Posts

When you want to build and experiment with x86 (32-bit) based binaries on an x64 based linux kernel. This is often useful for reverse engineering and exploit proof of concepts, as x86 offers a number of simplicities over x64. On Kali (or I assume anything else debian based) add overall subsystem support with: dpkg --add-architecture i386 Then to get a working development environment: apt update apt install libc-dev-i386-cross gdb-multiarch execstack gdb-peda lib32tinfo6 lib32ncurses6 lib32ncurses-dev gcc-7 You should be good to start compiling for an x86 target. Make sure to add -m32 to any CFLAGS and LDFLAGS parameters in the Makefile. ...

A fundamental primer on exploit development on both Windows and Linux based OS’s. The classical classes of vulnerablilities: buffer overflow stack overflow heap overflow use after free out of bounds read Integer Overflow and NetBSD Considered concrete example in the NetBSD kernel, based on an incorrect coding style that is exposed to integer overflow during input validation. static int set_cursor(struct tfb_softc *sc, struct wsdisplay_cursor *p) { #define cc (&sc->sc_cursor) u_int v, index = 0, count = 0, icount = 0; uint8_t r[2], g[2], b[2], image[512], mask[512]; int error, s; v = p->which; if (v & WSDISPLAY_CURSOR_DOCMAP) { index = p->cmap.index; count = p->cmap.count; if (index >= 2 || (index + count) > 2) +++ integer overflow return (EINVAL); error = copyin(p->cmap.red, &r[index], count); if (error) return error; error = copyin(p->cmap.green, &g[index], count); if (error) return error; error = copyin(p->cmap.blue, &b[index], count); if (error) return error; Note the overflow, about 1/2 way down. Just imagine if index was a really large value that overflowed 32 bits. A more robust way to code the validation check, can be seen in the OpenBSD code: ...

Contents Install base Tex system Pandoc Author paper Create bibliography (BibTeX) Render the paper as PDF Use Git Resources LaTeX is a high-quality typesetting system; features are designed for the production of technical and scientific documentation. It’s the de-facto standard for the communication and publication of scientific documents, and available as free software. LaTeX is actually built on the TeX typesetting system created by the legendary Donald Knuth. LaTeX is nothing more than a series of TeX macros, providing ready made commands for common formatting and layout needs, such as section headings, footnotes, bibliographies and cross references. ...

The sequence of tasks undertaken that make digital signatures possible. This does have a slight XML flavour to it. A digital signature is a mathematical scheme for verifying the authenticity of digital messages. The concept of digital signature completely hinges on assymetric cryptography (such as DSA or RSA). To validate a signature First the message can be normalised, and in the case of XML will use something like the “Exclusive XML Canonicalization” (XML-C14N), so we’re comparing apples with apples. This will disgard things like usage of white space. Using the normalised representation, compute a hash (e.g. SHA1) of the timestamp (contained WS-Security header) and entire message payload (the SOAP body). Using the public key from the partner organisation certificate, RSA decrypt the hash computed by partner organisation. If the two hashes are identical, we know the message has not been tampered with. (optional) Validate the timestamp (TTL) defined by partner organisation (typically 7 minutes from the original transmission time by the sender). To mitigate possible damage caused by replay attacks. To create a signature Wraps the response message in a SOAP envelope, which includes some WS-Security related headers including a timestamp. The timestamp is set to a configurable number of minutes (e.g. 10 minutes) in the future. Normalises the message using the “Exclusive XML Canonicalization” (XML-C14N) Using the normalised message form, compute a (e.g. SHA1) hash of the timestamp (WS-Security header) and entire response message payload (e.g. the SOAP body). Uses the private key of signing certificate, RSA signs the computed hash, and stores the result in the relevant security header (the SignatureValue header). The message is then delivered to partner organisation. For the above to work, there needs to be some established agreement as to the specific cipher suites and canonicalisation method used. This is all ...

React Development environment Boilerplate Webpack Babel NPM scripts ESLint Production dependencies Development dependencies JSX Components all teh things DOM control Styling Rendering Lists Handling Events State Management Option 1: Binding Option 2: Arrows Passing Parameters Component Composition Passing Data Passing Children (passing down JSX) Three Rules about State Raising and Handling Events between Components Passing Object props Controlled Components Synchronising Components Stateless Functional Components Destructuring Data (Arguments) Functional components Class components Life cycle Hooks Phase 1 the birth phase (mount) Phase 2 the update phase Phase 3 the death phase (unmount) Effects (hooks) Debugging React Router Testing Jest React Test Utils Enzyme Production Redux store config Webpack Setup npm scripts Troubleshooting React React is a JavaScript library for building dynamic and interactive user interfaces. ...

