home.social
Sign in Create account

#aslr — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #aslr, aggregated by home.social.

  1. alip @[email protected] ·

    #gVisor recently got its own #ASLR implementation. OTOH, #Sydbox uses ASLR provided by the #Linux #kernel and enforces PIE executables. #HardenedBSD has a sysctl to enforce PIE as well: man.exherbo.org/syd.7.html#Enf #exherbo #linux #security

    #gvisor #aslr #sydbox #linux #kernel #hardenedbsd
  2. alip @[email protected] ·

    #gVisor recently got its own #ASLR implementation. OTOH, #Sydbox uses ASLR provided by the #Linux #kernel and enforces PIE executables. #HardenedBSD has a sysctl to enforce PIE as well: man.exherbo.org/syd.7.html#Enf #exherbo #linux #security

    #gvisor #aslr #sydbox #linux #kernel #hardenedbsd
  3. alip @[email protected] ·

    #gVisor recently got its own #ASLR implementation. OTOH, #Sydbox uses ASLR provided by the #Linux #kernel and enforces PIE executables. #HardenedBSD has a sysctl to enforce PIE as well: man.exherbo.org/syd.7.html#Enf #exherbo #linux #security

    #gvisor #aslr #sydbox #linux #kernel #hardenedbsd
  4. alip @[email protected] ·

    #gVisor recently got its own #ASLR implementation. OTOH, #Sydbox uses ASLR provided by the #Linux #kernel and enforces PIE executables. #HardenedBSD has a sysctl to enforce PIE as well: man.exherbo.org/syd.7.html#Enf #exherbo #linux #security

    #security #exherbo #hardenedbsd #kernel #linux #sydbox
  5. alip @[email protected] ·

    #gVisor recently got its own #ASLR implementation. OTOH, #Sydbox uses ASLR provided by the #Linux #kernel and enforces PIE executables. #HardenedBSD has a sysctl to enforce PIE as well: man.exherbo.org/syd.7.html#Enf #exherbo #linux #security

    #gvisor #aslr #sydbox #linux #kernel #hardenedbsd
  6. Alexandre Borges @[email protected] ·

    No Leak, No Problem - Bypassing ASLR with a ROP Chain to Gain RCE;

    modzero.com/en/blog/no-leak-no

    #exploitation #cve #rce #rop #aslr #arm #iot

    #exploitation #cve #rce #rop #aslr #arm
  7. Alexandre Borges @[email protected] ·

    No Leak, No Problem - Bypassing ASLR with a ROP Chain to Gain RCE;

    modzero.com/en/blog/no-leak-no

    #exploitation #cve #rce #rop #aslr #arm #iot

    #exploitation #cve #rce #rop #aslr #arm
  8. Alexandre Borges @[email protected] ·

    No Leak, No Problem - Bypassing ASLR with a ROP Chain to Gain RCE;

    modzero.com/en/blog/no-leak-no

    #exploitation #cve #rce #rop #aslr #arm #iot

    #exploitation #cve #rce #rop #aslr #arm
  9. Alexandre Borges @[email protected] ·

    No Leak, No Problem - Bypassing ASLR with a ROP Chain to Gain RCE;

    modzero.com/en/blog/no-leak-no

    #exploitation #cve #rce #rop #aslr #arm #iot

    #iot #arm #aslr #rop #rce #cve
  10. Alexandre Borges @[email protected] ·

    No Leak, No Problem - Bypassing ASLR with a ROP Chain to Gain RCE;

    modzero.com/en/blog/no-leak-no

    #exploitation #cve #rce #rop #aslr #arm #iot

    #exploitation #cve #rce #rop #aslr #arm
  11. Habr @[email protected] ·

    Как системщику остаться в живых: харденинг, который не убьет ваш перфоманс

    Здравствуйте, меня зовут Анна Мелехова. Я старший архитектор в отделе развития архитектуры KasperskyOS. В статье я хочу поделиться практическим опытом системной разработки, которой я занималась сначала в проекте по виртуализации, а теперь в «Лаборатории Касперского», где мы делаем микроядерную операционную систему с повышенными требованиями к безопасности – KasperskyOS . Когда вы работаете в такой среде, быстро понимаете: харденинг – это не красивые галочки в чек-листе, а набор очень конкретных, очень практических решений, которые должны и защищать, и минимально снижать производительность. О них я и расскажу, а в конце дам личный топ самых полезных харденингов, которые бустят security и не снижают performance.

