Top 10 List of Week 02

This list was written without particular order. I enjoy love this week’s topic because it and covers the most important aspect of building an OS! here’s my Top 10 list of Week 02:

1. The Zoo (Repo)
   The Zoo is a collection of almost every malware (including RATs) that cause significant impact on real-world. Some of them has their source code leaked and then archived into The Zoo with intention to teach people about malware analysis and how malware works, so we can prevent similar vector occured in the future.

2. Writing a Simple Buffer Overflow Exploit (Video)
   This video is a live demonstration of Buffer Overflow exploit. On the OSC10 Ch. 16, the book mentions about Code Injection with Buffer Overflow. I found this very interesting because BOF (Buffer Overflow) are common in low-level language such as C, which is a language we’re learning from the demo scripts this week.

3. Intorduction to PGP and how it works (Article)
   This site explains how PGP works, how it stores data, and how it achieve end-to-end privacy using asymmteric encryption. PGP was apparently invented by Phillip Zimmermann. But what’s the difference between PGP and the GPG we used in the OS class, you might ask. Well PGP was the original to secure messsaging, then the source code was released to the public and later improved by GNU as GnuPG (GPG).

4. Negative Rings and Protectiong Rings with Virtualization (Article)
   The article explains how Hypervisors utilize Protection Ring to make the guest OS think they have ring 0 priveledge on x86. This article also explains the meaning of negative rings (Ring -1, Ring -2, Ring -3) which are invisible to the OS itself. There’s also a CVE report about VMWare’s Ring -1 vulnerability that can be used to escalates priveledge back to Ring 0.

5. The International Obfuscated C Code Contest
   The IOCCC is a programming contest to build the most obscure C code as possible while maintaining code functionality. One of my favorite contestant is Yusuke Endoh with his famous ASCII Fluid Dynamics. His code is so obscure yet it simulates fluid dynamics in ascii code very well. You can see his code here. You can see other contestant’s entries here.

6. Common C Vulnerabilites and how to avoid them (Article)
   C is considered an unsafe programming language because it provides direct access to memory using pointers instead of virtual memory addressing. This results in lots of security concern in C language as it doesn’t provide enough Memory Safety. Here’s a list of common C-lang security holes and their mitigations.

7. Hashing Algorithms and Security (Video)
   Hashes are used for verification and securing file transfers. But it can be broken by using has collisions or bruteforcing the hash using faster compiuters. This video explains very well about hashing, how it can be utilized, and how it can be broken.

8. RSA Factoring Challenge (Article)
   RSA is an encription algorithm to keep files secure using a public and private key. The thing is, RSA relies on two large prime numbers to encrypt data. The RSA Factoring Challenge is a public challenge to factor RSA keys into it’s two prime factors with an award as big as US$50,000 and up to ensure the encryption standard is still secure on the public.

9. Onion Routing
   Onion Routing is an attempt to not only encrypt users data, but also the network itself. The video explains how encryption is used in onion routing to achieve privacy and security through multiple layers of encryptions. Hence the name “Onion”. It is really cool!

10. Cybersecurity: Crash Course Computer Science
    This video is basically a summarization of OSC10 Ch. 16. It talks about security principles and atatck vector examples. The video explains about mitigations as well, such as sandboxing and virtualization. I really recommend other OS211 students to watch the video.

That’s all folks! See you on Week03~