In this post, I will play with some classic heap exploitation tricks in Linux Glibc, in order to better understand the linux kernel heap management.
In this post we study how system handle dynamically linked functions (external functions). I will first illustrate the process of how system find the linked function address for a given elf. And I will play with a pretty simple ctf example to illustrate how we can hijack related data structure (GOT table) in order to achieve our goal.
This paper is in fact a literature review on recent fuzz papers. I will first introduce some basic ideas of fuzzing. Second, I will review the state-of-the-art fuzzing research works. Finally, I will conclude several key questions researchers are facing when building a fuzzing framework. I will also analyze related papers to discuss their methodologies to answer these research questions. (I will continuously update this write-up while I read more papers about fuzzing).
It is a serious vulnerability in the latest version of Floodlight (V1.2).
With this vulnerability, an adversary can escalate his privilege to compromise the whole network via a compromised OpenFlow switch. For example, he can remotely disconnect the whole network or monitor any traffic with only the switch’s privilege.