Posts Tagged Under: attack

A Printf’s Chink in the Door

There is a rich history of programming exploitation which makes use of the insecurity of the C memory model. To counteract the threats of memory corruption attacks, several techniques have been implemented. The problem still remains though, and since the programmer is responsible for making all the checks, even the most restrictive protection schemes have their limitations.

Radu is a Junior C/C++ software engineer on the Hubgets Core team. Since memory corruption attacks are something every programmer should be aware of, he came up with the idea of writing the current article, where he explains how some of these memory corruption attacks may happen, indicating a set of solutions that are presently applied to prevent them. You’ll also find a series of tips on how, under specific circumstances, one can use printf to inject instructions even under stiff security constraints.

Read More

Can Web Security Be Fun?

Security is a big issue for all developers when writing code. Any senior web engineer is familiar with common security problems like SQL injections, XSS vulnerabilies, LFI, Session poisoning, just to name a few.

We are not going to get into these right now since the web is already full of resources describing how much damage they can do and how to avoid the danger. We all know what they are made of and how they work.

Read More