Bookmarks
How Many Computers Are In Your Computer?
Any ‘computer’ is made up of hundreds of separate computers plugged together, any of which can be hacked. I list some of these parts.
Safe C++
Over the past two years, the United States Government has been issuing warnings about memory-unsafe programming languages with increasing urgency.
Our Software Dependency Problem
The text discusses the risks and benefits of using software dependencies in programming. It emphasizes the importance of understanding, managing, and monitoring dependencies to prevent potential issues like bugs and security vulnerabilities. The article highlights the need for developers to establish best practices for effectively utilizing dependencies in their projects.
Running the “Reflections on Trusting Trust” Compiler Posted on Wednesday, October 25, 2023.
The text discusses how to modify a C compiler to insert a backdoor into a program without leaving traces in the source code. It explains that the backdoor can be detected because the compiler's size increases each time it compiles itself. Finally, it highlights the importance of using trusted compilers to prevent hidden backdoors in modern software development.
OWASP Top Ten
The OWASP Top 10 is a guide for developers to understand critical security risks in web applications. Companies are encouraged to follow this document to improve the security of their web applications. The 2021 update includes new categories and ranking changes based on testing data and industry feedback.
Introduction
The OWASP Cheat Sheet Series offers valuable security information on application security topics. Created by experts, these concise cheat sheets aim to provide easy-to-read security guidance. You can download the cheat sheets from this site and stay updated through the ATOM feed.
The Copenhagen Book
The Copenhagen Book is a free and open-source guide for implementing auth in web applications. It is community-maintained and can be used alongside the OWASP Cheat Sheet Series. Suggestions or concerns can be addressed by opening a new issue.
In-depth analysis on Valorant’s Guarded Regions
The text discusses how Valorant's anti-cheat system, Vanguard, uses innovative techniques to protect against memory manipulation by whitelisting threads and creating shadow regions. These methods involve cloning and modifying the game's paging tables to allow access to hidden memory without affecting performance. By implementing these advanced security measures, Vanguard effectively prevents cheats from bypassing its guarded regions.
Exploit Development: No Code Execution? No Problem! Living The Age of VBS, HVCI, and Kernel CFG
The text discusses various techniques used in exploit development, particularly focusing on targeting the Windows kernel. It mentions concepts like Hypervisor-Protected Code Integrity (HVCI) and how exploits can manipulate memory to execute attacker-controlled code in kernel mode. The text also delves into details like leaking kernel-mode memory, constructing ROP chains on the kernel-mode stack, and utilizing functions like NtQuerySystemInformation to escalate privileges and perform malicious actions in the system.
Creating a Rootkit to Learn C
The text demonstrates creating a userland rootkit in C to hide malicious activities like network connections and files. By hooking into system calls like access() and write(), the rootkit can manipulate userland programs and evade detection by tools like netstat. The rootkit uses shared library injections and hooks to intercept and manipulate system calls, showcasing the power of C for malicious activities.
999 crates of Rust on the wall
The author compared popular crates on crates.io to their upstream repositories to improve supply chain security. Most top crates matched their repositories, but some had issues like missing VCS info or build failures. Future work includes extending this analysis to all crates on crates.io and improving publishing processes for better security.
ethereumbook/04keys-addresses.asciidoc at develop · ethereumbook/ethereumbook · GitHub
This chapter introduces public key cryptography used in Ethereum for securing ownership of funds through private keys and addresses. Public keys are derived from private keys and are represented as points on an elliptic curve. Ethereum addresses are unique identifiers generated from public keys using the Keccak-256 hash function.
Anonymity and the internet
Anonymity on the internet is fragile, with each piece of information reducing anonymity. Revealing multiple bits of personal information can jeopardize anonymity, but deliberate disinformation can help regain some anonymity. To protect anonymity, it's best to minimize information disclosure.
Subcategories
- applications (9)
- compression (9)
- computer_vision (8)
- deep_learning (94)
- ethics (2)
- generative_models (25)
- interpretability (17)
- natural_language_processing (24)
- optimization (7)
- recommendation (2)
- reinforcement_learning (11)
- supervised_learning (1)