xorl %eax, %eax

Archive for the ‘books’ Category

Book: Absolute OpenBSD (2nd Edition)

with 2 comments

This is an excellent book for OpenBSD I recently had the opportunity to read. Let’s move on to my per chapter overview of the book.


Title: Absolute OpenBSD: UNIX for the Practical Paranoid
Author: Michael W. Lucas

Chapter 1: Getting Additional Help
A brief overview of the OpenBSD project’s support model along with the available resources (documentation, assistance, etc.).

Chapter 2: Installation Preparations
A very well written chapter for everything you might need before installing OpenBSD starting from hardware specifications, and moving on how to obtain OpenBSD, understanding partitioning, disklabels, etc.

Chapter 3: Installation Walk-Through
Once again the author starts from the very first steps such as configuring BIOS and goes through all the steps of the installer, disk configuration as well as some more advanced disklabel information.

Chapter 4: Post-Install Setup
In this chapter you can find information on all the basic configuration that usually takes place exactly after the installation process. This ranges from software configuration, timezone settings, networking to more advanced concepts like keyboard mappings, graphic console, etc.

Chapter 5: The Boot Process
Here after a description of the boot loader the author provides us with information on how to work in single-user mode, how to choose different kernel for booting, using serial console and of course, multi-user booting along with everything that comes with it.

Chapter 6: User Management
As the chapter’s title implies, this is a complete guide for user management on OpenBSD. Apart from all the common administration tasks (adding, editing, removing users) there is also a detailed section for login classes.

Chapter 7: Root, and How to Avoid It
This chapter could easily be renamed to “The complete guide to SUDO” since it includes all the required information to configure privileged accounts using SUDO.

Chapter 8: Disks and Filesystems
One of the most useful chapters to anyone moving from Linux to OpenBSD. It’s another detailed part of the book referencing everything that someone needs to know to have a very good understanding of disks and filesystems in the OpenBSD world. This includes partitioning, labeling, FFS (Fast Filesystem), etc. as well as information for managing disks and filesystems on OpenBSD.

Chapter 9: More Filesystems
The previous chapter was mostly focusing on the lower level of disks and filesystems while this one moves to a more in-depth approach on the filesystems. Herein you can find a lot of useful information for MFS (Memory Filesystem), foreign filesystems, NFS, etc.

Chapter 10: Securing Your System
This is a 10 pages chapter but with enough information to keep you researching for some time. It’s an introduction to all the security mechanisms offered by OpenBSD and suggestions on how to keep your system secure after its initial configuration.

Chapter 11: Overview of TCP/IP
Another introduction chapter this time for networking. It’s a very nice and well written part discussing all the basics of TCP/IP from theory to practice always having in mind the OpenBSD’s implementation of it.

Chapter 12: Connecting to the Network
All the essential steps to get your OpenBSD network connected having working Ethernet and DNS name resolution. Furthermore in this chapter there are sections for slightly more advanced topics like trunking, VLANs and over IPv6 tunneling.

Chapter 13: Software Management
Apart from the expected, detailed information on packages and port systems, here the reader can find information on customizing ports and sub-packages.

Chapter 14: Everything /etc
Literally this is the best title to describe what you can find in this chapter. It’s a brief overview of every single configuration file under /etc directory.

Chapter 15: System Maintenance
Here are some common administrative tasks separated by daily, weekly, monthly and custom maintenance tasks. Additionally, you can find information on system logging configuration and management, NTP, device drivers and hardware sensors configuration.

Chapter 16: Network Servers
A description of configuring and managing the most common network servers in OpenBSD. This includes LPD, DHCP, TFTP, SSH and SNMP.

Chapter 17: Desktop OpenBSD
Basically, this is everything you need to know to make your OpenBSD a working desktop environment. From the basic information on setting up X to working with CWM window manager and TMUX.

