Wednesday, January 30, 2013

File Access and File Permissions

In C there are two main ways to access files. The first is through file descriptors, which use a set of low-level I/O functions. The second is through filestreams which is a higher-level way to access that is based on the lower-level functions. The file descriptors are more direct to program. A file descriptor is represented as a number that is used to reference open files. 

When a file is newly created, permissions can be set for different groups. There are three different groups that permissions can be turned on and off for: user, group, and other. The description of these groups are pretty straightforward. 'User' refers to the permissions the owner has, 'group' refers to the permissions a specified group has, and 'other' refers to the permissions everyone else has. Each user on a Unix system has a unique ID that is associated with them. This makes it possible to keep track of which permissions particular users can have. 
Posted by at No comments:

Memory Segmentation

A program's memory are divided up into five different segments. The text segments are where the program's assembled machine language instructions are stored. The text segment has read-only permissions. If someone  attempts to write in this segment of memory, the program will terminate. Data and bss segments both store the variables in a program. The data segment stores initialized variables while the bss segment stores unitialized variables. The heap segment is the segment of memory that the programmer can actually control. This segment allows the user to reserve or free memory as he or she sees fit. The fifth segment is the stack segment. This segment temporarily stores local variables when a particular function is called.
Posted by at No comments:

Tuesday, January 29, 2013

Basic Programming

The primary higher level language that will be focused on in the book is C. I have had previous experience with java, and I can see many similarities in the syntax of the two languages. They use the same arithmetic and comparison operators. Also, they use the same loop logic and if-else statements. One capability of C that java doesn't have are pointers. Pointers can be used as variables, but instead of actually defining a variable, pointers instead point to a particular piece of data of that variable type.
Posted by at No comments:

Tuesday, January 22, 2013

Resources Used


  1. Hacking: The Art of Exploitation, 2nd Edition by Jon Erickson       (Amazon Link)
  2. Google's Web Application Exploits and Defenses                         (Section Link)
  3. OWASP                                                                                   (OWASP Link)
Posted by at No comments:

Tentative Schedule

  • 1/30/2013 - Complete the Programming section of: Hacking: The Art of Exploitation
  • 2/6/2013 - Complete the Exploitation section of:  Hacking: The Art of Exploitation
  • 2/13/2013 - Complete the Networking section of:  Hacking: The Art of Exploitation
  • 2/20/2013 - Complete the Shellcode section of:  Hacking: The Art of Exploitation
  • 2/27/2013 - Complete the Countermeasures section of:  Hacking: The Art of Exploitation
  • 3/6/2013 - Complete the Cryptology section of:  Hacking: The Art of Exploitation
  • 3/13/2013 - Complete the Cross-Site Scripting course of Google's Web Application Exploits and Defenses 
  • 3/20/2013 - Complete the Client-State Manipulation and Cross-Site Request Forgery courses of Google's Web Application Exploits and Defenses 
  • 3/27/2013 - Complete the Cross-Site Script Inclusion and Path Traversal courses of Google's Web Application Exploits and Defenses 
  • 4/3/2013 - Complete the Denial of Service and Code Execution courses of Google's Web Application Exploits and Defenses 
  • 4/10/2013 - Complete the Configuration Vulnerabilities course of Google's Web Application Exploits and Defenses 
  • 4/17/2013 - Complete the AJAX Vulnerabilities and Other Vulnerabilities courses of Google's Web Application Exploits and Defenses 
  • 4/23/2013 - Create some demo videos of some of the concepts learned throughout the semester
Posted by at No comments:

Saturday, January 19, 2013

Introduction

This semester I will be gaining familiarity with a few concepts and techniques pertaining to ethical hacking. I plan on achieving this by reading and going through exercises in "Hacking: The Art of Exploitation, 2nd Edition," by Jon Erickson. Along with this book, I will be making use of the exercises found in  Google's Code University section, Web Application Exploits and Defenses. Topics that will be covered include the learning of C, assembly language, cross-site scripting, client-state manipulation, path traversal, denial of service, altering a server's logging behavior, and redirecting network traffic.
Posted by at No comments:
Subscribe to: Posts (Atom)