adric: books icon (c) 2004 (Default)

Do you want to know more?

Want to learn more about memory analysis?

  • Install Volatility or grab SIFT VM
  • Get memory image samples from:
    • Volatility wiki:
    • HoneyNet:
    • Book:
  • Practice, practice, practice
    • Image your own hosts and analyze them
  • Write about what you find out!
Want to learn more about (web) application security?
  • Install proxy tools and browser plugins or get Samurai WTF
  • Get sample vulnerable web apps :
    • Samurai includes WebGoat, Mutilidae, and others
    • Google Gruyere:
    • BodgeIt Store :
    • Book: The Tangled Web :
    • Read, participate: OWASP:
  • Practice, practice, practice
    • Test your own apps in the lab
  • Write about what you find out!
What to learn more about host forensics?
  • Get SIFT and FTK Imager (etc)
  • Get sample images and challenges:
    • HoneyNet Challenges:
    • EH Net Challenges:
    • Advanced Digital Corpora:
    • Book: File System Forensics Analysis:
  • Practice, practice, practice
    • Image your own hosts and analyze them
  • Write about what you find out!
Want to learn more about network monitoring, network forensics?
  • Get Security Onion and SIFT
  • Get some sample captures and logs:
    • /opt/samples in SecurityOnion
    • Wireshark's samples wiki :
    • (Network) Forensics Contest . com :
    • Advanced: Johannes packet challenges:
    • Book: Practice of NSM and samples :
  • Practice, practice, practice
    • Record, monitor, analyze your own networks
  • Write about what you find out!
Want to learn more about artifact analysis and reverse engineering malware?
  • Get REMnux and demos of IDA, Hopper. Download OllyDbg
  • Get some sample files:
    • Contagio :
    • VirusShare :
    • your inbox
    •  Book: Practical Malware Analysis and exercises:
  • Practice, practice, practice
    • Dissect and analyze the files around you
  • Write about what you find out!


Comments appreciated. Live wiki doc is at

adric: books icon (c) 2004 (Default)
I worked through the lab assignment's questions and now need to covert this into a list of risks for other to critique. This was so much fun to write I wanted to hang onto it anyway even as an intermediate product. My actual submission for class is below the cut.

1) The variable of lastname is input (optionally) in the wizard that runs on first program execution of OOo applications, modified in the Options dialogue of any OOo application, and used in every facet of the office suite.

2a) Undefined is a valid state for this variable and any code path that uses the variable without checking for undef or doing so incorrectly will introduce errors in its functions. Additionally, too much data in this field would also be dangerous to any of the code that uses it do the likelihood of buffer overruns and unexpected characters or encoding in this field could lead to format string errors or exceptions in library string-handling code. If you can get a non-character or non-string value into this field due to input validation failures then wholesale memory and stack corruption becomes a concern.

2b) Use of lastname as well as the companion variables first name and initials is widespread throughout the SUT applications. Beyond the dialogs which directly manipulate this value (new user wizard, Options) many other functions read this variable and incorporate it into interface displays (document properties) or include it in requests to other modules (printing). The name variables are included in various places in the document data saved to disk automatically and intentionally including the document properties. If change tracking is enabled a tag generated from name variables and dates is displayed next to each change made by a particular user and recored with version information in the document files. Perhaps most excitingly the name variables are posted to Internet servers with registration information allowing for the small possibility that an error related to this variable could affect not only systems that process the document but completely remote systems as well!

2bi) Lastname is used in (at least) many display functions in all parts of the SUT applications, change tracking functions, save/load functions, printing functions, macros, user preferences, data generating functions such as headers and footers, and online registration.

2bii) Values of lastname are displayed in numerous parts of the UI, in change-tracking feature's tags, inside saved documents (and temp/autosaved ones), and may be printed depending on settings for header/footer and cover pages.

2biii) Values of lastname are sent to the operating system as part of stored data about the user and document as well as to remote devices for printing (settings dependent) and to remote Internet servers with optional software registration. I'm unsure about how lastname values may be used in API calls and macros.

2biv) Values of lastname are sent to the operating system as part of stored dat
a about the user (registry UserProfile.xcu) and document (meta.xml).

2bv) Values are read from the registry user profile files if available and may be input into the SUT via the first-run wizard or on demand with Options dialogs.

2c) Changes to the presence or boundedness (?) of last name during program operations could lead to corrupted data in memory, on disk, and displayed to users.

2cviii) Display of user data, document data or metadata could be impacted by incorrect information about the presence (undef), values (could change), or boundedness (wrong data type) of last name.

2cix) Boundary errors on lastname could influence other variable values in document metadata, document content, or application configuration leading to problems with these unrelated variables and functions. Gross misbehaviour on the part of lastname could completely corrupt XML program and document data structures rendering the document or preferences unreadable and thus broadly disrupting document or application functionality.

2cx) There any number of cases where software errors could cause the value of lastname currently in memory and on disk in the user registry or document to become de-synched. This could lead to incorrect data being saved or printed. Some of these cases include local or remote file system errors, unaccounted for 'races' with other OOo (or alien) process running on either the SUT or the file storage device, or just faulty RAM.

2cxi) Lastname is optionally sent with registration information to remote Internet servers operated by the OOo project. A chained failure of input filtering or other unlikely occurrence could cause unexpected format, encoding, or sized lastname to be injected into the remote system and processed. It is not entirely far-fetched that this could lead to serious problems on the remote system(s) that receive and process the data such as a buffer overflow or SQL injection attack.

2cxii) Perhaps the most outlandish and unlikely risk is to the hardware of a printer that receives a document to print with malformed or corrupt lastname information in the cover page, headers, or document body. The could lead the printer to malfunction, develop sentience, or start making toast if enough failures chain together in just the right (wrong?) way.

Risks for OOo Last Name: a continuum of failure stretching towards disaster )
adric: books icon (c) 2004 (Default)

Hi everyone!

I am quite excited (and nervous) to be diving into a new BBST course after how much I learned from the previous ones (and how much work they were).

I'm a security analyst in a small business unit of a really large company and before that I was in IT as a system administrator and what all else.
Cheerfully enough I live within walking distance of the office and try to take advantage of that as often as weather permits.

I use testing techniques, especially those learned in BBST courses, in a lot of non-development software work including vulnerability assessment and configuration management. I have a sneaking suspicion there is a crossover between security analysis and software testing methodologies in my future careers ...

I like testing and automation tools because they support my scientific focus on dealing with computers and users both. I demand reproducibility and hooks for automation in, well, practically everything ... and not just at work. I've been heard to cry out "It's computer science, not computer superstition!" on occasion when reboots(!) are suggested as a solution** to a problem.

Outside of work or software even I read escapist fiction and nerdy non-fiction, watch some telly, bemoan how I'm not keeping up with my foreign language studies, crafting, or martial arts lessons, and then get distracted by video games, cats, or other humans.


** Workaround they may be but not a solution and they destroy any hope of researching that instance of the problem...

March 2014

9 101112131415


RSS Atom

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated 28 June 2017 02:05 am
Powered by Dreamwidth Studios