ELF caves: hiding in the corner

During exploitation of ELF binaries, it is quite common that one needs to find a writable memory region: a writable “cave”. In this post I’ll present two generic techniques to find such caves, without the need to reverse engineer the target binary.

Continue reading “ELF caves: hiding in the corner”

Advertisements

CVE(s) Publication: libcsp

During last August I made a security audit to an interesting embedded library I have found in Github: libcsp:

Cubesat Space Protocol – A small network-layer delivery protocol designed for Cubesats

This blog post will describe my findings, CVE 2016-8596, CVE 2016-8597, CVE 2016-8598, will publicly disclose the vulnerabilities and will elaborate on the lessons that can be learned from them.

Continue reading “CVE(s) Publication: libcsp”