Chapter 18: Kernel Configuration
The first part of this chapter’s aim is to provide an introduction to understanding OpenBSD’s kernel from a system administrator’s point of view. The next sections deal with more advanced subjects such as kernel tuning via sysctl and custom kernel configuration with config or boot-time kernel configuration.

Chapter 19: Building Custom Kernels
Chapter starts by identifying the cautions of using custom kernels and after that it moves to the complete guide from configuring your own kernel, testing, building, installing and using it.

Chapter 20: Upgrading
Another in-depth chapter this time for the upgrading process in OpenBSD. The first sections provide information on OpenBSD versioning and upgrade process while the following ones discuss in detail all the required steps to upgrade your system with all the available methods.

Chapter 21: Packet Filtering
One of the main advantages of OpenBSD is the Packet Filtering (PF) system. This is an excellent introduction to it that includes all the basic information along with many different rules for various network protocols, configuration options and examples for sanitizing network traffic.

Chapter 22: Advanced PF
Continuing from the previous one, this is a more advanced view of PF. The reader can find more information on setting up packet filtering with subjects like tables, NAT, anchors, bandwidth management, logging, etc.

Chapter 23: Customizing OpenBSD
This last chapter is mostly comprised by ideas and small how-to sections for performing not-so-common tasks with OpenBSD. For example, here you can find information on virtualization, diskless setup, custom upgrades, etc.

This is definitely the absolute OpenBSD book since anyone, even with no experience with this operating system, can easily learn everything he/she needs to work with it. The chapters have a gradual level increase from completely basic to advanced so more advanced users can skip some of the initial ones and move on to the subject they want. Overall it’s an excellent, well written book providing great amount of information. However, the there is not a lot of knowledge for the most advanced users so in my opinion it is mostly focused on people that are starting or have recently started working with OpenBSD.

Written by xorl

May 18, 2013 at 14:19

Posted in books

Book: FreeBSD Device Drivers

with 2 comments

Before even reading it I knew that this book would be excellent. J. Kong proved that on his previous book and this is just another equally good example of his writing skills. So, here is my review…

Title: FreeBSD Device Drivers: A Guide for the Interpid
Author: Joseph Kong

Chapter 1: Building and Running Modules
This is an introduction to FreeBSD kernel modules with some additional information on character and block devices kernel modules.

Chapter 2: Allocating Memory
After going through the memory management routines, he provides a simple and understandable example of using them in kernel modules.

Chapter 3: Device Communication and Control
Moving to this chapter we have the I/O operations starting with IOCTL and next discussing (always in detail) the SYSCTL interface and of course providing examples for both cases.

Chapter 4: Thread Synchronization
A very interesting chapter dealing with synchronization issues of concurrent threads. After analysing a race condition in a kernel module, J. Kong dives into the details of race condition prevention using MUTEXes, shared/exclusive locks, reader/writer locks and condition variables always along with straightforward examples of each subject.

Chapter 5: Delaying Execution
Basically this is all about sleeping and context switching using the numerous available ways that FreeBSD supports.

Chapter 6: Case Study: Virtual NULL Modem
As you can guess from the title, this is a case study of a working virtual NULL modem terminal driver.

Chapter 7: Newbus and Resource Allocation
This is the first chapter dealing with actual hardware interaction kernel programming using Newbus.

Chapter 8: Interrupt Handling
From registering an interrupt handler up to writing a complete interrupt handler and generating interrupts, Joseph Kong explains all the steps required to achieve this.

Chapter 9: Case Study: Parallel Port Printer Driver
This is the second case study in this book utilizing all of the previously discussed features.

Chapter 10: Managing and Using Resources
Another very informative chapter dealing with concepts such as I/O ports, I/O memory, stream operations and memory barriers.

Chapter 11: Case Study: Intelligent Platform Management Interface Driver
A complete case study of an IPMI device driver.

Chapter 12: Direct Memory Access
As you can easily deduce from the title here you can find information for DMA programming in FreeBSD kernel. Everything such as DMA tags, synchronizing DMA buffers, etc. along with example kernel modules are available in this chapter.

