research

At census we have a strong passion about applied security research. Results from our laboratories cleared for public disclosure are available here.

Secure programming in C

Our talk at the 4th Greek Free/Open Source Developer Conference on security issues that manifest during software development using the C programming language. Although there has been extensive coverage of this topic in the past, our talk provided an up-to-date analysis of programming bugs that potentially lead to security issues.

Resources

• Presentation (PDF, in Greek).

FreeBSD kernel stack overflows

A study that explores in detail the process of exploiting kernel stack overflows in the 7.x production release of the FreeBSD operating system. The main contribution of the study is the development of a kernel exploitation algorithm and the presentation of comprehensive i386 kernel shellcode.

Partial results from this study were presented at the University of Piraeus Software Libre Society, Event #16: Computer Security.

Resources

• FreeBSD kernel stack overflow exploit development.
• cve-2008-3531-kernelcode.s: Kernel shellcode for vulnerability CVE-2008-3531.
• cve-2008-3531.c: Exploit for vulnerability CVE-2008-3531.
• Presentation (PDF, in Greek).
• Debugging the FreeBSD kernel on VMware with remote gdb.