing Linux, including collecting hardware information beforehand, preparing disk partitions, booting from CD-ROM, continuing the installation process by preparing filesystems and installing packages, and basic parts of an installation kit like README files, boot disk images, and the installation CD-ROM. It also covers uninstalling or removing software packages using either the graphical Synaptic tool or command line apt-get commands. Basic Linux commands like mkdir, cd, pwd, rmdir, chown, chmod, ls, and cp are described.
The document discusses how to install, configure, and uninstall the Apache web server on Linux systems. It provides instructions for installing Apache using packages or compiling from source, editing configuration files to set up the server, and different methods for uninstalling Apache including using package managers or manually deleting files. The document also covers Apache configuration directives for the Prefork and Worker MPM modules and gives an overview of Apache filters and how to use them to manipulate HTTP request and response data.
Terraform has changed the way many organizations deploy to the cloud. With a clear configuration language you can manage countless services (providers in Terraform) and ensure they are kept in sync with your deployment needs. Learn how to build out some of the most common patterns and infrastructures against AWS and Google Cloud, and start writing your infrastructure as code today.
http://www.alfresco.com/about/events/ondemand
Watch Richard Im, our prodigy Solutions Engineer, install Alfresco from scratch.
First, doing a custom install, and then, using the Windows installer.
The process will include:
Using the tomcat bundle:
The pros and cons of using the bundle
Custom start up options
Configuring open office connection
Ensuring imagemagick binaries on path
Ensure pdf2swf
Why we have these 3 binaries part of Alfresco.
Configure Alfresco Web Content Management
Configure your database
Configuring CIFS
how linux you configure ports
How to configure Alfresco Share remotely
Starting your evaluation of alfresco Explorer:
- Configuring your own document management scenarios using content models, aspects, rules and actions.
Starting your evaluation of Alfresco Share:
- Creating your own team site so you can start your collaboratin'
And now, doing it all over again!
Except this time with the Windows installer.
This will be a very hands-on webinar. So come prepared to take notes, and do some work yourself.
The document provides instructions for installing and configuring Hadoop, HDFS, YARN, Hive, Pig, Sqoop, HBase and Spark on a single node Linux system. It includes steps for setting environment variables and configuration properties for each component as well as starting relevant services and verifying successful installations.
Ansible 2.0 includes many new features and improvements such as a revamped core, better error handling, improved inheritance models, new strategies, dynamic includes, refreshed inventory, and additional plugins. It summarizes some of the key new capabilities in Ansible 2.0 and notes that future releases will focus on continued bug fixes, bringing Windows fully out of beta, increased networking support, and improving the community process.
This document provides an overview of setting up an optimal UNIX development environment. It discusses customizing shell functions and aliases, using package managers like Homebrew and Apt to install tools, and configuring Tmux, Vim, and Zsh for productivity. Key tools demonstrated include Htop, Iftop, Grc, Glances, Oh-My-Zsh plugins, and the 'z' command for navigating directories. The document aims to remove boring defaults and make the environment highly usable for developers.
The document provides an overview of basic Linux commands and utilities for PHP developers, including commands for navigating directories (pwd, ls, cd), viewing file contents (cat, less, more), piping output between commands, file redirection, accessing systems via SSH/SCP, managing file permissions (chmod, chown), and more. The document is intended as an introduction to basic "Linux-Fu" or skills for PHP developers working with Linux systems.
This document summarizes a presentation about hacking Ansible to make it more customizable. It discusses how Ansible's plugin system allows it to be extended through modules, filters, lookups, callbacks and caches. Examples are provided of extending Ansible's core functionality by modifying files in the lib directory and writing custom plugins. The presentation also outlines how Ansible's object model works and provides an overview of its growth in modules and plugins over time.
PE Packers Used in Malicious Software - Part 2amiable_indian
The document discusses techniques for unpacking packed executable (PE) files. It begins by explaining that packed executables must eventually be unpacked in memory to be executed. It then outlines the objectives and steps to manually unpack a PE file, including locating the original entry point, dumping memory to disk, modifying the entry point and import address table. It notes that automation is preferable to manual unpacking. The document also discusses how some packers use tricks like structured exception handling and debugger detection to make unpacking more difficult.