    habr.com/ru/companies/kaspersk

    #kasperskyos #системное_программирование #харденинг #canary #aslr #cfi

    #kasperskyos #системное_программирование #харденинг #canary #aslr #cfi
  12. Habr @[email protected] ·

    Как системщику остаться в живых: харденинг, который не убьет ваш перфоманс

    Здравствуйте, меня зовут Анна Мелехова. Я старший архитектор в отделе развития архитектуры KasperskyOS. В статье я хочу поделиться практическим опытом системной разработки, которой я занималась сначала в проекте по виртуализации, а теперь в «Лаборатории Касперского», где мы делаем микроядерную операционную систему с повышенными требованиями к безопасности – KasperskyOS . Когда вы работаете в такой среде, быстро понимаете: харденинг – это не красивые галочки в чек-листе, а набор очень конкретных, очень практических решений, которые должны и защищать, и минимально снижать производительность. О них я и расскажу, а в конце дам личный топ самых полезных харденингов, которые бустят security и не снижают performance.

    habr.com/ru/companies/kaspersk

    #kasperskyos #системное_программирование #харденинг #canary #aslr #cfi

    #kasperskyos #системное_программирование #харденинг #canary #aslr #cfi
  13. Habr @[email protected] ·

    Как системщику остаться в живых: харденинг, который не убьет ваш перфоманс

    Здравствуйте, меня зовут Анна Мелехова. Я старший архитектор в отделе развития архитектуры KasperskyOS. В статье я хочу поделиться практическим опытом системной разработки, которой я занималась сначала в проекте по виртуализации, а теперь в «Лаборатории Касперского», где мы делаем микроядерную операционную систему с повышенными требованиями к безопасности – KasperskyOS . Когда вы работаете в такой среде, быстро понимаете: харденинг – это не красивые галочки в чек-листе, а набор очень конкретных, очень практических решений, которые должны и защищать, и минимально снижать производительность. О них я и расскажу, а в конце дам личный топ самых полезных харденингов, которые бустят security и не снижают performance.

    habr.com/ru/companies/kaspersk

    #kasperskyos #системное_программирование #харденинг #canary #aslr #cfi

    #kasperskyos #системное_программирование #харденинг #canary #aslr #cfi
  14. Habr @[email protected] ·

    Как системщику остаться в живых: харденинг, который не убьет ваш перфоманс

    Здравствуйте, меня зовут Анна Мелехова. Я старший архитектор в отделе развития архитектуры KasperskyOS. В статье я хочу поделиться практическим опытом системной разработки, которой я занималась сначала в проекте по виртуализации, а теперь в «Лаборатории Касперского», где мы делаем микроядерную операционную систему с повышенными требованиями к безопасности – KasperskyOS . Когда вы работаете в такой среде, быстро понимаете: харденинг – это не красивые галочки в чек-листе, а набор очень конкретных, очень практических решений, которые должны и защищать, и минимально снижать производительность. О них я и расскажу, а в конце дам личный топ самых полезных харденингов, которые бустят security и не снижают performance.

    habr.com/ru/companies/kaspersk

    #kasperskyos #системное_программирование #харденинг #canary #aslr #cfi

    #cfi #aslr #canary #харденинг #системное_программирование #kasperskyos
  15. N-gated Hacker News @[email protected] ·

    💻🔓 "Because who needs security when you have a fancy ROP chain to unravel ASLR? Watch in awe as we pretend it's 2005 and marvel at #hacking the unhackable! 🎩✨"
    modzero.com/en/blog/no-leak-no #reverseengineering #ASLR #ROPchain #cybersecurity #HackerNews #ngated

    #hacking #reverseengineering #aslr #ropchain #cybersecurity #hackernews
  16. N-gated Hacker News @[email protected] ·

    💻🔓 "Because who needs security when you have a fancy ROP chain to unravel ASLR? Watch in awe as we pretend it's 2005 and marvel at #hacking the unhackable! 🎩✨"
    modzero.com/en/blog/no-leak-no #reverseengineering #ASLR #ROPchain #cybersecurity #HackerNews #ngated

    #hacking #reverseengineering #aslr #ropchain #cybersecurity #hackernews
  17. N-gated Hacker News @[email protected] ·

    💻🔓 "Because who needs security when you have a fancy ROP chain to unravel ASLR? Watch in awe as we pretend it's 2005 and marvel at #hacking the unhackable! 🎩✨"
    modzero.com/en/blog/no-leak-no #reverseengineering #ASLR #ROPchain #cybersecurity #HackerNews #ngated

