Skip to content

Instantly share code, notes, and snippets.

View richinseattle's full-sized avatar

richinseattle

View GitHub Profile

Building a grsec-patched Linux kernel for Debian 8 and DigitalOcean

It's possible to run a custom (instead of hypervisor-managed) kernel for use with Debian 8.x on a DigitalOcean droplet.

We'll build one with grsecurity, "an extensive security enhancement to the Linux kernel that defends against a wide range of security threats through intelligent access control, memory corruption-based exploit prevention, and a host of other system hardening".

Note: The stable patches for Linux 3.14.x and 3.2.x are not publicly available anymore, so we'll be applying the free 4.2.x (test) patch. The URLs and filenames in this document may become outdated, so fetch the latest from grsecurity.net and kernel.org.

Install dependencies:

@richinseattle
richinseattle / gist:044b50440b7778d6c6ab0e174d05bfe8
Created December 27, 2016 06:04
moflow-0.8 slicer/run_demo.sh expected output
./run_demo.sh
Build demo binary..
gcc -m32 demo.c -o demo
Tracing taint propagation in demo vuln binary with pintool..
Logging initially enabled: 0
Code cache limit is 0
Starting program
This is modload()
@richinseattle
richinseattle / gist:69affc0f05fae0c60ca612d3e078dd2d
Last active May 25, 2019 11:57
Harnessing Intel Processor Trace on Windows for Vulnerability Discovery
Harnessing Intel Processor Trace on Windows for Vulnerability Discovery
Richard Johnson
Biography
Richard Johnson is a computer security specialist with a focus on software
vulnerability analysis. Currently the Research Technical Lead of Talos Group
for Cisco, Richard offers 15 years of expertise and leadership in the software
security industry. Current responsibilities include research and development of
advanced fuzzing and crash analysis technologies facilitating the automation of

Vulnerability Discovery and Triage Automation Training

Richard Johnson

Jan 11, 2017

Overview

#include <Windows.h>
#include <time.h>
#include <string>
using namespace std;
#define BTF_FLAG 0x300
#define TRAP_FLAG 0x100
LONG CALLBACK TraceCallback(LPEXCEPTION_POINTERS ex)
@richinseattle
richinseattle / rust self-tracing benchmark using DebugCtl.BTF.rs
Last active May 18, 2021 20:19
rust self-tracing benchmark using DebugCtl.BTF
#![feature(const_fn)]
// rust self-tracing benchmark using DebugCtl.BTF
extern crate winapi;
extern crate kernel32;
extern crate libc;
use std::time::Instant;
#include <stdio.h>
#include <ctype.h>
#ifndef HEXDUMP_COLS
#define HEXDUMP_COLS 16
#endif
void hexdump(void *mem, unsigned int len)
{
unsigned int i, j;
C:\code\radamsa>bin\libtest.exe
============= TEST: MEM TO MEM =============
virtualized radamsa_read(fd=3, buf=000000000118D180, count=2824)
requested: 2824 input_size: 64 input_index: 0 returned: 64
virtualized radamsa_read(fd=3, buf=000000000118D310, count=2760)
requested: 2760 input_size: 64 input_index: 64 returned: 0
// rust main skeleton
//
// references:
// error_chain: https://brson.github.io/2016/11/30/starting-with-error-chain
#![recursion_limit = "1024"]
#[macro_use]
extern crate error_chain;
// Create the Error, ErrorKind, ResultExt, and Result types
// note: other modules `use errors::*;` to get access to everything