Category Archives: Security

Understanding kcov – play with -fsanitize-coverage=trace-pc from the user space

Posted on June 1, 2017 by daveti

kcov is a kernel feature used to support syzkaller[1]. To provide the code coverage information from the kernel itself, the GCC compiler was patched to instrument the kernel image[2]. The kernel itself was also patched to enable this feature where … Continue reading →

Posted in OS, Security, Stuff about Compiler | Tagged gcc, kcov, linux kernel | Leave a comment

SGX Bug SKL012 and CHIPSEC

Posted on December 16, 2016 by daveti

Intel SGX CPU (staring from Skylake) has been there for while. The good news is that there is still no known exploitation against SGX self yet, though there are some exploitations in the enclave code and Intel SGX SDK. In … Continue reading →

Posted in Security | Tagged chipsec, intel, sgx, sgxbug, skylake, umip, x86_64 | Leave a comment

Making USB Great Again with USBFILTER – a USB layer firewall in the Linux kernel

Posted on August 4, 2016 by daveti

Our paper “Making USB Great Again with USBFILTER” has been accepted by USENIX Security’16. This post provides a summary of usbfilter. For details, please read the damn paper or download the presentation video/slides from USENIX website. I will head to … Continue reading →

Posted in Dave's Tools, OS, Security | Tagged BadUSB, GoodUSB, kernel, Linux, LUM, netfilter, Prolog, URB, USB, usbfilter, usbtables, usenix | Leave a comment

Malware Reverse Engineering – Part II

Posted on July 17, 2016 by daveti

While most tools for MRE are staightforward, some of them require time, patience, and skills to show the full power. For static analysis, this means IDA; for dynamic analysis, it is OllyDbg (and WinDbg for Windows kernel debugging). In this … Continue reading →

Posted in Security, Static Code Analysis | Tagged cuda, gpu, IDA, Jellyfish, malware, MRE, OllyDbg, RAT, Rootkit, Windows | Leave a comment

Malware Reverse Engineering – Part I

Posted on July 17, 2016 by daveti

I took a “Malware Reverse Engineering (MRE)” class last semeter and it was fun to me, partially because I was not a Windows person, though I am still not. What seems ridiculous to me is how trivial one can write … Continue reading →

Posted in Security, Static Code Analysis | Tagged IDA, Inetsim, malware, MRE, PEiD, PEStudio, PEview, Ransomware, RegShot, Windows | Leave a comment

Defending Against Malicious USB Firmware with GoodUSB

Posted on December 3, 2015 by daveti

Finally, 4 months after our paper was accepted by ACSAC’15, I could now write a blog talking about our work – GoodUSB, and release the code, due to some software patent bul*sh*t. (I sincerely think software patent should be abolished … Continue reading →

Posted in OS, Security | Tagged acsac, BadUSB, firmware, GoodUSB, kernel, Linux, security, USB | 1 Comment

Linux Kernel DSA and Provenance Release

Posted on August 21, 2015 by daveti

Linux Provenance kernel (2.6.32) and tools for CentOS and RedHat Enterprise Linux https://github.com/daveti/prov-kernel https://github.com/daveti/prov-tools Linux kernel crypto – DSA https://github.com/daveti/kdsa During the development on kernel 2.6.32, we found a bug in mpi-pow.c which failed DSA. The patch file has been included … Continue reading →

Posted in Linux Distro, OS, Security | Tagged CentOS, crypto, DSA, kernel, Linux, lpm, MPI, provenance, RedHat | Leave a comment

Trustworthy Whole-System Provenance for the Linux Kernel

Posted on July 19, 2015 by daveti

Our paper “Trustworthy Whole-System Provenance for the Linux Kernel” has been accepted by USENIX Security 2015. While details could be found in the paper (link below), I would like to talk about some background about LPM (a.k.a., Linux Provenance Module, … Continue reading →

Posted in OS, Security | Tagged kernel, Linux, lpm, lsm, paper, provenance, provmon, security, usenix | Leave a comment

More Guidelines Than Rules: CSRF Vulnerabilities from Noncompliant OAuth 2.0 Implementations

Posted on April 12, 2015 by daveti

Our paper, as titled, has been accepted by DIMVA 2015 – Milano, Italy. While the final paper will not be released until July, we will have a brief summary of what we have done in this post. Another focus here … Continue reading →

Posted in Security | Tagged CSRF, OAD, OAuth, Python, security, Selenium | 1 Comment

arpsec – Securing ARP from the Ground Up

Posted on February 26, 2015 by daveti

Our paper “Securing ARP from the Ground Up” has been accepted as a short paper by CODASPY15, which will be in San Antonio, TX from March 2nd to 4th. In this post, we will talk about our solution to ARP … Continue reading →

Posted in Network, OS, Security | Tagged arp, arpsec, CODASPY, DDoS, DoS, Linux, MitM, netlink, Prolog, relay, S-ARP, security, TARP, TPM | 2 Comments