Chapter 13: Storage Drivers
Starting with the disk structure it moves to all the components required to write a working block I/O device driver.

Chapter 14: Common Access Method
This chapter goes through the details of CAM mainly for HBA and SIM drivers.

Chapter 15: USB Drivers
Continuing from the previous chapter that dealt with HBAs, this one moves to USB. After a brief overview of the architecture and the structures used in FreeBSD operating system, the author discusses the routines used for USB device driver development.

Chapter 16: Network Drivers, Part 1: Data Structures
The title is pretty much self explanatory. J. Kong explains the essential network interface structures for management, media, mbuf, etc. and he also provides a simple example to demonstrate them.

Chapter 17: Network Drivers, Part 2: Packet Reception and Transmission
This is a small chapter which is also the last one and it deals with the network reception and transmission routines of the FreeBSD kernel.

Once again, Joseph Kong wrote a book that is compact, concise and well written. Each chapter can be used alone as a reference but there is also a flow between them if you choose to read the entire book. I would suggest this book to anyone interested in FreeBSD device drivers development and have a basic understanding of operating systems and C programming. Additionally, if you are a security oriented programmer you can use it as inspiration for rootkit development. Definitely an excellent book with all the information you’ll need to start developing your own FreeBSD device drivers.

Written by xorl

June 6, 2012 at 22:36

Posted in books

Book: The Tangled Web

with 4 comments

Everybody in the “security world” knows Michal Zalewski and his work especially in the field of web security and exploitation. So, with no further introduction here is my review of his new book, “The Tangled Web“.

Title: The Tangled Web: A Guide to Securing Modern Web Applications
Author: Michal Zalewski

Chapter 1: Security in the World of Web Applications
Here we have a nice introduction to the web application security going through all the required theoretical information as well as useful historical references.

Part I: Anatomy of the Web
Chapter 2: It Starts with a URL
Although a chapter dedicated to URL might initially seem like an overkill, M. Zalewski proves the opposite. In this chapter we can see that are so many details in parsing URLs correctly that is extremely difficult to have an application able to handle all of them properly.

Chapter 3: Hypertext Transfer Protocol
Similarly to the previous chapter, this one is dedicated to the “web protocol”, HTTP and all the security related information that go with it. This includes everything from requests, handling, encoding schemes, data transfers, etc. Definitely an excellent chapter.

Chapter 4: Hypertext Markup Language
Moving to a higher level we have the language of the web, HTML. This language that has literally changed the world has also many nuances crucial to any security researcher. From parsing to integration semantics and content inclusion, this chapter has all the information you need to know to start looking at HTML from a security researcher’s point of view.

Chapter 5: Cascading Style Sheets
We all know that nowadays it is almost impossible to find any web site that does not use Cascading Style Sheets (CSS) to change the content’s appearance. From a security perspective CSS are also important, many subjects like encodings, parsing and XBL bindings are discussed here.

Chapter 6: Browser-Side Scripts
Currently the most common kind of vulnerabilities. So, as you can easily guess here we have a lot of neat JavaScript stuff. However, the author is not limited to this and also provides information for everything that falls into that category. This means various things including DOM, Visual Basic, encodings, etc.

Chapter 7: Non-HTML Document Types
On the web we have numerous non-HTML files and all of them could have serious security impact on a web application. This chapter attempts to cover the most critical such as plain-text files, images, audio and video, XML, SVG, WML, RSS and Atom feeds, etc. by providing a quick overview for each one of them.

Chapter 8: Content Rendering with Browser Plug-ins
The last chapter of the first part of the book moves to a more complex subject. Starting with the essentials like invoking a plug-in, M. Zalewski moves to more advanced issues such as document rendering helpers and the various application frameworks (Adobe Flash, Microsoft Silverlight, etc.).

Part II: Browser Security Features
Chapter 9: Content Isolation Logic
Starting with the second part we now deal with the security policies that assist in securing web applications. Author explains how same-origin policy should be implemented for different types of objects and requests. Then he moves to plug-in related security policies and more advanced topics like unexpected or ambiguous origins.