MySQL is an open-source relational database management system that was created to be very fast, reliable and easy to use. It discusses how to install and configure MySQL, describes basic data management commands like creating databases and tables, inserting and querying data. The document also covers advantages of MySQL like being multi-threaded and some disadvantages like not supporting stored procedures initially.
Setting up a HADOOP 2.2 cluster on CentOS 6Manish Chopra
Create your own Hadoop distributed cluster using 3 virtual machines. Linux (CentOS 6 or RHEL 6) can be used, along with Java and Hadoop binary distributions.
This document summarizes some new features in PHP 5.4:
- Array syntax can now be written more concisely using square brackets instead of array functions.
- PHP 5.4 includes a built-in web server for development purposes, allowing PHP scripts to be run without Apache.
- Traits allow sharing of methods across classes to reduce code duplication, similar to mixins in Ruby.
- Closures now support accessing properties of the enclosing class scope via $this.
How to Save, backup and restore IOS on Cisco routertcpipguru
This document provides instructions for saving, backing up, and restoring configurations on a Cisco 1751 router. It describes how to save the running configuration to the startup configuration, backup the running configuration to a TFTP server, and restore a running configuration stored on a TFTP server. The TFTP server IP address is 192.168.1.15. To backup the configuration, the router copies the running configuration file to the TFTP server and names it "run-config backup". To restore, it copies the "run-config" file from the TFTP server to the router's running configuration.
SecZone 2011 - Cali, Colombia
(29th Nov. 2011)
SAP (in)security:
Scrubbing SAP clean with SOAP
------
Note
------
This is a slightly updated version of my Hashdays 2011 talk.
----------
Abstract:
----------
At the heart of any large enterprise, lies a platform misunderstood and feared by all but the bravest systems administrators. Home to a wealth of information, and key to infinite wisdom. This platform is SAP. For years this system has been amongst the many "red pen" items on penetration tests and audits alike... but no more! We will no longer accept the cries of "Business critical, out-of-scope". The time for SAP has come, the cross-hairs of attackers are firmly focused on the soft underbelly that is ERM, and it's our duty to follow suit. Join me as we take the first steps into exploring SAP, extracting information and popping shells. Leave your Nessus license at the door! It's time to scrub this SAP system clean with SOAP!
----------
Mercurial is a decentralized version control system with a simple design and high performance. It uses a graph model to represent the history of commits, with each commit having a unique identifier and references to its parent commits. Basic operations in Mercurial include checking out revisions, making commits on branches, and pulling/pushing changes between repositories to share work. Mercurial avoids problems like multiple branch heads through its branching model and by disallowing amendments to existing commits.
This document provides an overview of Flask-SQLAlchemy, which is an extension for Flask that adds support for SQLAlchemy to Flask applications. It covers basics like setting up a Flask-SQLAlchemy application, defining models, and performing CRUD operations. It also discusses more advanced topics like relationships between models, using the ORM vs manual mapping, and using the underlying SQLAlchemy API. The document includes numerous code examples to illustrate the concepts.
The document provides an overview of building Apache modules. It discusses Apache's request handling process, memory handling, and module architecture. The module architecture section describes how to structure an Apache module, including necessary includes, the module name, definition, commands (options), and configuration. It also covers registering hooks, initialization, creating new configuration directives, and logging.
Exploring Async PHP (SF Live Berlin 2019)dantleech
(note slides are missing animated gifs and video)
As PHP programmers we are used to waiting for network I/O, in general we may not even consider any other option. But why wait? Why not jump on board the Async bullet-train and experience life in the fast lane and give Go and NodeJS a run for the money. This talk will aim to make the audience aware of the benefits, opportunities, and pitfalls of asynchronous programming in PHP, and guide them through the native functionality, frameworks and PHP extensions though which it can be facilitated.
The document provides information about a reversing and malware analysis training program. It begins with a disclaimer stating that the views expressed are solely of the trainer and not the company. It then acknowledges those who supported the training program. It states that the presentation is part of a reversing and malware analysis training program currently only offered locally for free. It introduces the two trainers and provides their backgrounds and contact information. It outlines topics that will be covered including x86 assembly, instructions, stack operations, and calling conventions. It notes that a demonstration will be included.
