Now that finals are over I can FINALLY return to writing like I promised you all a billion times. With that in mind, let’s look at a book I picked up for my security class, Exploiting Software: How to Break Code. But does the book hold up to the badass name behind it?
Sorry about the incredible lack of posting lately. Have had too much time drained by a particularly nasty homework assignment. Now that it’s out of the way, I will hopefully return to the ‘regular’ posting schedule until the next vicious assignment comes up. For you masochists at home who have 20 hours to spare, here’s the specs for it from my teacher’s site:
While toiling over encrypting data between Ruby and Python via SOAP, I am hopelessly reminded of the Law of Leaky Abstractions:
All non-trivial abstractions, to some degree, are leaky.
For those not familiar with the original article, the idea is something like this: abstractions are great and wonderful and hide enough complexity from you that you can actually get some useful work done. But since nothing is perfect, every abstraction has some point where it breaks down and can become a pain in the ass. For example…
While reading new books for my security class, I stumbled upon a very well-thoughtout, well-explained article on how buffer overflows / stack overflows work. It’s got cool nerdy pictures and code along with it. And the best part is…it’s got assembly code! Yay! How long has it been since you’ve seen assembly code? Have you actually seen assembly code?
Smashing the Stack for Fun and Profit by Aleph One
Back in my undergrad days they taught us about the fun times of Pep/7, a language similar to assembly used to teach…assembly. It turns out to be surprisingly similar to x86, and once you know one you end up with a great handle on the other. But it seems there are not any links to it from Google, so you’re on your own if you want to dig it up and use it.
In having to research libnet and libpcap, I’ve found that there aren’t really a whole lot of great resources on them. But for those who, like me a week ago, have no idea what these things are, some clarification is helpful. Libnet is the standard packet construction library for C, which can be used to make TCP and UDP packets, amongst others. Libpcap does the opposite: it captures packets off the network. And now that you know the tools I need to pick up in a short amount of time, let’s talk about the resources I eventually found.