Notes in Software Security

To Subscribe, use this Key

Status	Last Update	Fields
Published	04/23/2023	When data is written to a buffer:Is data written upwards (higher address) or downwards (lower addresses)
Published	04/23/2023	Call StackDoes the call stack grow up (high addr) ordown (low addr)
Published	04/23/2023	What is contained in a stack frame?
Published	04/23/2023	Whats the layout of a stack frame for the following function?void function(int a, int b){    char buffer1[5];    char buffer2[10];…
Published	04/23/2023	What is NOP padding?
Published	04/23/2023	What are the three places we can put shell code?
Published	04/23/2023	What is return to libc?
Published	04/23/2023	What are the main steps in a return to libc attack?
Published	04/23/2023	What is the defense to a return to libc attack?
Published	04/23/2023	What are the defenses against buffer overflow attacks?
Published	04/23/2023	what are some unsafe string handling functions and their safe counterparts?
Published	04/23/2023	what is a c header file that will raise error for any unsafe string functions in code?
Published	04/23/2023	how can you protect return addresses?
Published	04/23/2023	what is the name for a system to prevent executable inputs?
Published	04/23/2023	How can data execution prevention be bypassed?
Published	04/23/2023	In protecting return addresses,where are canary values placed?
Published	04/23/2023	What is return-oriented programming?
Published	04/23/2023	What is the cause of the destruction of Ariane 5 ?
Published	04/23/2023	What is the CVE-2010-5139 (Bitcoin)?
Published	04/23/2023	What are the sizes of the following?charshortint longfloatdoublelong double
Published	04/23/2023	How do you implement safe signed addition?
Published	04/23/2023	What is an example of integer mismatch?
Published	04/23/2023	Where (to what stream) do the following printf functions output?printf(char , ... )fprintf(FILE , char , ...)sprintf(char , char *, ...)snprintf(c…
Published	04/23/2023	What do the following format tokens do?%i, %d%u%x%s%p%n
Published	04/23/2023	What is the minimum number of digits printed by the following code?snprintf(buf, sizeof(buf), "%.100d%n", x, &ctr);
Published	04/23/2023	Write a 100 length printf function using the precision-field
Published	04/23/2023	Write a 100 length printf function using the width field
Published	04/23/2023	What is the main defense for format string attacks
Published	04/23/2023	How do you read from an arbitrary memory location (format string attack)
Published	04/23/2023	What are the two functions related to memory management in C?
Published	04/23/2023	What data structure is the fastbin?
Published	04/23/2023	Where are free memory chunks stored?
Published	04/23/2023	How is the fastbin ordered?
Published	04/23/2023	How does the search for a free chunk through the fastbin in malloc() work?
Published	04/23/2023	What is chunk coalescing?
Published	04/23/2023	What is the heap-allocator function called when free() is called?
Published	04/23/2023	What is the heap-allocator function called when malloc() is called?
Published	04/23/2023	How can we write to arbitrary memory locations using ghost chunks?
Published	04/23/2023	What are 4 defenses against double free attacks?
Published	04/23/2023	What are the three types of evil inputs?
Published	04/23/2023	How can an attack be carried out via env var?What would the fix be?How can that fix be subverted using the IFS env var?What was the fix to that IFS su…
Published	04/23/2023	What are some defenses against env var attacks?
Published	04/23/2023	What is the Sun StarOffice vulnerability?
Published	04/23/2023	What is an example of a device driver attack?
Published	04/23/2023	What are some targets that can be overwritten to execute shellcode besides return addresses?
Published	04/23/2023	What is object reuse and storage residues?
Published	04/23/2023	What is the Sun tarball vulnerability?
Published	04/23/2023	What is the defense for Sun tarball?
Published	04/23/2023	What is the heartbleed vulnerability?
Published	04/23/2023	Briefly describe how memory dumps can be used to extract secrets in memory.
