Stealing sudo sessions with ptrace

Hi people. Today we are going to deepen an old technique that I have been studying. It is an attack to get sudo in case someone else is connected to the same machine with the same user and has sudo unlocked. This technique was already documented by nongiach in the sudo_inject repository. However, that implementation requires several files and dependences for the attack, so, in order to simplify it and learning about the technique, I have developed sudohunt. [Read More]

PUME: a tool to mutate Python source code

This article will explain what PUME (Python Universal Mutation Engine) is and how it works and after that some examples of use will be given. Introduction PUME is a tool that randombly modifies the source code of a program made with Python without change the orginal features. This is mainly achived by doing modifications in the Abstract Syntax Tree (AST) of the program but it should be noted that exist a modification that is made directly in the source code. [Read More]

Visual profiling in Python

Hey there! Today I bring a practical example of how we can analyze our Python programs to efficiently find bottlenecks. There's a lot of talk on how optimizations shouldn't be done blindly. That instead one should measure which parts of a program are problematic to improve the code execution in an efficient way. Today we will see how to do that in a practical way. Flame Graphs There are lots of ways to measure and visualize the behavior of a program. [Read More]

Quick math on the terminal

Hey there! Just this past week I stumbled on a HN comment from 2019. The commenter was fiddling with some scripts to perform some simple math directly on the (bash) terminal. TLDR: Click here to go to the code and skip the backstory. What the commenter proposed was something like this, based on the dc command (comments are mine). $ . # Load functionality $ * 4 5 # Multiply 4 and 5 20 $ / 21 3 # Divide 21 by 3 7 This sounded interesting. [Read More]

Using libfuzzer in autotools compiled projects

Hey there. These days I've been playing with libfuzzer, a tool that comes with clang compiler and that allows us to fuzz a program compiled with clang. The fuzzing consists on passing (pseudo-)random data as program input and check if that breaks. To do this with libfuzzer, it is required to define in the program a function called LLVMFuzzerTestOneInput that accepts a buffer of bytes as argument. Then libfuzzer will call this function in a loop with different data. [Read More]

Tricks to improve console programs usability

Hi folks. In this post I goint to present you some tricks that, in my experience, allow to greatly improve the usability of the console programs. I write them down here to avoid to forget them and in the hope that they can be useful to other people. The key is to make the programs simple, which normally is not as easy as it sounds, but I hope these tricks will help you to achieve that. [Read More]

Virus and Python

This post will explain several issues when it comes to understanding how a virus works. They will first be explained what they are and how is its life cycle. The main techniques for detecting a virus will be outlined below. After, the main anti-antivirus techniques will be discussed. Then, it will be explained how a virus works by providing examples of code, to finally add various enhancements and protections so that it cannot be detected by signature. [Read More]

Heap analysis with radare2

Hi everyone. In this post, I'm going to show you how radare2 can be used to perform heap analisys in the glibc. My purpose is to create a reference with examples, that shows what can be done in radare2. I do this cause I haven't found too much info about this on internet, only the heap module presentation made by n4x0r in the r2con 2016. However, I prefer text, so I'll write here the commands with examples, ready to be consulted and copypasted. [Read More]
pwn  heap  radare2