The document discusses stack buffer overflows in Linux. It explains how functions use the stack, with arguments and return addresses pushed onto the stack. A stack buffer overflow occurs when a program writes past the end of a fixed-length buffer on the stack. This can overwrite the return address, allowing arbitrary code execution. The document demonstrates this by having a program read user input into a buffer without bounds checking. Entering more data than the buffer size crashes the program by overwriting the return address. This vulnerability can be exploited to gain control of a program's execution flow.
various tricks for remote linux exploits by Seok-Ha Lee (wh1ant)CODE BLUE
Modern operating systems include hardened security mechanisms to block exploit attempts. ASLR and NX (DEP) are two examples of the mechanisms that are widely implemented for the sake of security. However, there exists ways to bypass such protections by leveraging advanced exploitation techniques. It becomes harder to achieve code execution when the exploitation originates from a remote location, such as when the attack originates from a client, targeting server daemons. In such cases it is harder to find out the context information of target systems and, therefore, harder to achieve code execution. Knowledge on the memory layout of the targeted process is a crucial piece of the puzzle in developing an exploit, but it is harder to figure out when the exploit attempt is performed remotely. Recently, there have been techniques to leverage information disclosure (memory leak) vulnerabilities to figure out where specific library modules are loaded in the memory layout space, and such classes of vulnerabilities have been proven to be useful to bypass ASLR. However, there is also a different way of figuring out the memory layout of a process running in a remote environment. This method involves probing for valid addresses in target remote process. In a Linux environment, forked child processes will inherit already randomized memory layout from the parent process. Thus every client connection made to server daemons will share the same memory layout. The memory layout randomization is only done during the startup of the parent service process, and not randomized again when it is forking a child process to handle client connections. Due to the inheritance of child processes, it is possible to figure out a small piece of different information from every connection, and these pieces can be assembled later to get the idea of a big picture of the target process's remote memory layout. Probing to see if a given address is a valid memory address in context of the target remote process and assembling such information together, an attacker can figure out where the libc library is loaded on the memory, thus allowing exploits to succeed further in code execution. One might call it brute force, but with a smart brute forcing strategy, the number of minimal required attempts are significantly reduced to less than 10 in usual cases. In this talk, we will be talking about how it is possible to probe for memory layout space utilizing a piece of code to put the target in a blocked state, and to achieve stable code execution in remote exploit attempt scenarios using such information, as well as other tricks that are often used in remote exploit development in the Linux environment.
http://codeblue.jp/en-speaker.html#SeokHaLee
This chapter discusses stack overflows in Linux. It explains buffers, the stack, functions and how the stack is used. It shows how a stack buffer overflow can be exploited by overwriting the return address on the stack to redirect program flow. The document demonstrates this by having a program read user input into a buffer without bounds checking, allowing input longer than the buffer to overwrite the return address and cause a crash. gdb is used to debug the program and examine the stack.
Slides for a college course at City College San Francisco. Based on "The Shellcoder's Handbook: Discovering and Exploiting Security Holes ", by Chris Anley, John Heasman, Felix Lindner, Gerardo Richarte; ASIN: B004P5O38Q.
Instructor: Sam Bowne
Class website: https://samsclass.info/127/127_S18.shtml
This document provides an introduction to basic assembly concepts for reverse engineering including the stack, registers, calling conventions, common operations, and recognizing common constructs like function prologues and epilogues, loops, and switch statements. It explains the stack and how it is used to pass arguments and hold local variables. It also outlines some key registers and their uses as well as basic operations like mov, add, cmp, and jcc.
The document discusses the stack and buffer overflows. It provides an overview of registers, the stack, calling conventions, and buffer overflows. It explains how buffer overflows can corrupt local variables or overwrite the return pointer. The document shows how to craft payloads to exploit buffer overflows by overwriting values on the stack, such as changing a variable or calling a function directly.
Slides for a college course at City College San Francisco. Based on "The Shellcoder's Handbook: Discovering and Exploiting Security Holes ", by Chris Anley, John Heasman, Felix Lindner, Gerardo Richarte; ASIN: B004P5O38Q.