Published	04/23/2023	What are two things that can be done to protect secrets in memory?
Published	04/23/2023	What is one way automatic code execution was done in Windows?
Published	04/23/2023	What was one company that exploited AutoRun?
Published	04/26/2023	Name and describe two examples that might caused Integer Overflow
Published	04/26/2023	Give me an example of a structure of a chunk in the context of memory organization? Code example will do
Published	04/26/2023	How does environment variables caused a buffer overflow attack? Describe the process and how to prevent them.
Published	04/26/2023	Describe the 2 ways to defend against attacks exploiting environment variables.
Published	04/26/2023	Explain what is a symbolic link and how can it be exploited?
Published	04/26/2023	Describe the Sun StarOffice case study and how does it exploit symbolic links?
Published	04/26/2023	Describe an example of an exploitation that used device drivers?
Published	04/26/2023	What are the different targets that an attacker should focus on to overwrite?
Published	04/26/2023	Briefly describe the use of GOT and how the double free vulnerability exploits it.
Published	04/26/2023	Using the concept of function pointers and constructor and destructor, explain how the exploitation on .dtors work?
Published	04/26/2023	What is the difference between object reuse and storage residue?
Published	04/26/2023	Explain what was the exploitation used for Tarball. How can this be prevented in the future?
Published	04/26/2023	Describe the Heartbleed event. Fully explain how the exploitation mechanism works
Published	04/26/2023	Explain the Stuxnet exploitation
Published	04/26/2023	Define race condition
Published	04/26/2023	What are the possible defences against race conditions? Name a drawback from these defences
Published	04/26/2023	Explain the steps for the Meltdown exploit simply
Published	04/26/2023	What is KAISER?
New Card	04/27/2023	Give an example of a SQL injection affecting Availability
New Card	04/27/2023	Whats an example of a function to sanitize user inputs for SQL injection?
New Card	04/27/2023	What are three classes of defenses against SQL injections?
New Card	04/27/2023	What are three general classes of defense against SQL injections?
New Card	04/27/2023	What is an example of a XPath command to select all titles?
New Card	04/27/2023	Given the following Xpath command/bookstore/book/titleWhat would be the code for the following?1. To select the title of the first book2. To select th…
New Card	04/27/2023	What is LDAP?
New Card	04/27/2023	What is a defense against Xpath injection?
New Card	04/27/2023	What does the following LDAP query do?(&(!(cn=Tim Howes))(objectClass=Person)(\|(sn=Jensen)(cn=Babs J))(o=univofmich))
New Card	04/27/2023	Given the following LDAP query code(&(attribute=value)(&))(filter2))Is a syntax error thrown?
New Card	04/27/2023	What is SSRF?
New Card	04/27/2023	What are the following malicious SSRF HTTP requests intended to do?1. GET /?url=http://localhost/server-status HTTP/1.12. GET /?url=file///e…
New Card	04/27/2023	What are three defenses against SSRF?
New Card	04/27/2023	What is an example of a XML/XEE attack?
New Card	04/27/2023	What are the following SSRF/XML/XXE attacks intending to do?1. <?xml version="1.0" encoding="ISO-8859-1"?> <!DOCTYPE foo [<!ELEMENT foo AN…
New Card	04/27/2023	What are four signs your application is vulnerable to XML based attacks?
New Card	04/27/2023	What are 6 defenses against XML attacks?
New Card	04/27/2023	Two pages have the same origin if they have the same
New Card	04/27/2023	What is SOP intended to stop?
New Card	04/27/2023	What are some XSS attacks that can be carried out? (not the classes of XSS, eg reflected, but more of specific attacks possible)
New Card	04/27/2023	What are the three classes of XSS attacks?
New Card	04/27/2023	Given the target host http://www.vulnerable.com/login.jsp?name=and the attacker's endpointhttp://www.badbad.com/steal.php?cookie=How can a reflec…
Status	Last Update	Fields