gcc | General Musing

Posts Tagged ‘gcc’

6 Months of Security Links #2011

I’m a regular curator of daily links, and like to give overviews of my collection of curated links and posts. This is partly as there are some good sources and articles in here and as I am working on a research project which I started based on a number of books I read.

I’m sure you’ll find something interesting in the items below – there are some gems in the list – and I dare to hazard the guess you might learn something you wanted to know.

Read the rest of this entry »

About these ads

Written by Daniël W. Crompton (webhat)

July 15, 2011 at 4:10 pm

Posted in tagging

Tagged with 2010, 4chan, 802.11, aclu, advertising, airplane, airport, algorithm, analysis, audio, audit, authentication, authority, authorization, availability, backbone, bandwidth, bias, biases, biometrics, bluetooth, botnet, browser, bruceschneier, ca, camera, certificate, certificates, china, cia, communication, computer, copyright, cpu, crime, cryptography, cybersecurity, data, database, datagathering, datamining, db, dead, death, defcon, descriptor, detection, disk, diy, drive, drm, drone, economics, embedded, encryption, erase, eu, europe, experiment, facebook, fbi, file, filter, fingerprint, fingerprinting, flying, forensics, freedom, gcc, geolocation, google, government, gprs, gsm, hack, hacking, hardware, hdd, health, hibernate, identification, identity, india, insurance, intelligence, internet, isp, java, javascript, jboss, kerberos, latency, law, learning, lifehacks, linux, livecd, mac, malware, marketing, microsoft, mobile, monitoring, music, mythology, nagog, network, networking, ntlm, oauth, openid, osx, outsourcing, paper, passwd, password, peering, penetration, pentest, performance, pki, plane, police, politics, privacy, quora, ra, recovery, refresher, reload, repair, report, risk, robotics, router, routing, scam, schneier, science, security, seo, socialmedia, socialnetworking, software, solidstate, specialbrands, ssd, ssl, sso, surveillance, system:filetype:pdf, system:media:document, technology, terror, terrorism, testing, theft, threats, tls, toblog, tor, toread, tracking, traffic, travel, tsa, uav, uk, umts, usa, video, visualization, vodafone, vulnerability, wasp, watermarking, web, webapp, webpage, windows, wireless, youtube

Proof of Concept: Overloading file operations with LD_PRELOAD

leave a comment »

Viaduct and sky 2, Scottish borders, 2010 - Viaduct and sky close to Melrose

In a discussion on Full Disclosure I added a reply which I would like to expand on here:

“What I did for a project I was working on was I create a LD_PRELOAD library which overloaded the i/o operations and used gz and bz2. This could easily be adapted to overload with encryption library functions rather than compression libraries. You can also use this to keep the bash history in memory using a shared memory location.“

What I did which inspired the message above was to replace a number of functions – including read, write and lseek – with custom functions. What the underlying custom code did was fingerprint – using the magic file – the file to discover which compression mechanism was being used for an existing file, and when creating a new file it would use the compression based on the value set in an environment variable. The file was never extracted to and only held in memory as these were mostly streamed to and from disk compressed, which means that with a little tweaking that these could include a stream cipher, provided the key is long enough to avoid stream cipher attacks.

For completeness I’ll add here that the code supported the formats listed below, and a number of other historic formats and others that I don’t recall: