Sign up to save your podcasts
Or
Share DynaGuard Special
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
DynaGuard Special
In this episode of Security Headlines, we are joined by a great mind in the
memory security space. A spark was created when Theofilos peaked
into the realms of security. So he packed his bag and got to the next plane to the US in order to deep-dive more into the security field during
his studies. He became fascinated by the world of writing exploits
and "smashing the stack" as we say in the hacking field. He is a
brilliant guy when it comes to memory attack and he has co-written a
solution that solves the stack canary problem.
We had the chance to sit down with Theofilos Petsios and
get to hear his view on security, development and a lot more.
That you can tune into right here:
Stack canaries is a security mitigation technique that has been widely
adopted and you will find it in most systems today. But does it really work?
Topics that we touch upon in this episode:
Stack canaries
Address layer space randomization
Blind Return Oriented Programming (BROP)
Return Oriented Programming
Static code analysis
Rest in peace Andrea Bittau
security mitigations
Write Xor Execute(W^X)
Dynaguard
Where stack canaries fail and the operating systems approach to it.
hardening systems
where the future of security is going
CVE's over time
Memory corruption bugs
builtin security in the compilers
Security vs Overhead
Using memory in the Thread-local storage
adoption of security mitigations
stack clash
Pin, Intel's dynamic binary instrumentation framework
Defense Advanced Research Projects Agency
whitepapers and Proof of concepts
Fuzzing
building better security tools
Cost vs benefit in the security field
Switching from userspace to kernel space mitigations
linters
secure codebases
formal verifications
"Stack canaries is just one little stone, one a the beach that keeps getting hit by big waves"
External links
https://twitter.com/theofilospe
https://www.cs.columbia.edu/~theofilos/files/slides/dynaguard.pdf
https://www.cs.columbia.edu/~theofilos/files/papers/2015/dynaguard.pdf
http://www.scs.stanford.edu/brop/
http://www.scs.stanford.edu/brop/bittau-brop.pdf
https://github.com/nettrino/DynaGuard
https://software.intel.com/content/www/us/en/develop/articles/pin-a-dynamic-binary-instrumentation-tool.html
https://github.com/nezha-dt/nezha
https://llvm.org/docs/LibFuzzer.html
https://github.com/nettrino/vimconf
https://capsule8.com/blog/millions-of-binaries-later-a-look-into-linux-hardening-in-the-wild/
https://youtu.be/Er44ur7wkXQ?t=44
View all episodes
By Firo Solutions
5
11 ratings
In this episode of Security Headlines, we are joined by a great mind in the
memory security space. A spark was created when Theofilos peaked
into the realms of security. So he packed his bag and got to the next plane to the US in order to deep-dive more into the security field during
his studies. He became fascinated by the world of writing exploits
and "smashing the stack" as we say in the hacking field. He is a
brilliant guy when it comes to memory attack and he has co-written a
solution that solves the stack canary problem.
We had the chance to sit down with Theofilos Petsios and
get to hear his view on security, development and a lot more.
That you can tune into right here:
Stack canaries is a security mitigation technique that has been widely
adopted and you will find it in most systems today. But does it really work?
Topics that we touch upon in this episode:
Stack canaries
Address layer space randomization
Blind Return Oriented Programming (BROP)
Return Oriented Programming
Static code analysis
Rest in peace Andrea Bittau
security mitigations
Write Xor Execute(W^X)
Dynaguard
Where stack canaries fail and the operating systems approach to it.
hardening systems
where the future of security is going
CVE's over time
Memory corruption bugs
builtin security in the compilers
Security vs Overhead
Using memory in the Thread-local storage
adoption of security mitigations
stack clash
Pin, Intel's dynamic binary instrumentation framework
Defense Advanced Research Projects Agency
whitepapers and Proof of concepts
Fuzzing
building better security tools
Cost vs benefit in the security field
Switching from userspace to kernel space mitigations
linters
secure codebases
formal verifications
"Stack canaries is just one little stone, one a the beach that keeps getting hit by big waves"
External links
https://twitter.com/theofilospe
https://www.cs.columbia.edu/~theofilos/files/slides/dynaguard.pdf
https://www.cs.columbia.edu/~theofilos/files/papers/2015/dynaguard.pdf
http://www.scs.stanford.edu/brop/
http://www.scs.stanford.edu/brop/bittau-brop.pdf
https://github.com/nettrino/DynaGuard
https://software.intel.com/content/www/us/en/develop/articles/pin-a-dynamic-binary-instrumentation-tool.html
https://github.com/nezha-dt/nezha
https://llvm.org/docs/LibFuzzer.html
https://github.com/nettrino/vimconf
https://capsule8.com/blog/millions-of-binaries-later-a-look-into-linux-hardening-in-the-wild/
https://youtu.be/Er44ur7wkXQ?t=44