Instructor: Sam Bowne
Class website: https://samsclass.info/127/127_F19.shtml
This document provides an overview of x86 assembly language and the GNU Debugger (GDB). It describes the process of creating an executable file from source code using preprocessing, compilation, assembly and linking. It also covers x86 registers, common instructions like MOV, PUSH, CALL and RET. The document introduces Intel and AT&T syntax and system calls. Finally, it outlines basic operations and commands in GDB like breaking, running, examining memory and registers.
A college lecture at City College San Francisco. Based on "The Shellcoder's Handbook: Discovering and Exploiting Security Holes ", by Chris Anley, John Heasman, Felix Lindner, Gerardo Richarte; ASIN: B004P5O38Q.
Instructor: Sam Bowne
Class website: https://samsclass.info/127/127_S17.shtml
This document discusses return oriented programming (ROP) as a technique for exploiting buffer overflows. It explains that on x86, the return address is stored on the stack, so by overflowing a buffer an attacker can control program flow. It then describes different ROP techniques like calling library functions or using "gadgets" that end in return to chain together snippets of code to achieve objectives like executing a shell.
An introduction to exploit development.
I gave this talk at Hack the North 2014, and most of this information is pulled out of classics like Smashing the Stack for Fun and Profit, so there shouldn't be anything novel in here.
Lecture slides that I used in Advanced Information Security Summer School (AIS3, 2016 & 2018) in Taiwan. https://ais3.org/
台湾の高度セキュリティ人材育成プログラム(AIS3, 2016/2018)の講義で利用した講義資料です。
The document discusses various techniques for exploiting buffer overflows to bypass data execution prevention (DEP) protections, including return-oriented programming (ROP). It describes using Windows API functions like VirtualAlloc to allocate executable memory and copy shellcode. ROP gadgets can be used to craft the stack and call the API functions with the correct parameters, such as allocating memory at a given address and size and marking it executable. The document provides an example stack layout to call VirtualAlloc and memcpy to allocate and copy shellcode into executable memory to bypass DEP.
The Y86 architecture has 8 32-bit registers, 3 condition codes (ZF, SF, OF), a program counter (PC), and up to 4GB of memory. It supports normal, register, and displacement addressing modes. Instructions include arithmetic, logical operations, jumps, calls, returns, and memory load/store. The execution cycle fetches, decodes, executes, and updates the PC for each instruction. Condition codes track the results of arithmetic operations for conditional jumps.
A humble introduction to ROP chaining basics. The ppt deals with what is ROP. It builds the basics by introducing basics of buffer overflow and then talks about ROPs and why they are needed. It also has animated videos to help understand the layout of the stack clearly.
The document provides an overview of buffer overflow vulnerabilities including:
1) It explains how buffer overflows work by writing more data to a buffer than it was allocated to hold, overwriting adjacent memory.
2) An example is given of a function that is vulnerable to buffer overflow by copying user input into a fixed-size buffer without checks.
3) It shows how by passing too much input data, the buffer can be overflown and the return address on the stack overwritten to point to the injected data instead of the intended return location.
The document discusses analyzing malicious Word documents that use obfuscated macros. It notes that the Emotet malware has been using such Word documents to download executable payloads via PowerShell scripts. It provides information on how macros are stored in older vs. newer Word file formats. It then lists and describes several tools that can be used to extract macros from Word documents, including oledump and oletools. It highlights that olevba can extract and analyze VBA macro source code. Finally, it mentions that macros may contain unused code, junk code, obfuscation, and replaced strings, with the PowerShell code being used for downloading payloads via obfuscated URLs, and that the Visual Basic for Applications Editor can be used
My #hacktrickconf presentation about Joshua Drake's Stagefright vulnerability.
This is the English version of my presentation:
http://www.slideshare.net/oguzhantopgul/androidin-yeni-kabusu-medya-dosyalari-media-files-androids-new-nightmare-52578473
I tried to explain the details of CVE-2015-1538, P0004, Google Stagefright ‘stts’ MP4 Atom Integer Overflow Remote Code Execution vulnerability
Use PyCharm for remote debugging of WSL on a Windo cf5c162d672e4e58b4dde5d797...shadow0702a
This document serves as a comprehensive step-by-step guide on how to effectively use PyCharm for remote debugging of the Windows Subsystem for Linux (WSL) on a local Windows machine. It meticulously outlines several critical steps in the process, starting with the crucial task of enabling permissions, followed by the installation and configuration of WSL.
