ZARZA We are Zarza, the prestigious firm behind major projects in information technology.
Listen "DynaGuard Special"
Episode Synopsis
In this episode of Security Headlines, we are joined by a great mind in the
memory security space. A spark was created when Theofilos peaked
into the realms of security. So he packed his bag and got to the next plane to the US in order to deep-dive more into the security field during
his studies. He became fascinated by the world of writing exploits
and "smashing the stack" as we say in the hacking field. He is a
brilliant guy when it comes to memory attack and he has co-written a
solution that solves the stack canary problem.
We had the chance to sit down with Theofilos Petsios and
get to hear his view on security, development and a lot more.
That you can tune into right here:
Stack canaries is a security mitigation technique that has been widely
adopted and you will find it in most systems today. But does it really work?
Topics that we touch upon in this episode:
Stack canaries
Address layer space randomization
Blind Return Oriented Programming (BROP)
Return Oriented Programming
Static code analysis
Rest in peace Andrea Bittau
security mitigations
Write Xor Execute(W^X)
Dynaguard
Where stack canaries fail and the operating systems approach to it.
hardening systems
where the future of security is going
CVE's over time
Memory corruption bugs
builtin security in the compilers
Security vs Overhead
Using memory in the Thread-local storage
adoption of security mitigations
stack clash
Pin, Intel's dynamic binary instrumentation framework
Defense Advanced Research Projects Agency
whitepapers and Proof of concepts
Fuzzing
building better security tools
Cost vs benefit in the security field
Switching from userspace to kernel space mitigations
linters
secure codebases
formal verifications
"Stack canaries is just one little stone, one a the beach that keeps getting hit by big waves"
External links
https://twitter.com/theofilospe
https://www.cs.columbia.edu/~theofilos/files/slides/dynaguard.pdf
https://www.cs.columbia.edu/~theofilos/files/papers/2015/dynaguard.pdf
http://www.scs.stanford.edu/brop/
http://www.scs.stanford.edu/brop/bittau-brop.pdf
https://github.com/nettrino/DynaGuard
https://software.intel.com/content/www/us/en/develop/articles/pin-a-dynamic-binary-instrumentation-tool.html
https://github.com/nezha-dt/nezha
https://llvm.org/docs/LibFuzzer.html
https://github.com/nettrino/vimconf
https://capsule8.com/blog/millions-of-binaries-later-a-look-into-linux-hardening-in-the-wild/
https://youtu.be/Er44ur7wkXQ?t=44
memory security space. A spark was created when Theofilos peaked
into the realms of security. So he packed his bag and got to the next plane to the US in order to deep-dive more into the security field during
his studies. He became fascinated by the world of writing exploits
and "smashing the stack" as we say in the hacking field. He is a
brilliant guy when it comes to memory attack and he has co-written a
solution that solves the stack canary problem.
We had the chance to sit down with Theofilos Petsios and
get to hear his view on security, development and a lot more.
That you can tune into right here:
Stack canaries is a security mitigation technique that has been widely
adopted and you will find it in most systems today. But does it really work?
Topics that we touch upon in this episode:
Stack canaries
Address layer space randomization
Blind Return Oriented Programming (BROP)
Return Oriented Programming
Static code analysis
Rest in peace Andrea Bittau
security mitigations
Write Xor Execute(W^X)
Dynaguard
Where stack canaries fail and the operating systems approach to it.
hardening systems
where the future of security is going
CVE's over time
Memory corruption bugs
builtin security in the compilers
Security vs Overhead
Using memory in the Thread-local storage
adoption of security mitigations
stack clash
Pin, Intel's dynamic binary instrumentation framework
Defense Advanced Research Projects Agency
whitepapers and Proof of concepts
Fuzzing
building better security tools
Cost vs benefit in the security field
Switching from userspace to kernel space mitigations
linters
secure codebases
formal verifications
"Stack canaries is just one little stone, one a the beach that keeps getting hit by big waves"
External links
https://twitter.com/theofilospe
https://www.cs.columbia.edu/~theofilos/files/slides/dynaguard.pdf
https://www.cs.columbia.edu/~theofilos/files/papers/2015/dynaguard.pdf
http://www.scs.stanford.edu/brop/
http://www.scs.stanford.edu/brop/bittau-brop.pdf
https://github.com/nettrino/DynaGuard
https://software.intel.com/content/www/us/en/develop/articles/pin-a-dynamic-binary-instrumentation-tool.html
https://github.com/nezha-dt/nezha
https://llvm.org/docs/LibFuzzer.html
https://github.com/nettrino/vimconf
https://capsule8.com/blog/millions-of-binaries-later-a-look-into-linux-hardening-in-the-wild/
https://youtu.be/Er44ur7wkXQ?t=44
More episodes of the podcast Security Headlines
Introducing Hacker Talk
03/03/2022
Fuzzing with Patrick Ventuzelo
24/10/2021
Osint Special with Jay Townsend
17/08/2021
Security Headlines with Kolja Weber
19/01/2021
ChalmersCTF with Michael Dubell
17/12/2020
Security Headlines with Antoine Jacoutot
04/12/2020
Security Headlines with Jonas Lejon
20/11/2020
Security Headlines with Johan Rydberg Moller
13/11/2020
Security Headlines with Eijah
06/11/2020
Security Headlines with Johnny Xmas
30/10/2020
In God we trust