Archive for March, 2021

24 Mar

TypeScript: “Typescript is a superset of Javascript”

Posted by Peter Teoh in technical.

https://www.typescriptlang.org/docs/handbook/intro.html

https://arxiv.org/pdf/1708.08021.pdf

http://www-personal.umich.edu/~jeannin/papers/inference.pdf

https://openjdk.java.net/projects/amber/LVTIFAQ.html

https://stackoverflow.com/questions/64649356/typescript-make-an-optional-property-required-when-another-property-is-present/64649472#64649472

https://stackoverflow.com/questions/65373469/rxjs-merge-when-previous-stream-receives-first-value/65373895#65373895

https://stackoverflow.com/questions/65547781/is-there-a-way-to-loop-an-observable-and-use-the-previous-iteration-to-influence/65547994#65547994

https://stackoverflow.com/questions/53449020/typescript-type-inference-from-type-parameters?rq=1

facebook/flow: Adds static typing to JavaScript to improve developer productivity and code quality:

https://github.com/facebook/flow

https://flow.org/

https://github.com/raquo/facebook-flow-examples

https://github.com/flowtype/flow-bin

https://app.pluralsight.com/course-player?courseId=eaad1462-10f8-4d7d-9bd9-de0b3cbbcfa5

https://angular.io/guide/security

Javascript and its dynamic type difficulties for Chrome:

https://googleprojectzero.blogspot.com/2021/01/in-wild-series-chrome-infinity-bug.html

24 Mar

Web Workers: its technologies, and why exploit-writers are liking it?

Posted by Peter Teoh in technical.

Reading this:

https://googleprojectzero.blogspot.com/2021/01/in-wild-series-chrome-infinity-bug.html:

Let’s explore what is "Web Workers":

http://examiningeverything.com/using-javascript-web-workers-for-asynchronous-tasks/

https://thecodersblog.com/web-worker-and-implementation/

Its event model in the browser:

https://medium.com/@siobhanpmahoney/a-brief-introduction-to-web-workers-e5d6e39d9d28

https://blog.logrocket.com/real-time-processing-web-workers/

https://news.ycombinator.com/item?id=19265701

https://sweetcode.io/why-service-workers-are-a-threat-to-modern-browsers/

https://portswigger.net/daily-swig/the-service-worker-hiding-in-your-browser

https://blogs.akamai.com/sitr/2020/01/abusing-the-service-workers-api.html

https://dev.to/spukas/intro-to-web-workers-and-multithreading-53n5

https://owasp.org/www-pdf-archive/ASDC12-DOMJacking_Attack_Exploit_and_Defense.pdf

https://www.w3schools.com/html/html5_webworkers.asp

https://medium.com/young-coder/a-simple-introduction-to-web-workers-in-javascript-b3504f9d9d1c

https://developer.mozilla.org/en-US/docs/Web/API/Web_Workers_API

https://developer.mozilla.org/en-US/docs/Web/API/Web_Workers_API/Using_web_workers

https://medium.com/young-coder/a-simple-introduction-to-web-workers-in-javascript-b3504f9d9d1c

16 Mar

What happened when AFL-gcc is used for compilation?

Posted by Peter Teoh in technical.

In AFL-fuzzer, Afl-gcc is used to compile the C program to instrument it for AFL-fuzzing.

How is this instrumentation done?

For a start, the source code for afl-gcc.c is here:

https://github.com/mirrorer/afl/blob/master/afl-gcc.c

To answer this question, start using afl-gcc for compilation and look at the process created:

root 28938 17612 0 03:58 pts/2 00:00:00 gcc server.c -B /usr/local/lib/afl -g -O3 -funroll-loops -D__AFL_COMPILER=1 -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION=1

root 28940 28938 0 03:58 pts/2 00:00:00 /usr/lib/gcc/x86_64-linux-gnu/4.6/cc1 -quiet -imultilib . -imultiarch x86_64-linux-gnu -D __AFL_COMPILER=1 -D FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION=1 server.c -quiet -dumpbase server.c -mtune=generic -march=x86-64 -auxbase server -g -O3 -funroll-loops -fstack-protector -o /tmp/ccgRShVr.s

