{"id":1518,"date":"2019-01-19T16:13:22","date_gmt":"2019-01-19T16:13:22","guid":{"rendered":"http:\/\/control-h.org\/wordpress\/?p=1518"},"modified":"2019-01-19T16:13:22","modified_gmt":"2019-01-19T16:13:22","slug":"one-3","status":"publish","type":"post","link":"https:\/\/control-h.org\/index.php\/2019\/01\/19\/one-3\/","title":{"rendered":"One"},"content":{"rendered":"\n<p>Watched <a rel=\"noreferrer noopener\" aria-label=\"this (opens in a new tab)\" href=\"https:\/\/www.shmoocon.org\/speakers\/#fuzzy\" target=\"_blank\">this<\/a>, and ended up being the one one to ask a question.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<p>(HTF does the non-coder guy with the scarred brain end up being the only one who asks a question&#8230;?)<\/p>\n\n\n\n<p>I understand what he was doing, but I&#8217;m not understanding how you could gather any real useful information from the tool unless you have access to the running binary&#8217;s source.  <\/p>\n\n\n\n<p>The bit he&#8217;s using relies on use of the fork() function.<\/p>\n\n\n\n<p>Maybe that&#8217;s still widely in use.  Perhaps it&#8217;s one of the lazy programming techniques facilitated by fast machines, and virtualization.  I don&#8217;t know.  I haven&#8217;t written a line of code in probably a decade.<\/p>\n\n\n\n<p>But even for sloppily-written kludges, you can really restrict what binaries can do, with things like setting maximums on processes that can be forked.  Hell, one of the old ways to crash a system was a fork bomb;  any admin worth a shit would easily be able to prevent that from working these days.<\/p>\n\n\n\n<p>From the coding side, look at <a rel=\"noreferrer noopener\" aria-label=\"this (opens in a new tab)\" href=\"http:\/\/man7.org\/linux\/man-pages\/man3\/pthread_create.3.html\" target=\"_blank\">this<\/a>.<\/p>\n\n\n\n<p>The thing to do if running a problematic program, though, is be really stingy with things that could be exploited.  This relies on child processes;  prevent them by tracking the number of processes created with a clean binary.<\/p>\n\n\n\n<p>Add to that things like cryptographic hashes on the binaries, and irrelevant.<\/p>\n\n\n\n<p>Now this stuff might be useful if you can test binaries in a lab prior to deployment, but I don&#8217;t think that&#8217;s what the speaker was really getting at.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Watched this, and ended up being the one one to ask a question. (HTF does the non-coder guy with the scarred brain end up being the only one who asks a question&#8230;?) I understand what he was doing, but I&#8217;m not understanding how you could gather any real useful information from the tool unless you [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[32],"class_list":["post-1518","post","type-post","status-publish","format-standard","hentry","category-shmoocon","tag-shoocon"],"_links":{"self":[{"href":"https:\/\/control-h.org\/index.php\/wp-json\/wp\/v2\/posts\/1518","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/control-h.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/control-h.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/control-h.org\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/control-h.org\/index.php\/wp-json\/wp\/v2\/comments?post=1518"}],"version-history":[{"count":0,"href":"https:\/\/control-h.org\/index.php\/wp-json\/wp\/v2\/posts\/1518\/revisions"}],"wp:attachment":[{"href":"https:\/\/control-h.org\/index.php\/wp-json\/wp\/v2\/media?parent=1518"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/control-h.org\/index.php\/wp-json\/wp\/v2\/categories?post=1518"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/control-h.org\/index.php\/wp-json\/wp\/v2\/tags?post=1518"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}