Difference between revisions of "Summerschool Aachen 2004/Hidden Things Lab"
(→Did I just 0wn a User Mode Linux?) |
|||
Line 37: | Line 37: | ||
-- [[Alexander Becher]] | -- [[Alexander Becher]] | ||
+ | |||
+ | |||
+ | === Breaking sebek === | ||
+ | |||
+ | I spend the first part of the lab making final adjustments to the slides | ||
+ | of the coffee table talk. after the coffee table talk i intended to | ||
+ | make some code to nop out most of the sebek stuff in kernel memory. | ||
+ | While I was looking at the sebek code I found 2 bugs in the code that | ||
+ | allows any user (that includes all non-root users) to circumvent the sebek | ||
+ | logging. These findings will be released shortly. | ||
+ | |||
+ | -- Ilja van Sprundel |
Revision as of 11:04, 30 September 2004
Contents
Hidden Data
Slides & examples are at http://md.hudora.de/presentations/summerschool/2004-09-29/
The coffee table talk
The slides of the coffee table talk are online, you can find them here.
-- Ilja van Sprundel
Looking for authors of documents in Cambridge
I have scanned the *.cam.ac.uk domain using google and wget and retrieved around 1000 M$ Word documents. I then put together a python script that makes a list of authors, documents, urls triplets. This indicates how profilic particular authors are (they have authored documents placed in many different URLs), and exposed quite a few little secrets.
-- user: George
Did I just 0wn a User Mode Linux?
I spend the lab session playing around with User Mode Linux (UML) and evaluating whether it was easy to identify UML from the "inside". It is... it seems like the developers do not intend to hide the "true" identity of a User Mode Linux at all.
After that i discussed some "breakout scenarios" with Thorsten.
I'll post some more on all that tomorrow...
-- Lutz Böhne
Simulating Web Activity
I've spent the time in the lab writing a perl script for simulating users browsing the web. It uses the immensely useful WWW::Mechanize::Sleepy module from CPAN. I have uploaded the script to Discovery.
At first I wanted to simulate SSH activity, but I decided that I didn't know enough about the SSH protocol and that it would take too much time to understand and modify the SSH source code.
Breaking sebek
I spend the first part of the lab making final adjustments to the slides of the coffee table talk. after the coffee table talk i intended to make some code to nop out most of the sebek stuff in kernel memory. While I was looking at the sebek code I found 2 bugs in the code that allows any user (that includes all non-root users) to circumvent the sebek logging. These findings will be released shortly.
-- Ilja van Sprundel