Chapter 10: Origin Inheritance
Here we have information for client-side content that has different origin from its parent. Everything that has to do with “about:”, “javascript:”, etc. falls into this category and consequently a lot of details regarding the security implications of this are discussed in this chapter.

Chapter 11: Life Outside Same-Origin Rules
Continuing from the previous chapters, this one moves to a subject that has to do with content outside same-origin policy. For example, window or frame interactions.

Chapter 12: Other Security Boundaries
Apart from handling of the content there are a lot limitations that a web application should enforce. In this chapter you can find information for such topics like internal network(s) access, prohibited ports, third-party cookies, etc.

Chapter 13: Content Recognition Mechanisms
After discussing the document type detection model, M. Zalewski goes through many security related subjects that have to do with the content recognition including malformed MIME types, Content-Type values, downloaded files, character set handling, etc.

Chapter 14: Dealing with Rogue Scripts
Starting with denial-of-service attacks and the equivalent mitigation strategies for web applications, he moves to appearence problems and timing attacks on the user interface.

Chapter 15: Extrinsic Site Privileges
Here we have an overview of the extrinsic site privilege model including information for site permissions, password managers as well as a discussion of Microsoft Internet Explorer’s zone model.

Part III: A Glimpse of Things to Come
Chapter 16: New and Upcoming Security Features
The last part of this books is about the future of web application security. Many useful ideas and implementations are analysed in this chapter including popular ones like sandboxed frames and XSS filtering to less popular like security model extension frameworks for cross-domain requests.

Chapter 17: Other Browser Mechanisms of Note
Really interesting ideas that affect the security of web applications are provided here. Some of them are protocol registration, binary HTTP, P2P networking, geolocation discovery, UI notifications, media capture, etc.

Chapter 18: Common Web Vulnerabilities
This is the last chapter of the book and it’s a quick reference of all the common web vulnerabilities along with a small description.

So, if you are seriously interested in web application security and not limited to simple SQL injection and XSS vulnerabilities you should definitely read this book. I’m not aware of any other book dealing with this subject in such detail, most web application books are limited to vulnerability discovery and exploitation of bug classes known for at least 10 years but this one is about understanding each part of an application from the design, specifications, logic and of course implementation. Excellent work.

Written by xorl

January 29, 2012 at 21:51

Posted in books

Book: A Bug Hunter’s Diary

with 3 comments

I have recently finished reading Tobias Klein‘s english version of “A Bug Hunter’s Diary“. The book has a very innovative approach of breaking down all the steps from the initial bug discovery up to exploitation and disclosure of some notable vulnerabilities Tobias Klein has discovered through the years.

Title: A Bug Hunter’s Diary: A Guided Tour Through the Wilds of Software Security
Author: Tobias Klein

Since all chapters follow the same structure with the only difference being the vulnerability, I will only mention the vulnerability associated to each one in the below chapters’ overview.

Chapter 1: Bug Hunting
This is a small introduction chapter with information necessary to understand author’s approaches in this book as well as basic security concepts such as common techniques, tools, etc.

Chapter 2: Back to the ’90s
This chapter goes through the first vulnerability of the book which is VLC TiVo demuxer stack overflow. For more information you can check author’s security advisory here.

Chapter 3: Escape from the WWW Zone
Here we have my personally favourite vulnerability of the book which is a Sun Solaris IOCTL kernel NULL pointer dereference. I always liked Solaris exploitation and the exploitation resources are very limited. This is definitely an excellent resource. Official advisory: “TKADV2008-015

Chapter 4: NULL Pointer FTW
In this chapter there is a very interesting vulnerability in FFmpeg that affected numerous projects. For more information check out “TKADV2009-004“.

Chapter 5: Browse and You’re Owned
Moving to the Windows world we have this chapter with a WebEx Meeting Manager ActiveX stack overflow that you can find here.

