Pinned
Wrote a post about those cases when shared_ptr<T> doesn't use atomic operations for the reference count. Spoiler: it's only in GNU and I couldn't decide if it's secure or not.
snf.github.io/2019/02/13/sha…
Sebastian Fernandez
781 posts
Sebastian Fernandez
@snfernandez
Joined July 2009
- This is an incredibly creative project. Here a thread to explain how it works for the unintroduced to weird machines. QEMU translates binaries to an intermediate representation called tiny code. Then it has 2 ways of executing it. (1/7)This Post is from an account that no longer exists. Learn more
- While everyone is distracted trying Ghidra, Microsoft released DTrace for Windows!!!
- Our frontrunner just caught this exploit contract in the wild and managed to rescue $54k. It recreated the whole exploit chain in 4 seconds. Funds are SAFU
Our bot just intercepted a price manipulation exploit and saved 54k from being stolen (arbiscan.io/address/0x6c7b…) We’re actively investigating. More details coming soon! o/ - Just uploaded the slides from my @ekoparty talk: The Quest To Memory Safety: Programming Languages github.com/microsoft/MSRC…
- Wrote a post about moving forward with security practices with Rust in 2019 /cc @rustlang snf.github.io/2019/01/10/rus…
- New blog post after some time! How to Protect an Exploit: Detecting PageHeap snf.github.io/2017/05/04/exp…
- Here are our #RustFest keynote slides that we used with @ryan_levick this morning. Super excited to continue attending the conference the rest of the weekend! github.com/microsoft/MSRC…
- Replying to @snfernandezHere, Kate, made a script which generates a set of pre-compiled snippets of code (gadgets) with different semantics. This code will be compiled when the iOS app is built and will map to executable memory. Bypassing the need to create it at runtime. github.com/ktemkin/qemu/b… (5/7)
- LLVM just added support for Intel's Shadow Stack in trunk. reviews.llvm.org/rL318996
- Replying to @snfernandezWhile this has been used forever to create exploits. It's a very creative way of makng a JIT for architectures that don' allow allocating executable memory. The code can be seen in this commit: github.com/ktemkin/qemu/c… (7/7)
- Replying to @snfernandezThen what's left is creating a JIT, that instead of compiling tiny code to native, it forges a memory segment that contains values that can be used by those gadgets before jumping to the next one. This allows to create whole programs reusing existeng code (weird machines!). (6/7)
- The first post in the safer programming languages series! Stay tuned for the next ones where we go into the details and specifically talk about RustWhat if you could eliminate a common class of vulnerabilities by changing the language you used? MSRC is publishing a series on why Microsoft is looking at @rustlang for memory-safe development and why we think you should too. See the first post here: msrc-blog.microsoft.com/2019/07/16/a-p…
- Replying to @snfernandezFirst one is emulating this code and the second one is compiling it to native code (JIT: Just In Time compiler) which is usually faster. However, JITs need to allocate executable memory to put that compiled code in. iOS doesn't allow it. (2/7)
