Skip to main content

Keith Makan

"So you are interpreters of interpreters?" - Socrates, Ion by Plato

Search This Blog

Subscribe to this blog

Follow by Email

Pages

Posts
Post Series
Vulnerability Disclosures
About me
Books
Public Disclosure Policy

Showing posts from August, 2017

Posts

Context based Entropy : How to use keyed-steganography

Posted by Keith Makan August 31, 2017

Get link
Facebook
Twitter
Pinterest
Email
Other Apps

[OPINION] How AI will change Information Security

Posted by Keith Makan August 15, 2017

Get link
Facebook
Twitter
Pinterest
Email
Other Apps

Popular Posts (Last Year)

Introduction to the ELF Format (Part VI) : The Symbol Table and Relocations (Part 1)

This post is part of a series on the ELF format, if you haven't checked out the other parts of the series here they are:

(Part I) : ELF Header https://blog.k3170makan.com/2018/09/introduction-to-elf-format-elf-header.html (Part II) : Program Headers https://blog.k3170makan.com/2018/09/introduction-to-elf-format-part-ii.html (Part III) : Section Header Table https://blog.k3170makan.com/2018/09/introduction-to-elf-file-format-part.html (Part IV) : Section Types and Special Sections https://blog.k3170makan.com/2018/10/introduction-to-elf-format-part-iv.html(Part V) : C Start up https://blog.k3170makan.com/2018/10/introduction-to-elf-format-part-v.htmlthis
In this and the next post I'm going to explore how Elf files manage to pull off the magic of symbol resolution as well as the format, offsets and records in the Elf that represent this information. There are many facets to this mechanism in the format, and before I get into each of them I'd like to provide a gentle intro …

Introduction to the ELF Format : The ELF Header (Part I)

ELF Files are charged with using their magic to perform two holy tasks in the linux universe. The first being to tell the kernel where to place stuff in memory from the ELF file on disk as well as providing ways to invoke the dynamic loaders functions and maybe even help out with some debugging information. Essentially speaking its telling the kernel where to put it in memory and also the plethora of tools that interpret the file where all the data structures are that hold useful information for making sense of the file. Anyway that's as far as I've figured it out - the actual break down is a little less simple.

I'll demonstrate why this is so here and over the next series of posts in the classic "Learn things by breaking them" style.
ELF Header and Identification fields The first thing that appears in an ELF file is of course the header, which is like most things in file formats just a list of offsets in the file. Its purpose is to indicate essentially what kin…

The Science of Google Dorking

In this post I'm in proposing some new and improved Google dorks for hackers/pentesters and generally any one that likes finding web based targets based on the vulnerabilities they expose, the dorks I will discuss here include servers exhibiting:

Local file inclusion / Remote File inclusion vulnerabilitiesSQL injectionError based injection

Windows Exploit Development (primer) : Debugging Threads and Analyzing Memory

Hi folks I thought its about time to start blogging about the little experience I have in low level exploitation and analysis - so here goes. To start off on your windows exploitation journey you need to be able to get to grips with a tool and some tricks to get you look at your target the right way. In this post I cover somethings that may help a ton!
Debugging ThreadsTo get started you are probably going to need a couple things sorted out first, namely a simple windows VM setup with debug tools (tons of tutorials out there on the internet) and a target to exploit: A Windows VM (Microsoft made them free which is awesome!)Windows Debug ToolsYou should grab a copy of Easy MPEG to DVD Burner on exploit db.
Before we can start crashing programs and controlling EIPs we need to make sure we have the right view of the target we are exploiting. Windows debugger is actually pretty useful in this regard so open it up, open the target program and attach the debugger to it like so:

Once you've…

Glibc Heap Exploitation Basics : ptmalloc2 internals (Part 3) : The Main Arena

Hi folks, this post is part of a series in which I try to explore the internals of glibc's implementation ptmalloc2 which is used for managing heap memory. In this post I'm going to specifically pay attention to the main_arena and the malloc_state structure, which is used to store some important pointers for searching heap memory.
The main arena The heap bakes the main_arena struct right into process memory. Its a struct of the type malloc_state and holds the following fields (extract from glibc-2.23/malloc/malloc.c):

1686 struct malloc_state
1687 {
1688 /* Serialize access. */
1689 mutex_t mutex;
1690
1691 /* Flags (formerly in max_fast). */
1692 int flags;
1693
1694 /* Fastbins */
1695 mfastbinptr fastbinsY[NFASTBINS];
1696
1697 /* Base of the topmost chunk -- not otherwise kept in a bin */
1698 mchunkptr top;
1699
1700 /* The remainder from the most recent split of a small request */
1701 mchunkptr last_remainder;
1702
1703 /* Normal bins packed as de…

Glibc Heap Exploitation Basics : Introduction to ptmalloc2 internals (Part 1)

In this post and the others in this series, I will unpack some of the internals to glibc's dynamic heap data structures and associated beasts. This post specifically will start you off with no background insight on the heap (perhaps a little on ELF internals and debugging), and detail some experiments you can perform to learn how the heap works.

Introduction
The Heap is essentially a list of memory regions an executing program uses to store data. The data stored in heap regions are requested during runtime. It allows runtime environments like glibc to offer programs dynamic memory for allocating data. So because this offer's memory regions as kind of a "service" (this is what it is for - giving out memory regions), it must mean some where in this whole mess, there needs to be some accounting information about the memory regions. To this aid; the heap describes or decorates user data regions with an internal structure called a chunk. Chunks are in turn classified an…

Introduction to the ELF Format (Part V) : Understanding C start up .init_array and .fini_array sections

This post is part of a series on the ELF format, if you haven't checked out the other parts of the series here they are:

(Part I) : ELF Header https://blog.k3170makan.com/2018/09/introduction-to-elf-format-elf-header.html (Part II) : Program Headers https://blog.k3170makan.com/2018/09/introduction-to-elf-format-part-ii.html (Part III) : Section Header Table https://blog.k3170makan.com/2018/09/introduction-to-elf-file-format-part.html (Part IV) : Section Types and Special Sections https://blog.k3170makan.com/2018/10/introduction-to-elf-format-part-iv.htmlthis
In this post I'm going to cover how some of the aspects of C start up and mess around with the .init_array and .fini_array sections to show how they work.

C Start Up
So something must happen to get your code in the main function running. This process is called the C start up and it essentially involves running all the initialize code, setting up pointers to some important arrays and then branching over to main.

What the…

Archive

2019 6
- December 2
- June 1
- March 2
- January 1

2018 26
- December 1
- November 2
- October 5
- September 3
- August 1
- July 1
- June 2
- May 4
- February 4
- January 3
2017 19
2016 3
- September 2
- February 1
2015 2
- July 2
2014 7
2013 10
- October 3
- August 4
- May 1
- March 1
- January 1
2012 23
- December 6
- October 1
- July 2
- June 1
- April 2
- March 1
- January 10

Show more Show less

Labels

About.me
addJavascriptInterface
Adult Swim
AI.
Alan Turing
Altcoin
Androguard
Android
Android Application Hacking
Android Application Security

Show more Show less

Report Abuse

Powered by Blogger

Keith Makan