Chapter 6: One Kernel to Rule Them All
Next, still in the Windows world we have this Avast! kernel memory corruption vulnerability disclosed with “TKADV2008-002” security advisory.

Chapter 7: A Bug Older Than 4.4BSD
Another very unique and interesting kernel side vulnerability, this time for Mac OS X kernel. For more information you can read “TKADV2007-001“.

Chapter 8: The Ringtone Massacre
And the book’s final chapter goes to the mobile world with “TKADV2010-002“, an iPhone stack buffer overflow.

The book also has three very informative appendices for bug hunting hints, debugging and mitigation technologies respectively.

To conclude, the last few years we have seen countless books dealing with software security and vulnerability discovery but in my humble opinion this book can easily be part of the top 5. Tobias Klein is an excellent security researcher with experience in both closed and open source bug hunting as well as exploit development in many different architectures. I would definately suggest this book to anyone interested in real world bug hunting and exploitation and not just vuln.c programs.

Written by xorl

December 11, 2011 at 18:50

Posted in books

Book: The IDA Pro Book (2nd Edition)

leave a comment »

I had this book for quite some time now but unfortunately, I didn’t have time to read it. Finally, after reading I’m posting this review….

Title: The IDA Pro Book: The Unofficial Guide to the World’s Most Popular Disassembler
Author: Chris Eagle

Part I: Introduction to IDA
Chapter 1: Introduction to Disassembly
Before starting with the IDA Pro specific concepts, the author goes through a gentle introduction to the essentials of reversing. This chapter discusses the theoretical concepts as well as some simple examples to get you started with disassembling.

Chapter 2: Reversing and Disassembly Tools
Similar to the previous one, this is another introductory chapter dealing with some commonly used reversing tools including classification tools, file format specific utilities and numerous inspection tools. The good thing about it is that Chris Eagle is not limited to a specific operating system but instead he references many utilities available on different operating systems.

Chapter 3: IDA Pro Background
Finally, the reader is introduced to IDA Pro. In this chapter, you can learn various information from versioning and licensing, to installation on different operating systems, etc.

Part II: Basic IDA Usage
Chapter 4: Getting Started with IDA
This is an excellent chapter to get started with the basic usage of this incredible utility. The concepts discussed in this chapter range for file loading, IDA databases, IDA graphical interface and its components along with some nice tips and tricks, etc.

Chapter 5: IDA Data Displays
Continuing from the previous chapter, the author goes through the different data displays that IDA supports giving detailed information for each one separately.

Chapter 6: Disassembly Navigation
Beginning with the “Double-Click Navigation” using excellent examples and always very well documented, it moves to the various features of IDA Pro when it comes to navigation such as “Jump to Address”, “Navigation History”, etc. This chapter has also some important fundamental information regarding stack frames, calling conventions, variables, etc. This is done in order to introduce the next topic which is stack frame views and next, database searches.

Chapter 7: Disassembly Manipulation
Continuing the journey to the components of IDA Pro, this chapter discusses named locations, comments, custom names, as well as some basic code transformations available in IDA Pro. It also has an excellent section for functions and conversions between code and data and lots of information regarding data transformations.

Chapter 8: Datatypes and Data Structures
I think the title says it all. Here you can find everything from recognizing and editing, to creating different structures, using templates, importing structures, getting started with IDA TIL files, C++ specific concepts including “this” pointer, vtables and virtual functions, etc. The chapter ends with discussions for name mangling, run-time type identification and inheritance relationships.

Chapter 9: Cross-References and Graphing
I guess that these are the two most used features in all disassemblers. So, there is not much to say about this chapter. Everything you need to know about cross-references and IDA graphing is probably in here.

Chapter 10: The Many Faces of IDA
IDA Pro is a multi-platform utility and it has different interfaces for the user. Here you can learn about features in console mode and batch mode with numerous operating system specific information for all Windows, Linux and MAC OS X.