root 28982 28938 0 03:58 pts/2 00:00:00 /usr/lib/gcc/x86_64-linux-gnu/4.6/collect2 –sysroot=/ –build-id –no-add-needed –as-needed –eh-frame-hdr -m elf_x86_64 –hash-style=gnu -dynamic-linker /lib64/ld-linux-x86-64.so.2 -z relro /usr/lib/gcc/x86_64-linux-gnu/4.6/../../../x86_64-linux-gnu/crt1.o /usr/lib/gcc/x86_64-linux-gnu/4.6/../../../x86_64-linux-gnu/crti.o /usr/lib/gcc/x86_64-linux-gnu/4.6/crtbegin.o -L/usr/local/lib/afl -L/usr/lib/gcc/x86_64-linux-gnu/4.6 -L/usr/lib/gcc/x86_64-linux-gnu/4.6/../../../x86_64-linux-gnu -L/usr/lib/gcc/x86_64-linux-gnu/4.6/../../../../lib -L/lib/x86_64-linux-gnu -L/lib/../lib -L/usr/lib/x86_64-linux-gnu -L/usr/lib/../lib -L/usr/lib/gcc/x86_64-linux-gnu/4.6/../../.. /tmp/ccERGpVK.o -lgcc –as-needed -lgcc_s –no-as-needed -lc -lgcc –as-needed -lgcc_s –no-as-needed /usr/lib/gcc/x86_64-linux-gnu/4.6/crtend.o /usr/lib/gcc/x86_64-linux-gnu/4.6/../../../x86_64-linux-gnu/crtn.o

root 28983 28982 0 03:58 pts/2 00:00:00 /usr/bin/ld –sysroot=/ –build-id –no-add-needed –as-needed –eh-frame-hdr -m elf_x86_64 –hash-style=gnu -dynamic-linker /lib64/ld-linux-x86-64.so.2 -z relro /usr/lib/gcc/x86_64-linux-gnu/4.6/../../../x86_64-linux-gnu/crt1.o /usr/lib/gcc/x86_64-linux-gnu/4.6/../../../x86_64-linux-gnu/crti.o /usr/lib/gcc/x86_64-linux-gnu/4.6/crtbegin.o -L/usr/local/lib/afl -L/usr/lib/gcc/x86_64-linux-gnu/4.6 -L/usr/lib/gcc/x86_64-linux-gnu/4.6/../../../x86_64-linux-gnu -L/usr/lib/gcc/x86_64-linux-gnu/4.6/../../../../lib -L/lib/x86_64-linux-gnu -L/lib/../lib -L/usr/lib/x86_64-linux-gnu -L/usr/lib/../lib -L/usr/lib/gcc/x86_64-linux-gnu/4.6/../../.. /tmp/ccERGpVK.o -lgcc –as-needed -lgcc_s –no-as-needed -lc -lgcc –as-needed -lgcc_s –no-as-needed /usr/lib/gcc/x86_64-linux-gnu/4.6/crtend.o /usr/lib/gcc/x86_64-linux-gnu/4.6/../../../x86_64-linux-gnu/crtn.o

For another snapshot:

root 32068 17612 0 04:03 pts/2 00:00:00 gcc server.c -B /usr/local/lib/afl -g -O3 -funroll-loops -D__AFL_COMPILER=1 -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION=1

root 32071 32068 0 04:03 pts/2 00:00:00 /usr/lib/gcc/x86_64-linux-gnu/4.6/cc1 -quiet -imultilib . -imultiarch x86_64-linux-gnu -D __AFL_COMPILER=1 -D FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION=1 server.c -quiet -dumpbase server.c -mtune=generic -march=x86-64 -auxbase server -g -O3 -funroll-loops -fstack-protector -o /tmp/ccHGsB6v.s

root 32102 32068 0 04:03 pts/2 00:00:00 /usr/local/lib/afl/as –64 -o /tmp/ccRIBVNJ.o /tmp/ccHGsB6v.s

root 32103 32102 0 04:03 pts/2 00:00:00 as –64 -o /tmp/ccRIBVNJ.o /tmp/.afl-32102-1614398589.s

root 32110 32068 0 04:03 pts/2 00:00:00 /usr/lib/gcc/x86_64-linux-gnu/4.6/collect2 –sysroot=/ –build-id –no-add-needed –as-needed –eh-frame-hdr -m elf_x86_64 –hash-style=gnu -dynamic-linker /lib64/ld-linux-x86-64.so.2 -z relro /usr/lib/gcc/x86_64-linux-gnu/4.6/../../../x86_64-linux-gnu/crt1.o /usr/lib/gcc/x86_64-linux-gnu/4.6/../../../x86_64-linux-gnu/crti.o /usr/lib/gcc/x86_64-linux-gnu/4.6/crtbegin.o -L/usr/local/lib/afl -L/usr/lib/gcc/x86_64-linux-gnu/4.6 -L/usr/lib/gcc/x86_64-linux-gnu/4.6/../../../x86_64-linux-gnu -L/usr/lib/gcc/x86_64-linux-gnu/4.6/../../../../lib -L/lib/x86_64-linux-gnu -L/lib/../lib -L/usr/lib/x86_64-linux-gnu -L/usr/lib/../lib -L/usr/lib/gcc/x86_64-linux-gnu/4.6/../../.. /tmp/ccRIBVNJ.o -lgcc –as-needed -lgcc_s –no-as-needed -lc -lgcc –as-needed -lgcc_s –no-as-needed /usr/lib/gcc/x86_64-linux-gnu/4.6/crtend.o /usr/lib/gcc/x86_64-linux-gnu/4.6/../../../x86_64-linux-gnu/crtn.o

