Casey secdev02

Introduction

If you're reading this, chances are you have some idea of eBPF and XDP. In this article, we'll write an eBPF program that will count and categorize packets based on the destination port.

eBPF

Writing low-level tracing, monitoring, or network programs in Linux is not easy. Through all the layers of the kernel, people have been squeezing every bit of performance they could get.

And that's where eBPF comes in. eBPF is basically an extended and modern variation of BPF which is like a virtual machine inside the Linux kernel. It can execute user-defined programs inside a sandbox in the kernel.

These programs can be executed in various hook points but we will focus on XDP for now.

Original report

Affected Vendor: OpenPrinting
Affected Product: Several components of the CUPS printing system: cups-browsed, libppd, libcupsfilters and cups-filters.
Affected Version: All versions <= 2.0.1 (latest release) and master.
Significant ICS/OT impact? no
Reporter: Simone Margaritelli [[email protected]]
Vendor contacted? yes The vendor has been notified trough Github Advisories and all bugs have been confirmed:

https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8

	#include <stdio.h>
	#include <windows.h>

	// rpc command ids
	#define RPC_CMD_ID_OPEN_SC_MANAGER 27
	#define RPC_CMD_ID_CREATE_SERVICE 24
	#define RPC_CMD_ID_START_SERVICE 31
	#define RPC_CMD_ID_DELETE_SERVICE 2

	// rpc command output lengths

	<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
	<!-- This inline task executes c# code. -->
	<!-- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\msbuild.exe pshell.xml -->
	<!-- Author: Casey Smith, Twitter: @subTee -->
	<!-- License: BSD 3-Clause -->
	<Target Name="Hello">
	<FragmentExample />
	<ClassExample />
	</Target>
	<UsingTask

	#!/usr/bin/env python3
	# Copyright 2024 Neil Madden.
	# License: https://creativecommons.org/licenses/by-sa/4.0/deed.en.

	# Like this? I do training courses & consultancy:
	# https://illuminated-security.com/

	import hashlib
	import math
	import os

	"""
	Bitcoin elliptic curve pub-key from priv-key in raw python, as dicusssed in the video

	https://youtu.be/RZzB-vPFYmo

	This is a follow-up to the previous video
	https://youtu.be/LYN3h5DjeXw

	This script is directly based off
	https://github.com/peterscott78/offline_signer/blob/master/ecdsa_keys.py

	<!DOCTYPE html>
	<html>
	<head>
	<meta charset="utf-8">
	<title>Network Explorer</title>
	<script src="https://cdnjs.cloudflare.com/ajax/libs/d3/7.8.5/d3.min.js" integrity="sha512-M7nHCiNUOwFt6Us3r8alutZLm9qMt4s9951uo8jqO4UwJ1hziseL6O3ndFyigx6+LREfZqnhHxYjKRJ8ZQ69DQ==" crossorigin="anonymous" referrerpolicy="no-referrer"></script>
	<style>
	body { margin: 0; overflow: hidden; font-family: Arial; background: #f0f0f0; }
	.node {
	stroke: #fff;

	var bitcoin = require("bitcoinjs-lib");
	var request = require("request");

	//push transaction
	function pushTX(pload, callback){
	request({
	url: "https://api.blockcypher.com/v1/btc/main/txs/push",
	method: "POST",
	json: true,
	headers: {"content-type": "application/json"},

	require 'btcruby'
	require 'bitcoin'
	require 'active_support'
	require 'active_support/core_ext'
	require 'ffi'

	# Creation of Witness Script: here a 2-of-2 multisig as an example

	@public_key = "02530c548d402670b13ad8887ff99c294e67fc18097d236d57880c69261b42def7"
	@user_key = BTC::Key.new(public_key:BTC.from_hex(@public_key))