A Bug Hunter's Diary: A Guided Tour Through the Wilds of Software Security

By Tobias Klein

"This is among the best infosec books to come back out within the final a number of years."
–Dino Dai Zovi, details defense Professional

"Give a guy an take advantage of and also you make him a hacker for an afternoon; train a guy to take advantage of insects and also you make him a hacker for a lifetime."
–Felix 'FX' Lindner

Seemingly uncomplicated insects may have drastic results, permitting attackers to compromise structures, improve neighborhood privileges, and differently wreak havoc on a system.

A trojan horse Hunter's Diary follows defense specialist Tobias Klein as he tracks down and exploits insects in a few of the world's most well liked software program, like Apple's iOS, the VLC media participant, internet browsers, or even the Mac OS X kernel. during this distinctive account, you will see how the builders liable for those flaws patched the bugs—or didn't reply in any respect. As you stick with Klein on his trip, you will achieve deep technical wisdom and perception into how hackers process tough difficulties and event the genuine joys (and frustrations) of malicious program hunting.

Along the way in which you are going to learn the way to:

  • Use field-tested options to discover insects, like selecting and tracing person enter information and opposite engineering
  • Exploit vulnerabilities like NULL pointer dereferences, buffer overflows, and kind conversion flaws
  • Develop evidence of inspiration code that verifies the protection flaw
  • Report insects to owners or 3rd get together brokers

A computer virus Hunter's Diary is filled with real-world examples of susceptible code and the customized courses used to discover and attempt insects. even if you are searching insects for enjoyable, for revenue, or to make the realm a more secure position, you will research helpful new abilities by way of taking a look over the shoulder of a pro computer virus hunter in action.

Show description

Quick preview of A Bug Hunter's Diary: A Guided Tour Through the Wilds of Software Security PDF

Similar Computer Science books

PIC Robotics: A Beginner's Guide to Robotics Projects Using the PIC Micro

This is every thing the robotics hobbyist must harness the facility of the PICMicro MCU! during this heavily-illustrated source, writer John Iovine presents plans and entire components lists for eleven easy-to-build robots each one with a PICMicro "brain. ” The expertly written insurance of the PIC uncomplicated computing device makes programming a snap -- and many enjoyable.

Measuring the User Experience: Collecting, Analyzing, and Presenting Usability Metrics (Interactive Technologies)

Successfully measuring the usability of any product calls for selecting the right metric, utilising it, and successfully utilizing the knowledge it finds. Measuring the person event offers the 1st unmarried resource of functional details to allow usability pros and product builders to do exactly that.

Information Retrieval: Data Structures and Algorithms

Info retrieval is a sub-field of computing device technological know-how that offers with the computerized garage and retrieval of files. delivering the newest details retrieval concepts, this advisor discusses info Retrieval info constructions and algorithms, together with implementations in C. aimed toward software program engineers construction structures with ebook processing parts, it offers a descriptive and evaluative clarification of garage and retrieval structures, dossier buildings, time period and question operations, record operations and undefined.

The Art of Computer Programming, Volume 4A: Combinatorial Algorithms, Part 1

The paintings of machine Programming, quantity 4A:  Combinatorial Algorithms, half 1   Knuth’s multivolume research of algorithms is well known because the definitive description of classical desktop technological know-how. the 1st 3 volumes of this paintings have lengthy comprised a special and useful source in programming conception and perform.

Extra info for A Bug Hunter's Diary: A Guided Tour Through the Wilds of Software Security

Show sample text content

Whereas analyzing the code, I stumbled upon a few destinations that regarded exciting. the main fascinating power malicious program i discovered occurs if the kernel attempts to address a distinct TTY IOCTL request. the next directory indicates the appropriate traces from the resource code of the XNU kernel. resource code dossier xnu-792. thirteen. 8/bsd/kern/tty. c [.. ] 816 /* 817 * Ioctls for all tty units. known as after line-discipline particular ioctl 818 * has been known as to do discipline-specific capabilities and/or reject any 819 * of those ioctl instructions. 820 */ 821 /* ARGSUSED */ 822 int 823 ttioctl(register struct tty *tp, 824 u_long cmd, caddr_t information, int flag, 825 struct proc *p) 826 { [.. ] 872 change (cmd) { /* strategy the ioctl. */ [.. ] 1089 case TIOCSETD: { /* set line self-discipline */ 1090 sign in int t = *(int *)data; 1091 dev_t machine = tp->t_dev; 1092 1093 if (t >= nlinesw) 1094 go back (ENXIO); 1095 if (t ! = tp->t_line) { 1096 s = spltty(); 1097 (*linesw[tp->t_line]. l_close)(tp, flag); 1098 mistakes = (*linesw[t]. l_open)(device, tp); 1099 if (error) { 1100 (void)(*linesw[tp->t_line]. l_open)(device, tp); 1101 splx(s); 1102 go back (error); 1103 } 1104 tp->t_line = t; 1105 splx(s); 1106 } 1107 holiday; 1108 } [.. ] If a TIOCSETD IOCTL request is distributed to the kernel, the swap case in line 1089 is selected. In line 1090, the user-supplied facts of sort caddr_t, that's easily a typedef for char *, is saved within the signed int variable t. Then in line 1093, the price of t is in comparison with nlinesw. considering that info is provided via the consumer, it’s attainable to supply a string worth that corresponds to the unsigned integer price of 0x80000000 or higher. If this can be performed, t can have a destructive price as a result of style conversion in line 1090. instance 7-1 illustrates how t can turn into unfavourable: instance 7-1. instance software that demonstrates the kind conversion habit (conversion_bug_example. c) 01 typedef char * caddr_t; 02 03 // output the bit development 04 void 05 bitpattern (int a) 06 { 07 int m = zero; 08 int b = zero; 09 int cnt = zero; 10 int nbits = zero; eleven unsigned int masks = zero; 12 thirteen nbits = eight * sizeof (int); 14 m = 0x1 << (nbits - 1); 15 sixteen masks = m; 17 for (cnt = 1; cnt <= nbits; cnt++) { 18 b = (a & masks) ? 1 : zero; 19 printf ("%x", b); 20 if (cnt % four == zero) 21 printf (" "); 22 masks >>= 1; 23 } 24 printf ("\n"); 25 } 26 27 int 28 major () 29 { 30 caddr_t info = "\xff\xff\xff\xff"; 31 int t = zero; 32 33 t = *(int *)data; 34 35 printf ("Bit development of t: "); 36 bitpattern (t); 37 38 printf ("t = %d (0x%08x)\n", t, t); 39 forty go back zero; forty-one } traces 30, 31, and 33 are approximately just like traces within the OS X kernel resource code. during this instance, I selected the hardcoded price 0xffffffff as IOCTL enter info (see line 30). After the sort conversion in line 33, the bit styles, in addition to the decimal price of t, are published to the console. the instance application ends up in the subsequent output while it’s accomplished: osx$ gcc -o conversion_bug_example conversion_bug_example. c osx$ . /conversion_bug_example Bit trend of t: 1111 1111 1111 1111 1111 1111 1111 1111 t = −1 (0xffffffff) The output indicates that t will get the worth −1 if a personality string inclusive of four 0xff byte values is switched over right into a signed int.

Download PDF sample

Rated 4.28 of 5 – based on 33 votes