Posts

Once you start working with React in anger, there is a tipping point to be aware of where: the complexity of data flows piles up the same data is being rendered in multiple places the number of state changes blow out Being able to tackle these problems in a single place is where Redux fits in. Contents Contents The Problem Option 1 lift the state Option 2 react context Option 3 Redux A chat with redux Container vs Presentation Components The Redux Principles Actions The Store Immutability Reducers React-Redux React-Redux Provider React-Redux Connect mapStateToProps mapDispatchToProps Redux Setup Async and APIs Mock API API Client Wrappers Redux Middleware Redux Async Libraries Thunks Conditional mapStateToProps Polish (the finer things) Spinner component Status API and feedback Server side validation Client side validation Optimistic deletes Testing Redux Connected Components Action Creators Thunks Reducers Store The Problem Imagine a fairly deep component hierarchy, starting with your top level App component. Deep down the tree, there are two child components that need to access a common piece of data (e.g. customer data). How should these components access the data they require? ...

This semester I have enrolled in a security unit at my local University. Before we get into the mechanics of modern security techniques (mathematical theory, ciphers, protocols, hashing, Kerberos), the first lecture kicked off with a gentle overview of PKI and the basics of using the GNU Privacy Guard, aka GnuPG or GPG for short. In short it is a complete and free implementation of the OpenPGP standard. Generate a key pair: ...

See archwiki: nmcli device wifi list sniff currently available wifi ssids in range nmcli connection show show active connection/s nmcli device wifi connect Jeneffer password S3CR3T connect to ssid nmcli device wifi connect Jeneffer password S3CR3T hidden yes connect to hidden ssid nmcli connection up uuid UUID reconnect a disconnected interface nmcli device list all interfaces and their state mcli device disconnect wlp3s0 disconnect an interface nmcli radio wifi off disable wifi radio

ImageMagick is a widely deployed, general purpose image processing library written in C. Over the past few years hundreds of security related issues have been identified. This paper considers one such instance of a remote code execution vulnerability discovered in 2016 under CVE-2016-3714. Introduction ImageMagick is a widely deployed, general purpose image processing library written in C, most commonly used to resize, transcode or annotate user supplied images on the web. Originally developed in 1987 and open sourced in 1990, with a large ecosystem of bindings for most programming languages, has established an enormous user base over the last 3 decades. ...

An evolution on basic stack smashing, return oriented programming (or ROP) was first presented by Solar Designer in 1997, as an innovative solution to crafting a complete program by daisy chaining up instructions that already exist within the address space of the program. Because existing legitimate executable instructions are chained together, is an effective way of bypassing non-executable stack (DEP) and code signing mitigations employed by most modern OS’s. An attacker gains control of the IP by overflowing the stack (i.e. buffer overflow or stack smash), to hijack program control flow and then executes carefully chosen machine instruction sequences that are already present programs address space. The individual pieces are known as gadgets. Each gadget typically ends in a return (RET) instruction. Chained together, these gadgets allow an attacker to perform arbitrary operations. ...

A popular buffer overflow prevention technique employed by some programs. Used to detect a stack buffer overflow before execution of malicious code can occur, by placing a small integer, the value of which is randomly chosen at program start, in memory just before the stack return pointer. Most buffer overflows overwrite memory from lower to higher memory addresses, so in order to overwrite the return pointer, the canary value must also be overwritten. This value is checked to make sure it has not changed before a routine uses the return pointer on the stack. This technique can greatly increase the difficulty of exploiting a stack buffer overflow because it forces the attacker to gain control of the instruction pointer by corrupting other important variables on the stack. ...

What’s a buffer overflow, and they can be exploited. Cover some prerequistite knowledge of (Intel x86) assembly and how a Von-Neumann machine works is needed. Attacking the stack is only one category of control flow attack, there are many others including heap allocators, race conditions, root exploits, ELF, networking, viruses, etc. The end game is to gain control of the instruction pointer (IP), and as a result contol flow of the program. But to set the scene, need to understand how this is even possible in the first place. All general purpose binary computers are bound by the laws of the turing machine, and its implementation architecture, the Von-Neumann design. ...

When you want to build and experiment with x86 (32-bit) based binaries on an x64 based linux kernel. This is often useful for reverse engineering and exploit proof of concepts, as x86 offers a number of simplicities over x64. On Kali (or I assume anything else debian based) add overall subsystem support with: dpkg --add-architecture i386 Then to get a working development environment: apt update apt install libc-dev-i386-cross gdb-multiarch execstack gdb-peda lib32tinfo6 lib32ncurses6 lib32ncurses-dev gcc-7 You should be good to start compiling for an x86 target. Make sure to add -m32 to any CFLAGS and LDFLAGS parameters in the Makefile. ...

A fundamental primer on exploit development on both Windows and Linux based OS’s. The classical classes of vulnerablilities: buffer overflow stack overflow heap overflow use after free out of bounds read Integer Overflow and NetBSD Considered concrete example in the NetBSD kernel, based on an incorrect coding style that is exposed to integer overflow during input validation. static int set_cursor(struct tfb_softc *sc, struct wsdisplay_cursor *p) { #define cc (&sc->sc_cursor) u_int v, index = 0, count = 0, icount = 0; uint8_t r[2], g[2], b[2], image[512], mask[512]; int error, s; v = p->which; if (v & WSDISPLAY_CURSOR_DOCMAP) { index = p->cmap.index; count = p->cmap.count; if (index >= 2 || (index + count) > 2) +++ integer overflow return (EINVAL); error = copyin(p->cmap.red, &r[index], count); if (error) return error; error = copyin(p->cmap.green, &g[index], count); if (error) return error; error = copyin(p->cmap.blue, &b[index], count); if (error) return error; Note the overflow, about 1/2 way down. Just imagine if index was a really large value that overflowed 32 bits. A more robust way to code the validation check, can be seen in the OpenBSD code: ...

The sequence of tasks undertaken that make digital signatures possible. This does have a slight XML flavour to it. A digital signature is a mathematical scheme for verifying the authenticity of digital messages. The concept of digital signature completely hinges on assymetric cryptography (such as DSA or RSA). To validate a signature First the message can be normalised, and in the case of XML will use something like the “Exclusive XML Canonicalization” (XML-C14N), so we’re comparing apples with apples. This will disgard things like usage of white space. Using the normalised representation, compute a hash (e.g. SHA1) of the timestamp (contained WS-Security header) and entire message payload (the SOAP body). Using the public key from the partner organisation certificate, RSA decrypt the hash computed by partner organisation. If the two hashes are identical, we know the message has not been tampered with. (optional) Validate the timestamp (TTL) defined by partner organisation (typically 7 minutes from the original transmission time by the sender). To mitigate possible damage caused by replay attacks. To create a signature Wraps the response message in a SOAP envelope, which includes some WS-Security related headers including a timestamp. The timestamp is set to a configurable number of minutes (e.g. 10 minutes) in the future. Normalises the message using the “Exclusive XML Canonicalization” (XML-C14N) Using the normalised message form, compute a (e.g. SHA1) hash of the timestamp (WS-Security header) and entire response message payload (e.g. the SOAP body). Uses the private key of signing certificate, RSA signs the computed hash, and stores the result in the relevant security header (the SignatureValue header). The message is then delivered to partner organisation. For the above to work, there needs to be some established agreement as to the specific cipher suites and canonicalisation method used. This is all ...