On Tue, Apr 16, 2013 at 10:52:36AM +0300, Razvan Deaconescu wrote:
> Hi, everyone!
>
> Together with Lucian Cojocar & Vlad Dumitrescu (designers of the second
> assignment), Irina Preșa, Adrian Șendroiu, Laura Vasilescu and Radu
> Caragea (winners of DefCamp CTF), we are going to take part in the
Hi, everyone!
The integers lab is now online [1]. You are strongly encouraged to skim
through the resources before the lab itself, especially the fourth
chapter of the CERT C Coding Standard [2].
[1]: http://ocw.cs.pub.ro/courses/cns/labs/lab-06
[2]:
https://www.securecoding.cert.org/confluence/
Hi,
As a continuation to the seccomp API [1], I've stumbled upon Mbox [2], a
sandboxing application based on seccomp and/or ptrace.
Its main advantage seems to be creating sandboxes on the fly, some audit
features for applications running inside the sandbox (for files and
sockets) and the ability
Hi,
I found the article in $subject [1] via Hacker News [2]. The examples are very
interesting, as they don't exploit binary vulnerabilities, rather than a
design issue of shell wildcards. I'm not sure if any of the examples there
have been used for a real-life exploit, but they're instructive nev
On Sat, Oct 25, 2014 at 05:06:17PM +0300, Alex Teaca wrote:
> Also, I tried to compile with -S flag, and update the task5.s with
> ".section .data,"awx",@progbits"
> but, when I compile, I get
>
> gcc -C task5.s
> test5.s: Assembler messages:
> test5.s:5: Warning: ignoring changed section attribut
On Tue, Oct 28, 2014 at 02:22:57PM +0200, Alex Teaca wrote:
> Hello,
>
> I see in get_got routine that the plt_ptr, got_min and got_max
> variables are marked with the volatile keyword.
> What is its purpose, is there a danger for these variables
> to be modified, and the compiler don't see it ?
On Tue, Nov 11, 2014 at 08:57:02AM +, Razvan Nitu wrote:
> Hello all,
>
> When I tried to run the hasher binary I got this error [1]. I recompiled, but
> i received [2]. I figured it might be the fact that I don't have the 32-bit
> library so I compiled everything without the -m32 flag and e
Hi everyone,
Lab 06 is now available on the wiki [1].
[1]: http://ocw.cs.pub.ro/courses/cns/labs/lab-06
Lucian
___
http://elf.cs.pub.ro/oss/wiki/resources/mailing-list
Hi everyone,
The (almost) final version of Lab 7 is available on the wiki [1].
[1]: http://ocw.cs.pub.ro/courses/cns/labs/lab-07
Lucian
___
http://elf.cs.pub.ro/oss/wiki/resources/mailing-list
Hi, everyone.
A draft version of next tomorrow's lab is now available on the wiki [1].
[1]: http://ocw.cs.pub.ro/courses/cns/labs/lab-09
Lucian
___
http://elf.cs.pub.ro/oss/wiki/resources/mailing-list
Hi,
The guys on the security Stack Exchange site have started a discussion [1] on
XKCD's "Password Strength" comic [2]. One of the answers [3] in particular
provides a more detailed analysis of the choices and underlying assumptions
made by the author to show that the passphrase approach is actual
Hi everyone,
A draft of Lab 10 is now available on the wiki [1].
[1]: http://ocw.cs.pub.ro/courses/cns/labs/lab-10
Lucian
___
http://elf.cs.pub.ro/oss/wiki/resources/mailing-list
On Fri, Jan 09, 2015 at 11:18:24PM +0200, Alexandru Tudorica wrote:
> On Thu, Jan 8, 2015 at 11:33 PM, Radu Caragea wrote:
> I'm getting the mails from yahoo into spam (I'm using Gmail). Can somebody
> fix the mailing list configuration?
Hi,
Unfortunately this is an issue that affects all the li
Hi, everyone!
As most of you should be comfortable with x86 assembly by now, I thought I'd
share the book/collection mentioned in $subject. xchg rax, rax [1] is a
collection of riddles written in assembly, most of which rely heavily on the
various behaviours documented in the x86 instruction set.
Hi,
Lab 11 is up on the wiki [1]. See you at the lab!
[1]: http://ocw.cs.pub.ro/courses/cns/labs/lab-11
Lucian
___
http://elf.cs.pub.ro/oss/wiki/resources/mailing-list
Hi everyone,
Lab 12 is now available on the wiki [1].
[1]: http://ocw.cs.pub.ro/courses/cns/labs/lab-12
Lucian
___
http://elf.cs.pub.ro/oss/wiki/resources/mailing-list
Hi everyone,
ctfhacker.com has a post on combining radare2 and symbolic execution to
reverse engineer a CTF binary [1]. You might remember radare2 from the
first labs. Although its interface is a bit clunky, the post shows a few
interesting uses in the preliminary stages of reversing.
For those o
On Tue, Jan 05, 2016 at 12:29:13PM +0200, Teodora Olaru wrote:
> ssh: connect to host 141.85.227.139 port 12322: Network is unreachable
Hi Teodora,
I tried accessing your address:port from multiple places and it worked
for me. Do you have any outbound ports blocked from your location?
Lucian
___
Hi everyone,
Riscure are organizing Riscure Hack me 2 [1], a CTF contest aimed at
low-level hardware hacking. To qualify, the contestants must find the
flag in a binary file, very similarly to Răzvan's demo at the first CNS
lecture. A limited number of boards are available to be shipped to the
co
Hi everyone,
You may now download an official(tm) CNS-approved(c)(r) virtual machine
from the resources directory linked on the wiki [1].
The VM uses Kali Linux, a security-oriented distro that contains all the
pwning tools you will need for the CNS class (and more!). We recommend
it as a referen
Vladimir Oltean writes:
> Hi,
>
> Yesterday I wrote this Bash helper script as a wrapper around "objcopy
> --add-symbol". [1]
Nice job, Vladimir! It looks very cool!
> [1]:
> https://github.com/vladimiroltean/blog/blob/master/dotfiles/bin/apply-symbols
Lucian
___
Hi everyone,
As discussed today at the lecture, there are a few ways for those of you
who liked the CNS class to further explore the field.
One way is to play wargames: IO/NetGarage [1] (some of the levels there
we've already explored in the labs), Smashthestack [2], WeChall [3],
Embedded Securit
Lucian Mogosanu writes:
> Hi everyone,
>
> As discussed today at the lecture, there are a few ways for those of you
> who liked the CNS class to further explore the field.
*snip*
> If you have any further questions about this, don't hesitate to keep the
> discussion g
23 matches
Mail list logo