New Buffer Overflow Tutorial from xAMNESIAx

xAMNESIAx has posted his first tutorial, Buffer Overflow Exploitation for Beginners. It's not near as extensive as jip's Stack Smashing on a Modern Linux System Tutorial, but it's a nice tutorial for people who aren't interested in modern exploitation and would rather have a simpler look at older unprotected systems. It's worth a look if you're interested in buffer overflows, but have found previous tutorials to be a bit too challenging or involved. We hope to have xAMNESIAx work with other members of our crew to revamp and expand the Neophyte's Guide. In other news, OFACE has been released to all VIP members.

Shinobi Now an Inductee, Looking For Recruits

I'm happy to announce that after months of operations work (and other tasks), Shinobi has been promoted to inductee. He's now moving to get our group reorganized and restructured for maximum efficiency. We're now out of recruits (again), so we're looking for talented individuals to apply Wink. As mentioned in the FAQ, if you are serious about joining SOLDIERX, you should have at least 5-10 hours of time to give to the group each week. The first step in becoming a member is to become a recruit. In order to become a recruit you need to email the following information to RaT:
Handle:
Contact Information (AIM, yahoo, etc):
Skills (reverse engineering, writing, programming, etc):
Hours Available:
Why You Want To Join SOLDIERX:
What You Will Do For Your First Project:

Position-Independent Executable Support Added to FreeBSD

Ever since my presentation at BSDCan, I've been working with a talented individual named Bryan Drewery to help get the ASLR work merged into FreeBSD. We've now merged in one major part of the ASLR work: Position-Independent Executable (PIE) support. Adding this feature makes it so that normal executables can be relocated in memory and still run. Normally, without PIE, an executable tells the operating system at what address it expects to be loaded. If the executable isn't loaded at that address, things can (and likely will) go wrong. However, when compiled as a PIE, the executable tells the operating system that it can be loaded anywhere, and it'll make do. Essentially, it turns your executable from a normal executable (ELF type ET_EXEC) to a shared object (ELF type ET_DYN).

FreeBSD has supported loading PIEs for a while now, but the applications in base weren't compiled as PIEs. Given that ASLR is useless without PIE, getting base compiled with PIE support is a mandatory first step in proper ASLR support. I had to make some exceptions (certain applications don't support being compiled as a PIE mainly due to statically linking in libraries), but most applications in base can now be compiled as a PIE. If you're tracking 11-CURRENT, then all you have to do is add WITH_PIE=1 to your /etc/{make,src}.conf. I've tested these binaries on i386, amd64, sparc64, and ARM.

My next goal is to make our ASLR patches fit with FreeBSD's kernel coding style guidelines. We'll likely do one more Call For Testing (CFT) and get sign-offs from a number of FreeBSD developers. We still have a ways to go, but we're getting closer each day. I'd like to thank Bryan Drewery for sponsoring this work on FreeBSD's side. He's really fun to work with and is taking the blunt edge of the sword for some of this work. It's truly an honor to work with him.

Blake and cisc0ninja to Present at Defcon 22

Blake and cisc0ninja have been selected to present a talk, "Don't DDoS Me Bro: Practical DDoS Defense", at Defcon 22. This will be Blake's fourth time presenting at Defcon and cisc0ninja's first. This talk will cover various strategies for defending your network against layer 7 (mostly web) DDoS attacks. If you're going to Defcon and like SX, make sure to make it. The two of them have agreed to use a number of humorous attack logs (such as the DESU attack) from soldierx.com. This will actually be the first defensive talk to come out of SX. Source code for SX's RoboAmp will also be publicly released. The announcement hasn't made it's way to the Defcon 22 Speaker page yet, but should soon.

Funny enough, we saw our largest DDoS in months today - which lead to us temporarily blocking TOR (as well as some other networks). Not sure if the two are related, but it's interesting to think about.

Administering FreeBSD ASLR Through Firewall Rules

Late last night, I finished up a nifty new feature for our ASLR implementation on FreeBSD. This feature allows you to administer on a per-user, per-group, per-jail, and per-binary basis how ASLR is applied. I don't know of any other ASLR implementation that provides this sort of flexibility. This post will show you how to use FreeBSD's filesystem firewall in conjunction with ASLR.

Happy April Fools Day!

Hey. Just wishing everybody a happy April Fools day and to say that RaT is obviously not in any trouble.

Syndicate content