Mustakim – Page 2 – Mustakimur Khandaker

Advancing Context-Sensitive CFI Defense: Tackling Technical Challenges and Broadening Applications

Posted on June 2, 2020December 31, 2023 by Mustakim

Coming soon …

Building Your Own Clang LibTool: A Step-by-Step Tutorial

Posted on February 22, 2019December 31, 2023 by Mustakim

Technically, Clang receives an Abstract Syntax Tree (AST), build by Clang Parser (clang/Parse/*), not the input C/C++ code (although Parser is part of Clang code base). There is obviously a Lexer in between this process, but neither Lexer nor Parser is our focus in this tutorial. Clang is responsible to convert the AST to LLVM…

Research Review: Type Confusion Attack

Posted on December 19, 2018December 31, 2023 by Mustakim

HexType: Efficient Detection of Type Confusion Errors for C++ Link: https://dl.acm.org/citation.cfm?id=3134062Source Code: https://github.com/HexHive/HexType Summary: In a type-based programming language, typecasting is a common phenomenon. With the object-oriented programming paradigm, this feature turns into a dangerous attack surface. When a derived class object cast to parent class object (upcast), it is usually safe, considering parent class…

Research Review: Memory Bound Protection

Posted on December 18, 2018December 31, 2023 by Mustakim

Stack Bounds Protection with Low Fat Pointers Link: https://www.comp.nus.edu.sg/~gregory/papers/ndss17stack.pdfSource Code: https://github.com/GJDuck/LowFat Summary: The research work is an extension of their another work (Heap bounds protection with low-fat pointers). The concept of low-fat pointers are originated in the previous paper, they provide well-details of that too. The basic concept of low-fat pointers is: use the pointer memory itself to…

System and Software Security Research Conference

Posted on December 18, 2018December 31, 2023 by Mustakim

Several conferences focus on security, including top-tier and flagship events, where publishing your work should be a priority. Additionally, individual top-tier systems and software conferences can also be good choices for publishing your research. I have categorized the conferences accordingly: Top-tier Security Conference * IEEE Symposium on Security and Privacy (S&P/Oakland)* ACM Computer and Communications Security (CCS) * USENIX…

Research Review: Exploit Generation

Posted on December 17, 2018December 31, 2023 by Mustakim

Block Oriented Programming: Automating Data-Only Attacks Link: https://dl.acm.org/citation.cfm?id=3243739Source Code: https://github.com/HexHive/BOPC Summary: Vulnerable software with an active defense system (e.g. Control-Flow Integrity, Shadow Stack, Address Space Randomization etc.) is hard to exploit. Control Flow Integrity (CFI) restrict execution within valid control flows, although because of the weak control flow graph (CFG), the coarse-grained CFI system allows…

SVF: Interprocedural Static Value-Flow Analysis in LLVM

Posted on December 9, 2018December 31, 2023 by Mustakim

SVF is a static analysis framework implemented in LLVM that allows value-flow construction and pointer analysis to be performed in an iterative manner (sparse analysis – analysis conducted into stages, from overapproximate analysis to precise, expensive analysis). It uses (default) points-to information from Andersen’s analysis and constructs an interprocedural memory SSA (Static-Single Assignment) form where…

Research Review: Information Leak

Posted on December 7, 2018December 31, 2023 by Mustakim

k-hunt: Pinpointing Insecure Cryptographic Keys from Execution Traces Link: http://web.cse.ohio-state.edu/~lin.3021/file/CCS18.pdfSource Code: https://github.com/GoSSIP-SJTU/k-hunt Summary: It would be useful for attackers if they can identify the memory location where an application store its cryptographic keys. It will be more useful to do taint analysis for various purpose (e.g. identify if a key is insecure). This research uses…

Road Trips Summer’19: Florida ↔ California

Posted on December 2, 2018December 31, 2023 by Mustakim

In summer 2019, I went to Silicon Valley for my internship at Baidu USA. I decided to make a road trip with my 2005 Nissan Altima. All alone, the trip was awesome and adventurous. To Silicon Valley To Florida State

Overwrite GOT Entry from Buffer Overlapping

Posted on February 28, 2018December 31, 2023 by Mustakim

Problem description First of all, the CTF is from pwnable.kr (problem name: passcode). The problem description is as follows:“Mommy told me to make a passcode based login system. My initial C code was compiled without any error! Well, there was some compiler warning, but who cares about that?”There is ssh to the problem server where you…

← Newer posts Older posts →