This has been a weird one, finding version information on the operating systems.
On Ubuntu, the following gets the version information
  cat /etc/issue
  cat /etc/lsb-release

On Linux, finding the kernel version
  uname -a
  cat /proc/version

On Windows, from Start-> Run -> cmd.exe
  winver
OR
  systeminfo

This is very simple but still there are a few times when memory fails and we’re not able to do the obvious.

To see the information about the hardware mapping :
  lshal

Finding your CPU Information
  cat /proc/cpuinfo

Finding memory information
  cat /proc/meminfo

Maximum number of SYN requests that the host will remember which did not receive an ACK from clients:
  cat /proc/sys/net/ipv4/tcp_max_syn_backlog

Finding data bus-size or bit-size i.e., whether my CPU is 32-bit or 64-bit:
  sudo lshw -C cpu | grep width

The world of Artificial Intelligence (AI) seems to be exploding with the release of ChatGPT. But as soon as the the chat bot came into the hands of public people started finding self-sabotaging queries at worst (exploitable issues) and some weird interactions whereby people could write malware that could stay undetected by Endpoint Detection and Response (EDR) bypasses.

What is AI?

Very simply, Artificial Intelligence (per Wikipedia) is intelligence demonstrated by machines. But technically, it is a set of algorithms that can make do things that a human does by making an inference, similar to humans, on the basis of data that was historically provided as “reference” to make the decisions. This reference data is called as training data. And the data which is used to test the effectiveness of the algorithm to arrive at a decision on the basis of that reference, is called as test data. Any good machine learning course teaches how do you design data and how much data to use for training and how much to use for testing and metrics of performance but that is not relevant to our discussion here – however, what’s important is that it is the data that you provide that controls the decision-making in an artificially intelligent algorithm. This is a key difference between typical algorithms (where the code is more or less static and makes decisions on certain states in the program) whereas in an artificially intelligent system you can have the program arrive at different decisions depending on how one decides to “train” the algorithms.

What is ML?

Machine Learning (ML) is a subset of Artificial Intelligence (AI) where the artificial intelligent algorithms evolve their decision-making on the basis of data that has been processed and tagged as training data. ML systems have been used in classifying spam or anomaly detection in computer security. These systems tend to use statistical inference to establish a baseline and highlight situations where the input data does not fall within the norm. When operational data is being used to train ML-based system one has to be careful that we are not incrementally altering the baselines of what’s normal and what’s not. Such “tilting” may happen over time and its important to protect against drift of such systems. Some “drift” is ok but “bad drift” is not – which is hard to predict. E.g., let’s say you classify some data inaccurately and accidentally/maliciously end up using it for training your ML-models but if it inherently alters the behavior of the ML model, then the model becomes unreliable.

What is Adversarial AI?

Adversarial Artificial Intelligence (AI) based threats are ones where malicious actors design the inputs to make models predict erroneously. There are a couple of different types of attack here – poisoning attack (where you train models with bad data controlled by adversaries) or an evasion attack (where you make the artificial intelligence system make a bad inference with a security implication). The way to understand these attacks is that the poisoning attack is basically “Garbage-in-garbage-out” but its this really “special” garbage. This is garbage that changes the behavior of the algorithm in a way that the algorithms returns an incorrect result when it has to make a decision. The inferential attacks are different in that the decision made is wrong because the input is such that it appears differently to the ML algorithm than it does to humans. E.g., Gaussian noise being classified as a human or a fingerprint being matched incorrectly.

Can we attack these systems in other ways?

In a paper presented by Google researchers created a tool (TensorFuzz) that they were able to demonstrate finding a few varieties of bugs in Deep Neural Networks (DNNs). So typical software attack techniques do work against the deep neural networks too. Fuzzing has been used for decades and has caused faults in code forever. At its core, fuzzing is simple, send garbage input that causes a failure in the program. It’s just that the failures in DNN are different and you want to ensure the software relying on the DNN to make a decision handles such failures appropriately and do not cause a security failure with secure defaults.

