Linux kernel mitigation checklist

We should treat security as a whole, just like the combination of PaX/Grsecurity features/code hardening build up a defense-in-depth solution for Linux kernel, which is a core infrastructre we are highly rely on. PaX/Grsecurity is a set of security hardening specific patch that brings the linux kernel security into another level. It's a great value to make all FLOSS community getting benefit from it. KSPP( Kernel self protection project) was started in Nov 2015 after a disclosure about linux kernel security.»

Shawn On system-security

Neutralize ME firmware on SandyBridge and IvyBridge platforms

Record how I "neutralize" the ME firmware on my Thinkpad X220, in order to present its way.»

Build debug environment for the dynamic linker of Glibc

Describe how to build debug environment for the dynamic linker of Glibc and some analysis detials»

On Toolchains

(A/T/KT) - Sanitized GNU/Linux: a new way of bug hunter in FLOSS Community

This is a installation guide to enable userland address sanitizer and kernel sanitizer on Gentoo»

How to build Clang toolchains for Android

The following process is used to build the Clang that is used by both the Android platfrom and the NDK. And this process is done in the AOSP tree.»

zet On Toolchains

Understanding MIPS16 To MIPS32 Switching With Misfortune Cookie

TD-W8901N V2 is a new release of ADSL router to supersede the previous V1 with the first version of firmware being published on 3rd Nov 2014. I expect it should havesome remedies to rom-0 and misfortune cookie bugs. Let's have a look.»

cawan On Embedded-Device-Security

Debian GNU/Linux security checklist and hardening

GNU/Linux already become one of most important fundamental element in \*modern\* IT platform. Almost every important applications heavily rely on the core component of GNU system: GCC, Glibc and linux kernel. GNU/Linux is totally free/libre and open source software(FLOSS). Many people thinks free/libre and open source software is secure because its open to many eyes. Yes, that's true.»

Shawn On GNULinux-Security

Patching ROM-0 Bug With Misfortune Cookie

This is a paper just for fun, especially for those embedded hackers who looking for fun in tweaking embedded system. So, this is not the proper solution to fix ROM-0 bug, it is ridiculous to fix a bug with another bug. Anyway, let's start our fun now. From my previous paper of "Misfortune Cookie Demystified", it is clear we can perform arbitrary address overwrite with arbitrary data.»

cawan On Embedded-Device-Security

Misfortune Cookie (CVE-2014-9222) Demystified

The misfortune cookie vulnerability has been around for a while but still lacking an analysis which illustrate the techinical details of the vulnerability in public.Those so called "misfortune cookie scanner" are just a simple script to retrieve the return string at path "/Allegro" as shown below.»