Part III: Advanced IDA Usage
Chapter 11: Customizing IDA
As we all know, IDA Pro is a really powerful tool when it comes to reversing. In this chapter the author goes through some common practices for customizing IDA Pro to suit your needs. This includes configuration files, GUI configuration, customizing toolbars, etc.

Chapter 12: Library Recognition Using FLIRT Signatures
This is another excellent chapter discussing FLIRT (Fast Library Identification and Recognition Technology) which is used to identify code that is actually a library. Many details from applying signatures to creating and using them can be found here.

Chapter 13: Extending IDA’s Knowledge
After a more thorough introduction to TIL and IDS utilities, the author dives into the details of IDS file creation and usage.

Chapter 14: Patching Binaries and Other IDA Limitations
Beginning with the “infamous” patch program menu, the author goes through the different techniques that one could use for binary patching and patch file generation with IDA Pro.

Part IV: Extending IDA’s Capabilities
Chapter 15: IDA Scripting
This is one of the most powerful features of IDA Pro and Chris Eagle provides excellent information from basic level of understanding the IDC language, to writing fully functional scripts. Furthermore, other plug-ins such as IDAPython are also being discussed.

Chapter 16: The IDA Software Development Kit
Obviously, the next step is to get introduced to the IDA’s SDK and this is what this chapter is about. Everything from installation to using the API are available in this chapter.

Chapter 17: The IDA Plug-in Architecture
Based on the knowledge of the previous chapters of this part of the book, the author begins writing a plug-in for IDA Pro. Once again, a great chapter with all the details you may need when writing your plug-ins for IDA Pro.

Chapter 18: Binary Files and IDA Loader Modules
From using unknown file formats to manually loading PE files and writing your own loader module using the IDA Pro’s SDK this chapter has everything.

Chapter 19: IDA Processor Modules
Another extremely useful feature of IDA Pro is its ability for additional processor modules. C. Eagle in this chapter guides the reader on how to write his own processor module to emulate and analyse binaries from different processor architectures.

Chapter 20: Compiler Personalities
Here there are countless details on how IDA Pro handles different compilers. Many details ranging from jump tables, C++ Run-time Type Identification, alternative calling conventions, etc. are discussed in this chapter.

Chapter 21: Obfuscation Code Analysis
This is another long chapter dealing with one of the most crucial subjects for all reverser engineers, obfuscation. Some of the topics addressed here are disassembly desynchronization, dynamically computed target addresses, imported function obfuscation, virtualization detection, instrumentation detection, static de-obfuscation, and many, many more.

Chapter 22: Vulnerability Analysis
Another common use of IDA Pro is for vulnerability analysis. Once again, many different subjects are discussed in detail including both vulnerability discovery and analysis.

Chapter 23: Real-World IDA Plug-ins
This is an introduction to some of the most popular plug-ins in IDA Pro which are Hex-Rays, IDAPython, collabREate, ida-x86emu, Class Informer, MyNav and IdaPdf.

Part VI: The IDA Debugger
Chapter 24: The IDA Debugger
This is more like a book itself. It has lots of information with many details for everything that has to do with IDA Pro Debugger.

Chapter 25: Disassembler/Debugger Integration
The title is very descriptive in this chapter.

Chapter 26: Additional Debugger Features
Some advanced features for debugging with IDA Pro are available in this chapter. Some of the discussed subjects include remote debugging and debugging with BOCHS.

Okay, so first of all the creator of IDA Pro, Ilfak Guilfanov said “I wholeheartedly recommend The IDA Pro Book to all IDA Pro users” and that says a lot. It’s not only that it is well written and has information from truly basic concepts up to really advanced ones. The structure of the chapters is perfect and every single example is well documented that even readers with no prior knowledge of IDA Pro will find it very easy to follow.
Personally, I totally agree with Ilfak Guilfanov. Anyone who uses IDA Pro should definitely read this book.

Written by xorl

October 4, 2011 at 00:03

Posted in books