    #ngated #hackernews #cybersecurity #ropchain #aslr #reverseengineering
  18. N-gated Hacker News @[email protected] ·

    💻🔓 "Because who needs security when you have a fancy ROP chain to unravel ASLR? Watch in awe as we pretend it's 2005 and marvel at #hacking the unhackable! 🎩✨"
    modzero.com/en/blog/no-leak-no #reverseengineering #ASLR #ROPchain #cybersecurity #HackerNews #ngated

    #hacking #reverseengineering #aslr #ropchain #cybersecurity #hackernews
  19. Hacker News @[email protected] ·

    No Leak, No Problem – Bypassing ASLR with a ROP Chain to Gain RCE

    modzero.com/en/blog/no-leak-no

    #HackerNews #NoLeakNoProblem #ROPChain #RCE #SecurityResearch #ASLR #Exploit

    #hackernews #noleaknoproblem #ropchain #rce #securityresearch #aslr
  20. Hacker News @[email protected] ·

    No Leak, No Problem – Bypassing ASLR with a ROP Chain to Gain RCE

    modzero.com/en/blog/no-leak-no

    #HackerNews #NoLeakNoProblem #ROPChain #RCE #SecurityResearch #ASLR #Exploit

    #hackernews #noleaknoproblem #ropchain #rce #securityresearch #aslr
  21. Hacker News @[email protected] ·

    No Leak, No Problem – Bypassing ASLR with a ROP Chain to Gain RCE

    modzero.com/en/blog/no-leak-no

    #HackerNews #NoLeakNoProblem #ROPChain #RCE #SecurityResearch #ASLR #Exploit

    #hackernews #noleaknoproblem #ropchain #rce #securityresearch #aslr
  22. Hacker News @[email protected] ·

    No Leak, No Problem – Bypassing ASLR with a ROP Chain to Gain RCE

    modzero.com/en/blog/no-leak-no

    #HackerNews #NoLeakNoProblem #ROPChain #RCE #SecurityResearch #ASLR #Exploit

    #exploit #aslr #securityresearch #rce #ropchain #noleaknoproblem
  23. Hacker News @[email protected] ·

    No Leak, No Problem – Bypassing ASLR with a ROP Chain to Gain RCE

    modzero.com/en/blog/no-leak-no

    #HackerNews #NoLeakNoProblem #ROPChain #RCE #SecurityResearch #ASLR #Exploit

    #hackernews #noleaknoproblem #ropchain #rce #securityresearch #aslr
  24. alip @[email protected] ·

    #ASLR used to be "A Single Leak Required", now it's even better, nothing is required! #linux #security googleprojectzero.blogspot.com

    #aslr #linux #security
  25. alip @[email protected] ·

    #ASLR used to be "A Single Leak Required", now it's even better, nothing is required! #linux #security googleprojectzero.blogspot.com

    #aslr #linux #security
  26. alip @[email protected] ·

    #ASLR used to be "A Single Leak Required", now it's even better, nothing is required! #linux #security googleprojectzero.blogspot.com

    #security #linux #aslr
  27. alip @[email protected] ·

    #ASLR used to be "A Single Leak Required", now it's even better, nothing is required! #linux #security googleprojectzero.blogspot.com

    #aslr #linux #security
  28. Gilgwath @[email protected] ·

    Every one appreciates a good #security pun, so let me educate you on #bufferoverrun.
    Don't let your stack get whacked, otherwise you'll get thoroughly #hacked.
    Don't be a rookie and use a good stack cookie, lest things get spooky.
    To bring you security up to par, you best add some #ASLR

    #vulnerability #informationsecurity #infosec #programming #hacking #bufferbloat #stacksmashing

    #security #bufferoverrun #hacked #aslr #vulnerability #informationsecurity
  29. Gilgwath @[email protected] ·

    Every one appreciates a good #security pun, so let me educate you on #bufferoverrun.
    Don't let your stack get whacked, otherwise you'll get thoroughly #hacked.
    Don't be a rookie and use a good stack cookie, lest things get spooky.
    To bring you security up to par, you best add some #ASLR

    #vulnerability #informationsecurity #infosec #programming #hacking #bufferbloat #stacksmashing

    #security #bufferoverrun #hacked #aslr #vulnerability #informationsecurity
  30. Gilgwath @[email protected] ·

