June 22nd, 2008 Anthony Towry
The team over at Remote-Exploit.org have finalized version 3 of their amazingly useful and ever popular Linux security LiveCD, Backtrack. If you've been hanging around security folks very long you're probably familiar with the capabilities of this distribution. If you haven't checked it out, this is a great time to jump into it. Take a look at the new ISO at http://www.remote-exploit.org.
Thanks for all the hard work Remote-Exploit.org guys!
Posted in Operating Systems, Security | No Comments »
March 15th, 2008 Anthony Towry
The Mono Project has recently reached a major milestone with it's release of Mono 2.0 Beta. The new beta of the framework supports .Net 2.0 and some preview support of 3.5 functionality. This is a pretty incredible project when you stop to think about it.
Read the rest of this entry »
Posted in Programming | No Comments »
February 6th, 2008 Anthony Towry
In this episode of The Decision, I cover some of the issues that people run into as they start experimenting and exploring stack-based buffer overflows on Linux. Stack smashing is an interesting and rewarding exercise for security enthusiasts. It perfectly illustrates the idea of what can go wrong when trusting user input.
Hopefully with a handful of tips on the "gotchas" we can make it a bit less frustrating at the start. Read the rest of this entry »
Issues With Stack Smashing [36:03m]:
Play Now |
Play in Popup |
Download (157)
Posted in Podcast | No Comments »
November 17th, 2007 Anthony Towry
I recently started looking back into programming IA-32 ASM using nasm on Linux and came across a hell of a book written by a former professor at Carleton University in Ontario. What's peculiar about this book is that it spends a good 100 pages banging out hardware nuances to the reader, then as soon as you get going into some of the ASM stuff it provides the reader with a sweet macro file for the day-to-day coding. It's always interesting to see what certain instructors find important.
I've looked at Linux assembly before so a lot of what is contained in the macros isn't all that surprising, but I wonder if using the file from the beginning will make my prior knowledge jell-0 before the day's out. Moreover, I wonder if it's going to hurt me when I start looking at what I care about (deadlistings of malware/sploits/etc.).
At any rate, I figure I'll give the late Prof. Dandamudi's way of learning a try. Check out his sweet macro file and other material here.
Posted in Uncategorized | No Comments »
October 31st, 2007 Anthony Towry
Today on bugtraq Michal Zalewski , a noted security researcher who pounds out some pretty cool tools, posted a new fuzzer for the C language. Bunny the Fuzzer is available through Google Code.
So, if you know me personally, you know that lately I've been pretty drawn to fuzzing and Read the rest of this entry »
Posted in Security, Testing | No Comments »