root 32112 32110 0 04:03 pts/2 00:00:00 /usr/bin/ld –sysroot=/ –build-id –no-add-needed –as-needed –eh-frame-hdr -m elf_x86_64 –hash-style=gnu -dynamic-linker /lib64/ld-linux-x86-64.so.2 -z relro /usr/lib/gcc/x86_64-linux-gnu/4.6/../../../x86_64-linux-gnu/crt1.o /usr/lib/gcc/x86_64-linux-gnu/4.6/../../../x86_64-linux-gnu/crti.o /usr/lib/gcc/x86_64-linux-gnu/4.6/crtbegin.o -L/usr/local/lib/afl -L/usr/lib/gcc/x86_64-linux-gnu/4.6 -L/usr/lib/gcc/x86_64-linux-gnu/4.6/../../../x86_64-linux-gnu -L/usr/lib/gcc/x86_64-linux-gnu/4.6/../../../../lib -L/lib/x86_64-linux-gnu -L/lib/../lib -L/usr/lib/x86_64-linux-gnu -L/usr/lib/../lib -L/usr/lib/gcc/x86_64-linux-gnu/4.6/../../.. /tmp/ccRIBVNJ.o -lgcc –as-needed -lgcc_s –no-as-needed -lc -lgcc –as-needed -lgcc_s –no-as-needed /usr/lib/gcc/x86_64-linux-gnu/4.6/crtend.o /usr/lib/gcc/x86_64-linux-gnu/4.6/../../../x86_64-linux-gnu/crtn.o

Now look at how a normal C program is compiled:

First GCC is used for compilation:

root 44966 17612 0 04:03 pts/2 00:00:00 gcc server.c -B /usr/local/lib/afl -g -O3 -funroll-loops -D__AFL_COMPILER=1 -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION=1

Then GCC will initiate cc1 to generate the assembly files:

root 44969 44966 0 04:03 pts/2 00:00:00 /usr/lib/gcc/x86_64-linux-gnu/4.6/cc1 -quiet -imultilib . -imultiarch x86_64-linux-gnu -D __AFL_COMPILER=1 -D FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION=1 server.c -quiet -dumpbase server.c -mtune=generic -march=x86-64 -auxbase server -g -O3 -funroll-loops -fstack-protector -o /tmp/ccAac4Vm.s

Then this is where “afl-as” (re-softlinked as “as” during AFL-Fuzzer installation) is used to instrument the assembly program into another assembly program.

root 44996 44966 0 04:03 pts/2 00:00:00 /usr/local/lib/afl/as –64 -o /tmp/ccymy8Ck.o /tmp/ccAac4Vm.s

The the OS’s assembler “as” will be used to compile the assembly into object files:

root 44997 44996 0 04:03 pts/2 00:00:00 as –64 -o /tmp/ccymy8Ck.o /tmp/.afl-44996-1614398600.s

Then GCC will call “collect2” as part of compilation (https://gcc.gnu.org/onlinedocs/gccint/Collect2.html#:~:text=GCC%20uses%20a%20utility%20called,indicating%20they%20are%20constructor%20functions.):

root 45004 44966 0 04:03 pts/2 00:00:00 /usr/lib/gcc/x86_64-linux-gnu/4.6/collect2 –sysroot=/ –build-id –no-add-needed –as-needed –eh-frame-hdr -m elf_x86_64 –hash-style=gnu -dynamic-linker /lib64/ld-linux-x86-64.so.2 -z relro /usr/lib/gcc/x86_64-linux-gnu/4.6/../../../x86_64-linux-gnu/crt1.o /usr/lib/gcc/x86_64-linux-gnu/4.6/../../../x86_64-linux-gnu/crti.o /usr/lib/gcc/x86_64-linux-gnu/4.6/crtbegin.o -L/usr/local/lib/afl -L/usr/lib/gcc/x86_64-linux-gnu/4.6 -L/usr/lib/gcc/x86_64-linux-gnu/4.6/../../../x86_64-linux-gnu -L/usr/lib/gcc/x86_64-linux-gnu/4.6/../../../../lib -L/lib/x86_64-linux-gnu -L/lib/../lib -L/usr/lib/x86_64-linux-gnu -L/usr/lib/../lib -L/usr/lib/gcc/x86_64-linux-gnu/4.6/../../.. /tmp/ccymy8Ck.o -lgcc –as-needed -lgcc_s –no-as-needed -lc -lgcc –as-needed -lgcc_s –no-as-needed /usr/lib/gcc/x86_64-linux-gnu/4.6/crtend.o /usr/lib/gcc/x86_64-linux-gnu/4.6/../../../x86_64-linux-gnu/crtn.o