    Every one appreciates a good #security pun, so let me educate you on #bufferoverrun.
    Don't let your stack get whacked, otherwise you'll get thoroughly #hacked.
    Don't be a rookie and use a good stack cookie, lest things get spooky.
    To bring you security up to par, you best add some #ASLR

    #vulnerability #informationsecurity #infosec #programming #hacking #bufferbloat #stacksmashing

    #security #bufferoverrun #hacked #aslr #vulnerability #informationsecurity
  31. Gilgwath @[email protected] ·

    Every one appreciates a good #security pun, so let me educate you on #bufferoverrun.
    Don't let your stack get whacked, otherwise you'll get thoroughly #hacked.
    Don't be a rookie and use a good stack cookie, lest things get spooky.
    To bring you security up to par, you best add some #ASLR

    #vulnerability #informationsecurity #infosec #programming #hacking #bufferbloat #stacksmashing

    #stacksmashing #bufferbloat #hacking #programming #infosec #informationsecurity
  32. Gilgwath @[email protected] ·

    Every one appreciates a good #security pun, so let me educate you on #bufferoverrun.
    Don't let your stack get whacked, otherwise you'll get thoroughly #hacked.
    Don't be a rookie and use a good stack cookie, lest things get spooky.
    To bring you security up to par, you best add some #ASLR

    #vulnerability #informationsecurity #infosec #programming #hacking #bufferbloat #stacksmashing

    #security #bufferoverrun #hacked #aslr #vulnerability #informationsecurity
  33. Pyrzout :vm: @[email protected] ·

    Google Project Zero Exposes ASLR Bypass Vulnerability in Apple’s Serialization Framework thecyberexpress.com/project-ze #AddressSpaceLayoutRandomization #TheCyberExpressNews #TheCyberExpress #ProjectZero #CyberNews #Apple #ASLR

    #addressspacelayoutrandomization #thecyberexpressnews #thecyberexpress #projectzero #cybernews #apple
  34. Pyrzout :vm: @[email protected] ·

    Google Project Zero Exposes ASLR Bypass Vulnerability in Apple’s Serialization Framework thecyberexpress.com/project-ze #AddressSpaceLayoutRandomization #TheCyberExpressNews #TheCyberExpress #ProjectZero #CyberNews #Apple #ASLR

    #addressspacelayoutrandomization #thecyberexpressnews #thecyberexpress #projectzero #cybernews #apple
  35. Pyrzout :vm: @[email protected] ·

    Google Project Zero Exposes ASLR Bypass Vulnerability in Apple’s Serialization Framework thecyberexpress.com/project-ze #AddressSpaceLayoutRandomization #TheCyberExpressNews #TheCyberExpress #ProjectZero #CyberNews #Apple #ASLR

    #aslr #apple #cybernews #projectzero #thecyberexpress #thecyberexpressnews
  36. Pyrzout :vm: @[email protected] ·

    Google Project Zero Exposes ASLR Bypass Vulnerability in Apple’s Serialization Framework thecyberexpress.com/project-ze #AddressSpaceLayoutRandomization #TheCyberExpressNews #TheCyberExpress #ProjectZero #CyberNews #Apple #ASLR

    #addressspacelayoutrandomization #thecyberexpressnews #thecyberexpress #projectzero #cybernews #apple
  37. alip @[email protected] ·

    Did you know #gawk silently disables #ASLR behind your back if you enable the PMA option during build? Check with "gawk --version | head -n1 | grep PMA". This is done using the personality(2) syscall's ADDR_NO_RANDOMIZE flag which #sydbox denies by default so we noticed at #exherbo :-) gnu.org/software/gawk/manual/h #linux #security

    #gawk #aslr #sydbox #exherbo #linux #security
  38. alip @[email protected] ·

    Did you know #gawk silently disables #ASLR behind your back if you enable the PMA option during build? Check with "gawk --version | head -n1 | grep PMA". This is done using the personality(2) syscall's ADDR_NO_RANDOMIZE flag which #sydbox denies by default so we noticed at #exherbo :-) gnu.org/software/gawk/manual/h #linux #security

    #gawk #aslr #sydbox #exherbo #linux #security
  39. alip @[email protected] ·

    Did you know #gawk silently disables #ASLR behind your back if you enable the PMA option during build? Check with "gawk --version | head -n1 | grep PMA". This is done using the personality(2) syscall's ADDR_NO_RANDOMIZE flag which #sydbox denies by default so we noticed at #exherbo :-) gnu.org/software/gawk/manual/h #linux #security