The guide then proceeds to explain how to set up the SSH service within the WSL environment, an integral part of the process. Alongside this, it also provides detailed instructions on how to modify the inbound rules of the Windows firewall to facilitate the process, ensuring that there are no connectivity issues that could potentially hinder the debugging process.
The document further emphasizes on the importance of checking the connection between the Windows and WSL environments, providing instructions on how to ensure that the connection is optimal and ready for remote debugging.
It also offers an in-depth guide on how to configure the WSL interpreter and files within the PyCharm environment. This is essential for ensuring that the debugging process is set up correctly and that the program can be run effectively within the WSL terminal.
Additionally, the document provides guidance on how to set up breakpoints for debugging, a fundamental aspect of the debugging process which allows the developer to stop the execution of their code at certain points and inspect their program at those stages.
Finally, the document concludes by providing a link to a reference blog. This blog offers additional information and guidance on configuring the remote Python interpreter in PyCharm, providing the reader with a well-rounded understanding of the process.
Electric vehicle and photovoltaic advanced roles in enhancing the financial p...IJECEIAES
Climate change's impact on the planet forced the United Nations and governments to promote green energies and electric transportation. The deployments of photovoltaic (PV) and electric vehicle (EV) systems gained stronger momentum due to their numerous advantages over fossil fuel types. The advantages go beyond sustainability to reach financial support and stability. The work in this paper introduces the hybrid system between PV and EV to support industrial and commercial plants. This paper covers the theoretical framework of the proposed hybrid system including the required equation to complete the cost analysis when PV and EV are present. In addition, the proposed design diagram which sets the priorities and requirements of the system is presented. The proposed approach allows setup to advance their power stability, especially during power outages. The presented information supports researchers and plant owners to complete the necessary analysis while promoting the deployment of clean energy. The result of a case study that represents a dairy milk farmer supports the theoretical works and highlights its advanced benefits to existing plants. The short return on investment of the proposed approach supports the paper's novelty approach for the sustainable electrical system. In addition, the proposed system allows for an isolated power setup without the need for a transmission line which enhances the safety of the electrical network
Software Engineering and Project Management - Introduction, Modeling Concepts...Prakhyath Rai
Introduction, Modeling Concepts and Class Modeling: What is Object orientation? What is OO development? OO Themes; Evidence for usefulness of OO development; OO modeling history. Modeling
as Design technique: Modeling, abstraction, The Three models. Class Modeling: Object and Class Concept, Link and associations concepts, Generalization and Inheritance, A sample class model, Navigation of class models, and UML diagrams
Building the Analysis Models: Requirement Analysis, Analysis Model Approaches, Data modeling Concepts, Object Oriented Analysis, Scenario-Based Modeling, Flow-Oriented Modeling, class Based Modeling, Creating a Behavioral Model.
Batteries -Introduction – Types of Batteries – discharging and charging of battery - characteristics of battery –battery rating- various tests on battery- – Primary battery: silver button cell- Secondary battery :Ni-Cd battery-modern battery: lithium ion battery-maintenance of batteries-choices of batteries for electric vehicle applications.
Fuel Cells: Introduction- importance and classification of fuel cells - description, principle, components, applications of fuel cells: H2-O2 fuel cell, alkaline fuel cell, molten carbonate fuel cell and direct methanol fuel cells.
Advanced control scheme of doubly fed induction generator for wind turbine us...IJECEIAES
This paper describes a speed control device for generating electrical energy on an electricity network based on the doubly fed induction generator (DFIG) used for wind power conversion systems. At first, a double-fed induction generator model was constructed. A control law is formulated to govern the flow of energy between the stator of a DFIG and the energy network using three types of controllers: proportional integral (PI), sliding mode controller (SMC) and second order sliding mode controller (SOSMC). Their different results in terms of power reference tracking, reaction to unexpected speed fluctuations, sensitivity to perturbations, and resilience against machine parameter alterations are compared. MATLAB/Simulink was used to conduct the simulations for the preceding study. Multiple simulations have shown very satisfying results, and the investigations demonstrate the efficacy and power-enhancing capabilities of the suggested control system.
