commit da844a047a293328d4fe25000ad274a1d123ae5b
parent ca048fa4909322abc8318b1f3adac0d5a38717e2
Author: Alex Balgavy <alex@balgavy.eu>
Date: Sat, 30 Oct 2021 16:31:50 +0200
Finalize softsec notes
Diffstat:
6 files changed, 9 insertions(+), 11 deletions(-)
diff --git a/content/softsec-notes/Softsec.apkg b/content/softsec-notes/Softsec.apkg
Binary files differ.
diff --git a/content/softsec-notes/_index.md b/content/softsec-notes/_index.md
@@ -2,6 +2,8 @@
title = 'Software Security'
+++
# Software Security
+[Here are the Anki cards I used to prepare for the exam.](Softsec.apkg)
+
1. [Intro](intro)
2. [Buffer overflow](buffer-overflow)
3. [Local privilege escalation](local-privilege-escalation)
diff --git a/content/softsec-notes/crypto.md b/content/softsec-notes/crypto.md
@@ -1,6 +1,6 @@
+++
title = 'Crypto'
-template = 'page-math.html'
+template = 'page-math.HTML'
+++
# Crypto
Allows secure communication between two or more parties in presence of an attacker
@@ -18,7 +18,7 @@ Terms:
- decryption: convert ciphertext to plaintext
Kerckhoff's principle:
-- separate algorithm fro mkey
+- separate algorithm from key
- assume attacker knows algorithm
- keep key secret
diff --git a/content/softsec-notes/heap-overflows.md b/content/softsec-notes/heap-overflows.md
@@ -18,7 +18,7 @@ Buffer overflows:
- scanf() etc. -- put bound on %s formats
Off-by-one:
-- wrong comparison operator, forget about strong terminator
+- wrong comparison operator, forget about string terminator
- can only overwrite one element above array capacity
Pointer storage:
diff --git a/content/softsec-notes/shellcode.md b/content/softsec-notes/shellcode.md
@@ -58,7 +58,7 @@ Shellcode v2:
```asm
.data
.globl shellcode
-shellcode;
+shellcode:
jmp over_string
string_addr:
.ascii "/bin/shNAAAAAAAABBBBBBBB"
@@ -68,7 +68,7 @@ over_string:
movb %al, 0x07(%rdi)
movq %rdi, 0x08(%rdi)
movq %rax, 0x10(%rdi) ; use %rax, avoiding explicit 0
- leaq 0x08(%rdi), %ri
+ leaq 0x08(%rdi), %rsi
movq %rax, %rdx ; use %rax, avoiding explicit 0
movb $0x3b, %al ; byte reg, upper bytes all zero
syscall
@@ -94,5 +94,3 @@ Compile and run:
cc -o shellcode-test shellcode-test.c shellcode.s
./shellcode-test
```
-
-
diff --git a/content/softsec-notes/web-security/index.md b/content/softsec-notes/web-security/index.md
@@ -269,7 +269,7 @@ Preventing XSS:
5. URI escape before inserting into HTML URL attributes
- use `httponly` on cookies to prevent access by scripts
-### Cross-site request forger (CSRF)
+### Cross-site request forgery (CSRF)
Allows attacker to execute requests on behalf of victim.
"Confused deputy attack": browser uses victim's authority to do what the attacker wants
@@ -279,7 +279,7 @@ Allows attacker to execute requests on behalf of victim.
Preventing:
- HTML-only: web server embeds token (secret & unique value) for each request, in all HTML forms, verified on server side
- header-based (for JS sites)
- - on long, web app sets cookie containing random token that stays same for whole session
+ - on login, web app sets cookie containing random token that stays same for whole session
- JS on client side copies it into custom HTTP header. Only JS within the same origin.
- server validates this
@@ -343,5 +343,3 @@ Serialization of python datatypes.
Pickle allows arbitrary objects to be pickled by providing a `__reduce__` method, which should return:
- a string
- or tuple describing how to reconstruct object
-
-