    #security #linux #exherbo #sydbox #aslr #gawk
  40. alip @[email protected] ·

    Did you know #gawk silently disables #ASLR behind your back if you enable the PMA option during build? Check with "gawk --version | head -n1 | grep PMA". This is done using the personality(2) syscall's ADDR_NO_RANDOMIZE flag which #sydbox denies by default so we noticed at #exherbo :-) gnu.org/software/gawk/manual/h #linux #security

    #gawk #aslr #sydbox #exherbo #linux #security
  41. Tedi Heriyanto @[email protected] ·

    Address Space Layout Randomization: mohitmishra786.github.io/chess

    #aslr

    #aslr
  42. Tedi Heriyanto @[email protected] ·

    Address Space Layout Randomization: mohitmishra786.github.io/chess

    #aslr

    #aslr
  43. Tedi Heriyanto @[email protected] ·

    Address Space Layout Randomization: mohitmishra786.github.io/chess

    #aslr

    #aslr
  44. raptor @[email protected] ·

    Toolchain Necromancy: Past Mistakes Haunting ASLR

    “Starting from 2001 and continuing until 6 years ago with version 2.32, #binutils' ld linker set too large of an alignment on ELF binary sections. With a #Linux kernel >= 5.10 or glibc >= 2.35, binaries/libraries that were built with the older toolchain act as timebombs against #ASLR, making brute-force attacks easier on 64-bit binaries and reducing randomness to nothing in some cases for 32-bit binaries.”

    grsecurity.net/toolchain_necro

    #binutils #linux #aslr
  45. raptor @[email protected] ·

    Toolchain Necromancy: Past Mistakes Haunting ASLR

    “Starting from 2001 and continuing until 6 years ago with version 2.32, #binutils' ld linker set too large of an alignment on ELF binary sections. With a #Linux kernel >= 5.10 or glibc >= 2.35, binaries/libraries that were built with the older toolchain act as timebombs against #ASLR, making brute-force attacks easier on 64-bit binaries and reducing randomness to nothing in some cases for 32-bit binaries.”

    grsecurity.net/toolchain_necro

    #binutils #linux #aslr
  46. raptor @[email protected] ·

    Toolchain Necromancy: Past Mistakes Haunting ASLR

    “Starting from 2001 and continuing until 6 years ago with version 2.32, #binutils' ld linker set too large of an alignment on ELF binary sections. With a #Linux kernel >= 5.10 or glibc >= 2.35, binaries/libraries that were built with the older toolchain act as timebombs against #ASLR, making brute-force attacks easier on 64-bit binaries and reducing randomness to nothing in some cases for 32-bit binaries.”

    grsecurity.net/toolchain_necro

    #binutils #linux #aslr
  47. raptor @[email protected] ·

    Toolchain Necromancy: Past Mistakes Haunting ASLR

    “Starting from 2001 and continuing until 6 years ago with version 2.32, #binutils' ld linker set too large of an alignment on ELF binary sections. With a #Linux kernel >= 5.10 or glibc >= 2.35, binaries/libraries that were built with the older toolchain act as timebombs against #ASLR, making brute-force attacks easier on 64-bit binaries and reducing randomness to nothing in some cases for 32-bit binaries.”

    grsecurity.net/toolchain_necro

    #aslr #linux #binutils
  48. raptor @[email protected] ·

    Toolchain Necromancy: Past Mistakes Haunting ASLR

    “Starting from 2001 and continuing until 6 years ago with version 2.32, #binutils' ld linker set too large of an alignment on ELF binary sections. With a #Linux kernel >= 5.10 or glibc >= 2.35, binaries/libraries that were built with the older toolchain act as timebombs against #ASLR, making brute-force attacks easier on 64-bit binaries and reducing randomness to nothing in some cases for 32-bit binaries.”

    grsecurity.net/toolchain_necro

    #binutils #linux #aslr
  49. Mathias Krause @[email protected] ·

    New PaXtest release after years of silence 🥳

    Git source: github.com/opensrcsec/paxtest/

    Small announcement: grsecurity.net/paxtest_release (worth a read, contains even more info than what’s written about 😛)

    #grsecurity #PaX #testing #ASLR

    #grsecurity #pax #testing #aslr
  50. Mathias Krause @[email protected] ·

    New PaXtest release after years of silence 🥳

    Git source: github.com/opensrcsec/paxtest/

    Small announcement: grsecurity.net/paxtest_release (worth a read, contains even more info than what’s written about 😛)

    #grsecurity #PaX #testing #ASLR

    #grsecurity #pax #testing #aslr