3. DYNAMIC MEMORY ALLOCATION
CPU REGISTERS
▸ EIP: Instruction Pointer - Next instruction to be executed
▸ ESP: Stack Pointer - Top of the stack
▸ EBP: Base Pointer - Base of the stack
▸ EAX: Accumulator Register - Generally holds the return value
▸ EBX: Base Register - Generally used to address memory
▸ ECX: Counter Register - Generally used in shift, rotate instructions and loops
▸ EDX: Data Register - Generally used in arithmetic and I/O operations
▸ ESI: Source Index Register
▸ EDI: Destination Index Register
5. DYNAMIC MEMORY ALLOCATION
PROGRAM MEMORY
.TEXT
.DATA
HEAP
STACK
.BSS
LOW MEMORY ADDRESS
HIGH MEMORY ADDRESS
- a.k.a initialized data
- global variables w/ pre-defined value
- static variables w/ pre-defined value
within the functions
keeps its value between invocations
#include <stdio.h>
void foo()
{
int a = 10;
static int sa = 10;
a += 5;
sa += 5;
printf("a = %d, sa = %dn", a, sa);
}
int main()
{
int i;
for (i = 0; i < 10; ++i)
foo();
}
a = 15, sa = 15
a = 15, sa = 20
a = 15, sa = 25
a = 15, sa = 30
a = 15, sa = 35
a = 15, sa = 40
a = 15, sa = 45
a = 15, sa = 50
a = 15, sa = 55
a = 15, sa = 60
6. DYNAMIC MEMORY ALLOCATION
PROGRAM MEMORY
.TEXT
.DATA
HEAP
STACK
.BSS
LOW MEMORY ADDRESS
HIGH MEMORY ADDRESS
- a.k.a uninitialized data
- global variables w/o pre-defined value
- static variables w/o predefined value
within the functions
7. DYNAMIC MEMORY ALLOCATION
PROGRAM MEMORY
.TEXT
.DATA
HEAP
STACK
.BSS
LOW MEMORY ADDRESS
HIGH MEMORY ADDRESS
- grows low->high
- malloc, calloc, realloc, free
- shared by all
- threads,
- shared libraries
- dynamically loaded modules
8. DYNAMIC MEMORY ALLOCATION
PROGRAM MEMORY
.TEXT
.DATA
HEAP
STACK
.BSS
LOW MEMORY ADDRESS
HIGH MEMORY ADDRESS
- LIFO
- On x86, stack grows Higher->Lower
- What’s stored in Stack:
- Function arguments,
- Local variables
- Function return address
- PUSH adds to the top, POP removes from top
} Stack Frame
9. #include <stdio.h>
int x = 20;
int y;
int main()
{
char buf[5];
for (i = 0; i < 10; ++i)
foo(15);
}
void foo(int arg)
{
int a = 10;
static int sa = 10;
sa += 5;
char* int = malloc(10 * sizeof(int));
printf("sa = %dn”,sa);
}
DYNAMIC MEMORY ALLOCATION
PROGRAM MEMORY
.TEXT
.DATA
HEAP
STACK
.BSS
LOW MEMORY ADDRESS
HIGH MEMORY ADDRESS
11. DYNAMIC MEMORY ALLOCATION
STACK
LOW MEMORY ADDRESS
HIGH MEMORY ADDRESS
- Stack Pointer (SP, ESP) tracks the top of the
stack (last address on the stack)
- Changes during the execution (PUSH&POP)
- Base Pointer (BP, EBP) a.k.a Frame Pointer (FP)
shows the bottom of the stack
- Fixed during the execution
- local variables and arguments are
referenced by their offset from EBP
EBP
ARG 1
ARG 2
LOCAL VAR 2
LOCAL VAR 1
EBP + 8
EBP + 12
EBP - 8
EBP - 4
ESP
RETURN ADDREBP + 4
12. DYNAMIC MEMORY ALLOCATION
STACK
