Discussion:
Exploit Lecture: Writing FreeBSD Malware
(too old to reply)
grarpamp
2018-04-28 02:39:38 UTC
Permalink


Without exploit mitigations and with an insecure-by-default design,
writing malware for FreeBSD is a fun task, taking us back to 1999-era
Linux exploit authorship. Several members of FreeBSD's development
team have claimed that Capsicum, a capabilities/sandboxing framework,
prevents exploitation of applications. Our in-depth analysis of the
topics below will show that in order to be effective, applying
Capsicum to existing complex codebases lends itself to wrapper-style
sandboxing. Wrapper-style sandbox is a technique whereby privileged
operations get wrapped and passed to a segregated process, which
performs the operation on behalf of the capsicumized process. With a
new libhijack payload, we will demonstrate that wrapper-style
sandboxing requires ASLR and CFI for effectiveness. FreeBSD supports
neither ASLR nor CFI. Tying into the wrapper-style Capsicum defeat,
we'll talk about advances being made with libhijack, a tool announced
at Thotcon 0x4. The payload developed in the Capsicum discussion will
be used with libhijack, thus making it easy to extend. We will also
learn the Mandatory Access Control (MAC) framework in FreeBSD. The MAC
framework places hooks into several key places in the kernel. We'll
learn how to abuse the MAC framework for writing efficient rootkits.
Attendees of this presentation should walk away with the knowledge to
skillfully and artfully write offensive code targeting both the
FreeBSD userland and the kernel.

https://twitter.com/lattera/status/989602709950029824

Shawn Webb is a cofounder of HardenedBSD, a hardened downstream
distribution of FreeBSD. With over a decade in infosec, he dabbles in
both the offensive and defensive aspects of the industry. On the
advisory board for Emerald Onion, Shawn believes in a more free and
open Internet. His whole house is wired for Tor. Getting on the Tor
network is only a network jack away!

https://www.youtube.com/user/CarolinaConVideos/videos

CarolinaCon was started in 2005 and has been held every year since.
With each passing year the conference continues to grow and attract
more attendees and speakers. As has always been the case, CarolinaCon
is put together and run by an all-volunteer staff. CarolinaCon is
proudly brought to you by "The CarolinaCon Group". The CarolinaCon
Group is a non-profit organization registered in the state of NC,
dedicated to educating the local and global communities about
technology, information/network/computer security, and information
rights.

The CarolinaCon Group is also closely associated with various 2600
chapters across NC, SC, TN, VA, LA, DC, GA, PA and NY. Many of the
volunteers who help develop and deliver CarolinaCon come from those
chapters.
Yonas Yanfa
2018-04-28 15:52:50 UTC
Permalink
Peter, who fucking cares if he wears a hat indoors? That's some
old-timey shit!

Can you even explain exactly why it's such a "basic human courtesy"?
Other than, "Because we've always done it that way........".

And to broadcast this for the entire mailing list...WTF MATE??

Welcome to 2018. His head, his rules!