Protection mechanisms

There are a few simple ways to look at ML systems and security thereof. Microsoft released an excellent howto on how to threat model ML systems. Additionally, using adversarial training data is imperative to ensure that artificially intelligent algorithms performs as you expect them to in the presence of adversarial data. When you rely on ML-based systems, its all the more important that you test it appropriately and continue to do so against baselines. Unfortunately, for Deep Neural Networks transparency of decision making continues to be an issue and needs the AI/ML researchers to establish appropriate transparency measures.

I decided to play around with Spike fuzzer and encountered some weird errors during installation. I was using gcc 4.1.2.

gcc -ggdb -o generic_listen_tcp generic_listen_tcp.o dlrpc.o 
dlargs.o spike.o listener.o hdebug.o tcpstuff.o 
spike_dcerpc.o base64.o udpstuff.o spike_oncrpc.o -ldl -L. -ldlrpc
/usr/bin/ld: generic_listen_tcp: hidden symbol `__stack_chk_fail_local' in
/usr/lib/libc_nonshared.a(stack_chk_fail_local.oS) is referenced by DSO
/usr/bin/ld: final link failed: Nonrepresentable section on output
collect2: ld returned 1 exit status
make: *** [generic_listen_tcp] Error 1

If you are also getting the same error, I would recommend that you do the following

SPIKE/SPIKE/src$ ./configure

Now open the Makefile in your favorite editor and edit the CFLAGS line to include the following option:

-fno-stack-protector

This is how my CFLAGS line looks like in the Makefile:

CFLAGS = -Wall -funsigned-char -c -fPIC -ggdb -fno-stack-protector

This should make it build fine (I do get a few warnings but that’s cool…it still does not result in a no-build.

VMWare is excellent for malware analysts because it lets you keep snapshots of pristine Virtual machine states and you can revert back to them when you want to.
I encountered a weired error this time around on my Windows XP Pro VM. Whenever I would try to take any snapshots I would get an error: “Error taking snapshot: Windows XP Professional.VMX-Snapshot1.vmsn file already exists”. When I looked into the folder there was no .vmsn file with that name. I deleted all the files .lck and .lock files and still to no avail. Then I saw the files named as
Windows XP Professional-000001-s00?.VMDK.
The regex for these files was:
Windows XP Professional-00000?-s00?.VMDK
where ? is one character replaced by 0-9. Upon deleting these files, my snapshots started working properly.

I have been trying for the last few weeks to get the Android Kernel source and then build a kernel of my own and then load it into the emulator to try to test out the modules. I spent numerous hours in trying to understand about how to go about it. So here’s a post so I can log all that I did in an effort from going from nothing to having my kernel loaded in the Android Emulator.

There are posts such as the one on eeknay32’s blog and the Stackoverflow post that really helped me in getting started. Also there is a HOWTO in the qemu documentation located at external/qemu/docs/KERNEL.TXT

I first started to follow the directions from here but this is only to get the source code of the Android SDK and other tools and to compile those. That was not initially my goal because getting the source of the tools and SDK was not my goal. Don’t bother downloading this (you could get the tools pre-compiled) unless you really want to compile the tools on your own.

The following steps will help you compile the code for the Android emulator and other tools:
sudo apt-get install git-core gnupg flex bison gperf build-essential \
zip curl zlib1g-dev libc6-dev lib32ncurses5-dev ia32-libs \
x11proto-core-dev libx11-dev lib32readline5-dev lib32z-dev \
libgl1-mesa-dev g++-multilib mingw32 tofrodos python-markdown \
libxml2-utils xsltproc
mkdir ~/bin
export PATH=~/bin:$PATH
curl https://dl-ssl.google.com/dl/googlesource/git-repo/repo > ~/bin/repo
chmod a+x ~/bin/repo
cd src
repo init -u https://android.googlesource.com/platform/manifest -b android-2.3_r1
repo sync
. build/envsetup.sh
lunch full-eng


Now going to our main goal.