LOW MEMORY ADDRESS
HIGH MEMORY ADDRESS
int main()
{
function(1,2,3);
}
void function(int a, int b, int c)
{
char buffer1[5];
}
<function>:
push ebp
mov ebp,esp
sub esp,0x10
call 11ba <__x86.get_pc_thunk.ax>
add eax,0x2e6c
nop
leave
ret
<main>:
push ebp
mov ebp,esp
call 11ba <__x86.get_pc_thunk.ax>
add eax,0x2e5c
push 0x3
push 0x2
push 0x1
call 1189 <function>
add esp,0xc
nop
leave
ret
EBP - MAIN ESP
13. DYNAMIC MEMORY ALLOCATION
STACK
LOW MEMORY ADDRESS
HIGH MEMORY ADDRESS
int main()
{
function(1,2,3);
}
void function(int a, int b, int c)
{
char buffer1[5];
}
ARG 3
EBP - MAIN
<function>:
push ebp
mov ebp,esp
sub esp,0x10
call 11ba <__x86.get_pc_thunk.ax>
add eax,0x2e6c
nop
leave
ret
<main>:
push ebp
mov ebp,esp
call 11ba <__x86.get_pc_thunk.ax>
add eax,0x2e5c
push 0x3
push 0x2
push 0x1
call 1189 <function>
add esp,0xc
nop
leave
ret
ESP
14. DYNAMIC MEMORY ALLOCATION
STACK
LOW MEMORY ADDRESS
HIGH MEMORY ADDRESS
int main()
{
function(1,2,3);
}
void function(int a, int b, int c)
{
char buffer1[5];
}
ARG 3
EBP - MAIN
<function>:
push ebp
mov ebp,esp
sub esp,0x10
call 11ba <__x86.get_pc_thunk.ax>
add eax,0x2e6c
nop
leave
ret
<main>:
push ebp
mov ebp,esp
call 11ba <__x86.get_pc_thunk.ax>
add eax,0x2e5c
push 0x3
push 0x2
push 0x1
call 1189 <function>
add esp,0xc
nop
leave
ret
ARG 2 ESP
15. DYNAMIC MEMORY ALLOCATION
STACK
LOW MEMORY ADDRESS
HIGH MEMORY ADDRESS
int main()
{
function(1,2,3);
}
void function(int a, int b, int c)
{
char buffer1[5];
}
ARG 3
EBP - MAIN
<function>:
push ebp
mov ebp,esp
sub esp,0x10
call 11ba <__x86.get_pc_thunk.ax>
add eax,0x2e6c
nop
leave
ret
<main>:
push ebp
mov ebp,esp
call 11ba <__x86.get_pc_thunk.ax>
add eax,0x2e5c
push 0x3
push 0x2
push 0x1
call 1189 <function>
add esp,0xc
nop
leave
ret
ARG 2
ARG 1 ESP
16. DYNAMIC MEMORY ALLOCATION
STACK
LOW MEMORY ADDRESS
HIGH MEMORY ADDRESS
int main()
{
function(1,2,3);
}
void function(int a, int b, int c)
{
char buffer1[5];
}
ARG 3
EBP - MAIN
<function>:
push ebp
mov ebp,esp
sub esp,0x10
call 11ba <__x86.get_pc_thunk.ax>
add eax,0x2e6c
nop
leave
ret
<main>:
push ebp
mov ebp,esp
call 11ba <__x86.get_pc_thunk.ax>
add eax,0x2e5c
push 0x3
push 0x2
push 0x1
call 1189 <function>
add esp,0xc
nop
leave
ret
ARG 2
ARG 1
RETURN ADDR ESP
EIP
{
PUSH EIP
JMP function
17. DYNAMIC MEMORY ALLOCATION
STACK
LOW MEMORY ADDRESS
HIGH MEMORY ADDRESS
int main()
{
function(1,2,3);
}
void function(int a, int b, int c)
{
char buffer1[5];
}
ARG 3
EBP - MAIN
<function>:
push ebp
mov ebp,esp
sub esp,0x10
call 11ba <__x86.get_pc_thunk.ax>
add eax,0x2e6c
nop
leave
ret
<main>:
push ebp
mov ebp,esp
call 11ba <__x86.get_pc_thunk.ax>
add eax,0x2e5c
push 0x3
push 0x2
push 0x1
call 1189 <function>
add esp,0xc
nop
leave
ret
ARG 2
ARG 1
RETURN ADDR
EBP - FUNCTION ESP
18. DYNAMIC MEMORY ALLOCATION
