Irene Díez

Hardening binaries (VI) – Format Strings

Although vulnerabilities caused by improper use of format strings may not seem like a theme of the last century, a small search in the CVE database shows us that these errors are still happening. The danger of format string is given

Hardening binaries (VI) – RELRO

In this post we are going to talk about two options that can happen to the linker to make certain sections of our executable more secure: -Wl, -z, relro, -z, now. When a program calls a function not defined in

Hardening binaries (V) – UBSan

The indefinite behavior in C / C ++ is caused when there are no restrictions on the program behavior; which means, when the standard does not specify what the implementation should do, it is free to do what it seems,

Hardening binaries (IV) – VTV

In the previous post of this series we discussed how Google had included Asan in GCC to detect memory corruption errors. Virtual-Table Verification (VTV) is another option of GCC (> 4.9) developed by Google to try to prevent attacks that

Hardening binaries (III) – ASan

In previous posts we’ve talked about GCC options that make our executable safer , in this posts we present compilation options that generate reports, warning of errors in the code. AddressSanitizer (Asan) is an option for Clang (> = 3.1) and GCC (> =

Hardening binaries (II) – PIE

Following the classic compilation options of GCC to try to have more robust binary, in this post we will discuss the options and -fPIE -fpie that allows to compile executable as “Position Independent Executables” and makes their sections to be loaded in random

Hardening binaries (I) – The stack

Among the many options of GCC, some of them are specifically made to make our binaries much more robust against memory corruption techniques. Stack protection techniques try to prevent contiguous blocks of memory, caused by a buffer overflow, which may

Hackobot, hunting suspects

The cyber-terrorist threats take more importance every day .Therefore, many countries are developing their defense on two fronts: the classic front border, planes and soldiers; and cyberspace. Based on this premise, we develop Hackobota year ago, a project in collaboration with

Hack all the things

The movement of Internet of Things ,IOT in the acronym, is becoming increasingly booming. This movement, walking hand in hand with the philosophy Do-It-Yourself (DIY) has led to a proliferation of projects based on open-hardware, using Arduino, BeagleBoard, Raspberry Pi