A quick tour of doing web with golang, all living off the land with Go’s built-in standard library. Packages Working example, where the web server and templating code in source file $GOPATH/src/github.com/bm4cs/gotime/web/server.go. It does lots of things, but exports function StartServer (upper case first character means publically exported). package web func StartServer() { ... } The main func in $GOPATH/src/github.com/bm4cs/gotime/myapp/app.go can import the web package: import ( "github.com/bm4cs/gotime/web" ) func main() { web.StartServer() } Handling Requests The http package from the standard library, provides a ton a out of the box functionality. Writing Web Applications on golang.org is a very pragmatic guide. ...

After witnessing insane minimalism paired with a tiler (tiling window manager), knew it was my time to take the pilgrimage to Arch Linux. Some characteristics that make Arch unique: The Arch Way embody the principles behind Arch Linux; simplicity, modernity, pragmatism, user centrality and versatility. Forces one to build the system up by hand. This encourages you to question the role of each component of the system, and available options to satisfy that component (e.g. the terminal emulator). The result is a highly tailored and minimal system that meets precisely your needs. Practical and pragmatic documentation. The Arch Wiki is the gold standard when it comes to documentation. The Arch User Repository (AUR) is a treasure chest of pre-packaged useful recent software. Somehow every program I’ve ever needed has been available on AUR. Rolling upgrades. Arch was born in 2001, when Canadian programmer Judd Vinet, inspired by the elegance of systems such as Slackware and the BSD’s, set out to build his own distro based on a similar ethos. The first formal release, 0.1, dropped on March 11, 2002. ...

Some more advanced Elasticsearch wisdom I gleaned from Jason Wong and Mark Laney from Elastic. Contents Environment with Config X-Pack Security (the 1337 way) Roles Built-in Query Web UI (batteries included) Internals Lucene Segments Elasticsearch Indexing Transaction Log and Flushing Doc Values Caching Field Modelling Typing Denormalising Range Types Mapping Parameters Fixing Data Painless Reindexing API’s Picking up Mapping Changes Multi-fields Custom Marker (flag) Field Fixing Fields Advanced Search and Aggregations Patterns Wildcard Query Regexp Qury Null Script (painless) Query Script Field Performance Considerations Search Templates Aggregations Percentile Top Hits Scripted (painless) Aggregations Significant Terms Aggregation Pipeline Aggregations Cluster Management Dedicated Nodes Hot Warm Architecture Tags Verify Shard Allocation Forced Awareness Capacity Planning Shard Allocation Litmus Test Primary Shards Scaling with Indices Scaling with Replicas Resources Time Based Data API’s for Managing Indices Document Modelling Nested Objects Nested Aggregations Parent Child Relationships Argh Which Technique is Best? Kibana Considerations Monitoring Task Management API The cat API Performance Issues Thread Pool Queues hot_threads API Indexing Slow Log Search Slow Log The Profile API X-Pack Monitoring Alerting From Dev to Production Disabling Dynamic Indices Production Mode Best Practices Network Best Practices Storage Best Practices Hardware Selection Throttles JVM Poor Query Performance Always Filter Aggregating Too Many Docs Denormalise First Too many shards Unnecessary Scripting Cross Cluster Replication Upgrades Rolling Upgrade Environment with Config Can use environment variables within elasticsearch.yml: ...

Some Elasticsearch wisdom I gleaned from Jason Wong and Mark Laney from Elastic. Contents Use cases Log stash vs Beats? Time Series vs Static Data Logstash Installation Starting and Stopping Elasticsearch Killing Communication Discovery module (networking) Security Read-only Enabling X-Pack (Elasticsearch Security) CRUD Ingestion Reading Search Query and Filter Contexts Mapping Inverted Index Multi Fields (keyword fields) Anatomy of an Analyzer Custom Analyzer The reindex API Node Types Cluster state Shards Anatomy of Search (Shards) Troubleshooting Configuration Responses Cluster and Shard Health Diagnosing Issues Improving Search Results Multi-field Search Boosting Fuzziness Exact Terms Sorting Paging Highlighting Aggregations Best Practices Index Aliases Index Templates Scroll Search Cluster Backup Use cases Search Logging Metrics - unlike logs, are typically not in a text format. Business analytics - the aggregation and analysis of patterns (e.g. bucketing aggregations, ML jobs) Security analytics - Log stash vs Beats? Beats are lightweight data shippers, but are not appropriate for ETL type stashing. Logstash on the other hand, can take handle these concerns. But requires a much heavier runtime (JVM). An official SIEM solution is currently under development. ...

Update 2019-05-26: While having some familarity with roff is useful, since the time of originally have discovered Pandoc which can convert between many document formats, such as from markdown to roff. Writing documentation in markdown is just hard to beat. As the first text formatting program built for UNIX in 1970 running on a PDP-7, roff was a port of the BCPL program RUNOFF. Over the years roff has evolved into troff and the excellent GNU version groff. Similar to other formatting systems, such as LaTeX, groff features a macro system, targetted at authoring certain types of text documents. In spite of its old age, roff is still in wide spread use today, for producing text such as UNIX manual pages, software books, system documentation and standards documents. ...