Get the Android source
git clone https://android.googlesource.com/kernel/goldfish.git goldfish
cd goldfish
Put the cross compilation toolchain into your path and also put the tools (emulator, android tools etc) in your path:
export PATH=$PATH:~/bin:~/bin/src/prebuilt/linux-x86/toolchain/arm-eabi-4.4.3/bin:/root/bin/src/out/host/linux-x86/bin
make ARCH=arm goldfish_defconfig
make ARCH=arm SUBARCH=arm CROSS_COMPILE=arm-eabi- -j4
This is a good resource on different errors you could encounter. If you get a message “zImage is ready” you are good to load this image into the emulator to have a running emulator.
Before you run the android tool you need to first set an environment variable otherwise the tool will complain that ANDROID_SWT is not set.
export ANDROID_SWT=/root/bin/src/prebuilt/linux-x86_64/swt

Now you have to download some of the SDK Framework from the Google website so that you can create your own Android Virtual Device (AVD). Without downloading the SDK platform you will get no output when you issue the following command:
android list targets
After you get the right ANDROID platform you can issue the following commands:
android create avd -n my_android1.5 -t 1
emulator -kernel ~/bin/kern/kernel-common/goldfish/arch/arm/boot/zImage -show-kernel -verbose @my_android1.5
Now you should have a running emulator with your shiny new kernel.
Now if you want to compile your own kernel module and load it into the emulator at runtime then you need to use Android Debug Bridge (ADB) tool. See this post, where the author creates a kernel module. For me I had to modify the Makefile a little as shown below:
VERSION = 2
PATCHLEVEL = 6
SUBLEVEL = 29
EXTRAVERSION = -00054-g5f01537
obj-m += hello.o
KDIR=/root/bin/kern/kernel-common/goldfish
PWD := $(shell pwd)
all:
make -C $(KDIR) ARCH=arm CROSS_COMPILE=/root/bin/src1/prebuilt/linux-x86/toolchain/arm-eabi-4.4.0/bin/arm-eabi- SUBDIRS=$(PWD) modules

clean:
make -C $(KDIR) ARCH=arm CROSS_COMPILE=/root/bin/src1/prebuilt/linux-x86/toolchain/arm-eabi-4.4.0/bin/arm-eabi- SUBDIRS=$(PWD) clean

Issue the make command from the directory where you have your makefile and the sources to get hello.ko.
See the partition not mounted as read only by searching for “rw” mount mode by issuing the following command:
/root/bin/src/out/host/linux-x86/bin/adb shell mount
/root/bin/src/out/host/linux-x86/bin/adb push hello.ko /data
/root/bin/src/out/host/linux-x86/bin/adb insmod /data/hello.ko

I finally got the Certified Expert Penetration Tester (CEPT) with a good score on the practical. There were two parts to the certification : an objective multiple choice written test and a practical. To qualify one needs 70% on the written and 70% on the practical portion of the test.
The written test was not too challenging if you follow the material taught at the InfoSec Institute’s Advanced Ethical Hacking course, however, the practical made up on the lack of challenge. The practical involved writing an unpublished stack overflow exploit for a real-world commercial software of IACRB’s choosing, a format string exploit for a custom application and writing a patch for windows binary to subvert registration mechanism on the binary. One could write the exploit in the form of a python script (that I chose), a shell script , a perl script or a binary written in a language of our choosing. The solution could be quite flexible when it came to the choice of language for writing the exploits.
Personally speaking, this was a great learning experience for me and I plan to continue learning in the interesting field of vulnerability development!

I’ve often tried to use MS Word tables and do computations with the values in the tables. Example:

Suppose, the following conditions hold true:
c1 = a1xb1
c2 = a2xb2
a3 = a1 + a2
b3 = b1 + b2
c3 = c2 + c2

Click on the c1 cell, click on the “Layout” button, click on “Formula” button, in the Formula field, enter the following:
=PRODUCT(a1:b1)
Similarly, for c2 use =PRODUCT(a2:b2).
For a3,b3,c3 use =SUM(ABOVE)