Then GCC will initiate ld to relink all the object files:

root 45005 45004 0 04:03 pts/2 00:00:00 /usr/bin/ld –sysroot=/ –build-id –no-add-needed –as-needed –eh-frame-hdr -m elf_x86_64 –hash-style=gnu -dynamic-linker /lib64/ld-linux-x86-64.so.2 -z relro /usr/lib/gcc/x86_64-linux-gnu/4.6/../../../x86_64-linux-gnu/crt1.o /usr/lib/gcc/x86_64-linux-gnu/4.6/../../../x86_64-linux-gnu/crti.o /usr/lib/gcc/x86_64-linux-gnu/4.6/crtbegin.o -L/usr/local/lib/afl -L/usr/lib/gcc/x86_64-linux-gnu/4.6 -L/usr/lib/gcc/x86_64-linux-gnu/4.6/../../../x86_64-linux-gnu -L/usr/lib/gcc/x86_64-linux-gnu/4.6/../../../../lib -L/lib/x86_64-linux-gnu -L/lib/../lib -L/usr/lib/x86_64-linux-gnu -L/usr/lib/../lib -L/usr/lib/gcc/x86_64-linux-gnu/4.6/../../.. /tmp/ccymy8Ck.o -lgcc –as-needed -lgcc_s –no-as-needed -lc -lgcc –as-needed -lgcc_s –no-as-needed /usr/lib/gcc/x86_64-linux-gnu/4.6/crtend.o /usr/lib/gcc/x86_64-linux-gnu/4.6/../../../x86_64-linux-gnu/crtn.o

We can conclude the following sequence of event happing:

1. GCC is called by AFL-GCC to compile the C program.

2. An assembly program listing is generated during compilation.

3. This assembly program is then modified by AFL-GCC to include all coverage information collection – mainly at the start of all functions, and for all conditional branching. The assembly statement to be instrumented is in afl-as.h, and substitution is done by afl-as.c.

4. Then the assembler is called by “afl-as.c” to assemble the instrumented assembly program into object codes, and later on combined by linker.

References:

https://gcc.gnu.org/onlinedocs/gccint/index.html#toc-Link-Time-Optimization

11 Mar

Cybersecurity Podcasts Collections

Posted by Peter Teoh in technical.

https://digitalguardian.com/blog/best-information-security-podcasts

Google Cybersecurity Podcast:

https://podcasts.google.com/feed/aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz?sa=X&ved=0CAIQ9sEGahcKEwig25f5kqjvAhUAAAAAHQAAAAAQAw

https://cybernews.com/security/best-cybersecurity-podcasts/

https://solutionsreview.com/identity-management/twenty-cybersecurity-podcasts-you-should-be-listening-to/

67 cybersecurity podcasts:
https://infosec-conferences.com/cybersecurity-podcasts/

https://www.securitydegreehub.com/best-cybersecurity-podcasts/

9 Mar

How To webapp that have frontend and backend processing pipelines?

Posted by Peter Teoh in technical.

https://blog.miguelgrinberg.com/post/how-to-create-a-react–flask-project

This is how a frontend and backend HTTP processing is done.

And it is also how HTTP smuggling can be made to happen.

Now learning about ReactJS:

https://create-react-app.dev/docs/getting-started/

https://reactjs.org/docs/create-a-new-react-app.html

https://reactjs.org/tutorial/tutorial.html

https://developer.okta.com/blog/2018/12/20/crud-app-with-python-flask-react

https://create-react-app.dev/

Vickblöm

Research scattered with thoughts, ideas, and dreams

WPScan

Site Title

Penetration Testing Lab

Offensive Techniques & Methodologies

Astr0baby's not so random thoughts _____ rand() % 100;

@astr0baby on Twitter for fresh randomness

Data Science & Deep Learning

WildML

The Data Explorer

playing around with open data to learn some cool stuff about data analysis and the world

Conorsblog

Data | ML | NLP | Python | R

quyv

Just a thought

cuponthetop

IFT6266 - H2017 Deep Learning

A Graduate Course Offered at Université de Montréal

Deep Learning IFT6266-H2017 UdeM

Philippe Paradis - My solutions to the image inpainting problem

IFT6266 - Deep Learning : Inpainting Project

Deep Learning Applied to PMU Data in Power Systems

Pedro Emanuel Almeida Cardoso

Deep Learning W17 project page

IFT6266 – H2017 DEEP LEARNING

Pulkit's thoughts on the course project

Thomas Dinsmore's Blog

No man but a blockhead ever wrote except for money -- Samuel Johnson

the morning paper

a random walk through Computer Science research, by Adrian Colyer

The Spectator

Shakir's Machine Learning Blog