DynaGuard Special

https://is1-ssl.mzstatic.com/image/thumb/Podcasts115/v4/b0/64/80/b0648074-941b-5370-1b0e-6d0475806689/mza_13084197499987448562.jpg/600x600bb.jpg

Security Headlines

Firo Solutions

25 episodes

5 days ago

Security Headlines is a podcast about the latest security vulnerabilities with in the cyber security field. So if your interested about the latest security holes no mather if you are a tech savy penetration tester, a devops person, a programmer or just generally interested in the latest technology security news. Security headlines is here for you Security headlines is perfect to listen on when you want a quick update, on the way to work or when you are taking a walk out side The podcast is produced by firosolutions.com

Tech News

News

RSS

All content for Security Headlines is the property of Firo Solutions and is served directly from their servers with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.

Tech News

News

https://d3t3ozftmdmh3i.cloudfront.net/production/podcast_uploaded_episode/3758595/3758595-1606773892747-6ccf4ba6dd355.jpg

DynaGuard Special

Security Headlines

56 minutes 36 seconds

4 years ago

DynaGuard Special

In this episode of Security Headlines, we are joined by a great mind in the

memory security space. A spark was created when Theofilos peaked

into the realms of security. So he packed his bag and got to the next plane to the US in order to deep-dive more into the security field during

his studies. He became fascinated by the world of writing exploits

and "smashing the stack" as we say in the hacking field. He is a

brilliant guy when it comes to memory attack and he has co-written a

solution that solves the stack canary problem.

We had the chance to sit down with Theofilos Petsios and

get to hear his view on security, development and a lot more.

That you can tune into right here:

Stack canaries is a security mitigation technique that has been widely

adopted and you will find it in most systems today. But does it really work?

Topics that we touch upon in this episode:

Stack canaries

Address layer space randomization

Blind Return Oriented Programming (BROP)

Return Oriented Programming

Static code analysis

Rest in peace Andrea Bittau

security mitigations

Write Xor Execute(W^X)

Dynaguard

Where stack canaries fail and the operating systems approach to it.

hardening systems

where the future of security is going

CVE's over time

Memory corruption bugs

builtin security in the compilers

Security vs Overhead

Using memory in the Thread-local storage

adoption of security mitigations

stack clash

Pin, Intel's dynamic binary instrumentation framework

Defense Advanced Research Projects Agency

whitepapers and Proof of concepts

Fuzzing

building better security tools

Cost vs benefit in the security field

Switching from userspace to kernel space mitigations

linters

secure codebases

formal verifications

"Stack canaries is just one little stone, one a the beach that keeps getting hit by big waves"

External links

https://twitter.com/theofilospe

https://www.cs.columbia.edu/~theofilos/files/slides/dynaguard.pdf

https://www.cs.columbia.edu/~theofilos/files/papers/2015/dynaguard.pdf

http://www.scs.stanford.edu/brop/

http://www.scs.stanford.edu/brop/bittau-brop.pdf

https://github.com/nettrino/DynaGuard

https://software.intel.com/content/www/us/en/develop/articles/pin-a-dynamic-binary-instrumentation-tool.html

https://github.com/nezha-dt/nezha

https://llvm.org/docs/LibFuzzer.html

https://github.com/nettrino/vimconf

https://capsule8.com/blog/millions-of-binaries-later-a-look-into-linux-hardening-in-the-wild/

https://youtu.be/Er44ur7wkXQ?t=44