STACK
LOW MEMORY ADDRESS
HIGH MEMORY ADDRESS
EBP - FUNCTION
ARG 1
ARG 2
EBP + 8
EBP + 12
EBP - 8
EBP - 4
RETURN ADDREBP + 4
int main()
{
function(1,2,3);
}
void function(int a, int b, int c)
{
char buffer1[5];
}
ARG 3EBP + 16
EBP - 12
EBP - 16 ESP
EBP - MAIN
<function>:
push ebp
mov ebp,esp
sub esp,0x10
call 11ba <__x86.get_pc_thunk.ax>
add eax,0x2e6c
nop
leave
ret
<main>:
push ebp
mov ebp,esp
call 11ba <__x86.get_pc_thunk.ax>
add eax,0x2e5c
push 0x3
push 0x2
push 0x1
call 1189 <function>
add esp,0xc
nop
leave
ret
19. DYNAMIC MEMORY ALLOCATIONTEXT
STACK
LOW MEMORY ADDRESS
HIGH MEMORY ADDRESS
ARG 1
ARG 2
RETURN ADDR
int main()
{
function(1,2,3);
}
void function(int a, int b, int c)
{
char buffer1[5];
}
ARG 3
EBP - MAIN
<function>:
push ebp
mov ebp,esp
sub esp,0x10
call 11ba <__x86.get_pc_thunk.ax>
add eax,0x2e6c
nop
leave
ret
<main>:
push ebp
mov ebp,esp
call 11ba <__x86.get_pc_thunk.ax>
add eax,0x2e5c
push 0x3
push 0x2
push 0x1
call 1189 <function>
add esp,0xc
nop
leave
ret
ESP
{
RESTORE ALLOCATED MEMORY
POP EBP
POP RETURN ADDR
JMP RETURN ADDR
20. DYNAMIC MEMORY ALLOCATION
STACK
LOW MEMORY ADDRESS
HIGH MEMORY ADDRESS
ARG 1
ARG 2
int main()
{
function(1,2,3);
}
void function(int a, int b, int c)
{
char buffer1[5];
}
ARG 3
EBP - MAIN
<function>:
push ebp
mov ebp,esp
sub esp,0x10
call 11ba <__x86.get_pc_thunk.ax>
add eax,0x2e6c
nop
leave
ret
<main>:
push ebp
mov ebp,esp
call 11ba <__x86.get_pc_thunk.ax>
add eax,0x2e5c
push 0x3
push 0x2
push 0x1
call 1189 <function>
add esp,0xc
nop
leave
ret
ESP
21. DYNAMIC MEMORY ALLOCATION
STACK
LOW MEMORY ADDRESS
HIGH MEMORY ADDRESS
int main()
{
function(1,2,3);
}
void function(int a, int b, int c)
{
char buffer1[5];
}
EBP - MAIN
<function>:
push ebp
mov ebp,esp
sub esp,0x10
call 11ba <__x86.get_pc_thunk.ax>
add eax,0x2e6c
nop
leave
ret
<main>:
push ebp
mov ebp,esp
call 11ba <__x86.get_pc_thunk.ax>
add eax,0x2e5c
push 0x3
push 0x2
push 0x1
call 1189 <function>
add esp,0xc
nop
leave
ret
ESP
44. DYNAMIC MEMORY ALLOCATION
BUFFER OVERFLOW
int main()
{
char large_string[256];
int i;
for(i = 0; i < 255; i++)
large_string[i] = 'A';
char buffer[16];
strcpy(buffer, large_string);
}
int main(int argc, char **argv)
{
char buffer[16];
gets(buffer);
}
▸ What happens if you fill the buffer with a user input?
▸ User can enter an input with the length > 16
45. HIGH MEMORY ADDRESS
EBP - MAIN
ECX
0x00 0x00 0x00 0xff
0x410x410x410x41
0x410x410x410x41
0x410x410x410x41
.
.
.
0x410x410x410x41
EBP - FUNCTION
EBX
RETURN ADDR
ADDRESS OF LARGE_STRING
16 BYTE BUFFER
0x410x410x410x41
0x410x410x410x41
0x410x410x410x41
user codemyofAddress
0x41 0x41 0x41 0x41 0x41 0x41 0x41 0x41 0x41 0x41 0x41
USER CODE
BUFFER OVERFLOW
▸ Overwrite the return address
▸ Change the program flow
DYNAMIC MEMORY ALLOCATION