#FreeTheHat #HatNazi #NoHatForYou!
Webb, next time when talking to any audience, remove your fucking hat.
That's basic human courtesy.
--
PG
Post by grarpamp
http://youtu.be/bT_k06Xg-BE
Without exploit mitigations and with an insecure-by-default design,
writing malware for FreeBSD is a fun task, taking us back to 1999-era
Linux exploit authorship. Several members of FreeBSD's development
team have claimed that Capsicum, a capabilities/sandboxing framework,
prevents exploitation of applications. Our in-depth analysis of the
topics below will show that in order to be effective, applying
Capsicum to existing complex codebases lends itself to wrapper-style
sandboxing. Wrapper-style sandbox is a technique whereby privileged
operations get wrapped and passed to a segregated process, which
performs the operation on behalf of the capsicumized process. With a
new libhijack payload, we will demonstrate that wrapper-style
sandboxing requires ASLR and CFI for effectiveness. FreeBSD supports
neither ASLR nor CFI. Tying into the wrapper-style Capsicum defeat,
we'll talk about advances being made with libhijack, a tool announced
at Thotcon 0x4. The payload developed in the Capsicum discussion will
be used with libhijack, thus making it easy to extend. We will also
learn the Mandatory Access Control (MAC) framework in FreeBSD. The MAC
framework places hooks into several key places in the kernel. We'll
learn how to abuse the MAC framework for writing efficient rootkits.
Attendees of this presentation should walk away with the knowledge to
skillfully and artfully write offensive code targeting both the
FreeBSD userland and the kernel.
https://twitter.com/lattera/status/989602709950029824
Shawn Webb is a cofounder of HardenedBSD, a hardened downstream
distribution of FreeBSD. With over a decade in infosec, he dabbles in
both the offensive and defensive aspects of the industry. On the
advisory board for Emerald Onion, Shawn believes in a more free and
open Internet. His whole house is wired for Tor. Getting on the Tor
network is only a network jack away!
_______________________________________________
https://lists.freebsd.org/mailman/listinfo/freebsd-security
--
Yonas Yanfa
In Love With Open Source
Drupal <http://drupal.org/user/473174> :: GitHub
<http://github.com/yonas> :: Mozilla
<https://addons.mozilla.org/en-US/thunderbird/user/4614995/>
fizk.net | ***@fizk.net
Ralf Mardorf via freebsd-questions
2018-04-28 16:19:30 UTC
Permalink
Post by Yonas Yanfa
Peter, who fucking cares if he wears a hat indoors? That's some
old-timey shit!
Can you even explain exactly why it's such a "basic human courtesy"?
Other than, "Because we've always done it that way........".
And to broadcast this for the entire mailing list...WTF MATE??
Welcome to 2018. His head, his rules!
#FreeTheHat #HatNazi #NoHatForYou!
Wearing a cap for health reasons is ok, apart from that it's
churlishly. I'm a rock musician, I don't care much about etiquette, but
I care much about respectfulness of others. There are reasons why we
don't wear a motorcycle helmet and sunglasses, if there is no need to do
that. We also don't use a smart phone, if we are in a discussion. Oh
wait, you are right, we are in 2018, indeed all those idiots are using
smart phones when being in a discussion, when being on work, when
having fun with friends, when crossing a road. However, this are just
ugly fashions. We don't know, perhaps the one talking to the audience
suffers from a disease, so e should be careful with admonitions.
Michael Sierchio
2018-04-28 17:10:12 UTC
Permalink
Hey, guys -

We maintain a regulation alley behind the establishment, suitable for
settling disputes by any and all means.

If this is how you do foreplay, get a room. ;-)

- M

On Sat, Apr 28, 2018 at 9:19 AM, Ralf Mardorf via freebsd-questions <
Post by Ralf Mardorf via freebsd-questions
Post by Yonas Yanfa
Peter, who fucking cares if he wears a hat indoors? That's some
old-timey shit!
Can you even explain exactly why it's such a "basic human courtesy"?
Other than, "Because we've always done it that way........".
And to broadcast this for the entire mailing list...WTF MATE??
Welcome to 2018. His head, his rules!
#FreeTheHat #HatNazi #NoHatForYou!
Wearing a cap for health reasons is ok, apart from that it's
churlishly. I'm a rock musician, I don't care much about etiquette, but
I care much about respectfulness of others. There are reasons why we
don't wear a motorcycle helmet and sunglasses, if there is no need to do
that. We also don't use a smart phone, if we are in a discussion. Oh
wait, you are right, we are in 2018, indeed all those idiots are using
smart phones when being in a discussion, when being on work, when
having fun with friends, when crossing a road. However, this are just
ugly fashions. We don't know, perhaps the one talking to the audience
suffers from a disease, so e should be careful with admonitions.
_______________________________________________
https://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-
--
"Well," Brahma said, "even after ten thousand explanations, a fool is no
wiser, but an intelligent person requires only two thousand five hundred."

- The Mahābhārata
Loading...