Categories
Application Security OS Internals

Linux Containers (LXC) and how they work

(This article was written for the MIT 6.858 Computer Systems Security class to supplement lecture content, but is not intended to be a replacement for attending lectures. The 2020 lecture video can be found here.) What comes to mind when you hear the buzzword “containerization”? Perhaps you have heard of software packages such as Virtuozzo, […]

Categories
Cryptography

Zero Knowledge: SNARKs vs. STARKs

Introduction With the rise of cryptocurrencies like Ethereum, zero-knowledge proof technology is increasing in popularity due to the variety its applicable use cases, such as verifiable computation and privacy-preservation. In this article, we aim to review the class of zero-knowledge proof constructions by Ben-Sasson, Bentov, Horesh and Riabzev (BBHR18) in 2018 that overcomes the abovementioned […]

Categories
Mathematical Programming Optimization

A Brief Overview of Mathematical Programming

Introduction Mathematical programming (MP) is a very useful tool for solving complex problems that can be modeled as an objective function with a set of mathematical constraints. A wide variety of research disciplines currently use MP techniques to aid in complicated decision-making, from management science to engineering to the military. Since MP is concerned with […]

Categories
Infrastructure Security Network Security

On Zero Trust and BeyondCorp

This month I was at Black Hat and there was a new buzzword being tossed around by security vendors in the business hall: Zero Trust. I always like to see what exciting new concepts the security industry tries to productize and incorporate into their product demos to convince budget decision makers to buy them, so […]

Categories
Application Security Heap Exploitation

glibc Heap Exploitation: tcache dup

tcache dup makes use of a double free (like fastbin dup). The fastbin dup makes use of the fastbin freelists, while tcache dup makes use of the tcache freelists. When we allocate a chunk and free it twice, the subsequent allocations will be duplicate and we can trick the allocator into returning a desired memory […]

Categories
Application Security Heap Exploitation

glibc Heap Exploitation: House of Force

(Update 05/2019: Made a note that this method is now patched in glibc>=2.29) The “House of Force” is a glibc heap overflow exploitation technique first named in the archived email “Malloc Maleficarum” by Phantasmal Phantasmagoria, and subsequently a PoC surfaced online in the Phrack magazine. Vector The House of Force technique overwrites the top chunk […]

Categories
Application Security Heap Exploitation

glibc Heap Exploitation: fastbin dup techniques

Consider what happens if we allocate a fastbin-sized chunk and freed it multiple times. We know that free() pushes the freed chunk to the fastbin, but if freed multiple times, the same freed chunk would end up multiple times in the same fastbin, which makes reallocation of the same chunk to different allocation requests possible. This is […]

Categories
Application Security OS Internals

Heaps of Fun with glibc malloc

Update 06/2018: Added thread-local caching (tcache) Introduction to glibc malloc What is the heap? If you’ve taken an operating systems class before, you might recall that it is a free-floating region of memory that is managed by a memory allocator. When using a memory allocator to allocate memory, we call it dynamic memory allocation. In […]

Categories
DNSSEC Infrastructure Security Network Protocols

DNSSEC: A Primer

About DNS The Domain Name System (DNS) was proposed by American computer scientist Paul Mockapetris in 1983, who was at UC Irvine at that time. DNS was created to solve the maintainability and scalability issues of a local hosts file. Today, DNS is one of the core protocols of the Internet, providing a mapping between […]

Categories
Cryptography CTF writeups

PlaidCTF 2015 – Crypto/Parlor2

After going bankrupt last year, the folks behind parlor from last year have decided to set up a new betting service! PlaidCTF 2015 – Crypto/Parlor2 We were given a gambling application where we could choose some modulus . This modulus would be used by the server to compute a random number , which we have […]