IxLabs » Blog Archive » Challenge winners !

IxLabs » Blog Archive » Challenge winners !
he heh, we've won !

liveplasma music, movies, search engine and discovery engine

liveplasma music, movies, search engine and discovery engine preety nice

http://www.gnovies.com/

IxLabs » Dwarfs, elfs and checkers

IxLabs » Dwarfs, elfs and checkers
other thing I wanted to look over but hadn't the time to do so

• Static code analysis
  
• Lint programming tool
  
• Splint (programming tool)
  
• http://en.wikipedia.org/wiki/Flawfinder
  
• Coverity
  
• Static Analysis with LDRA Testbed
  
• Scitools
  
• Swat4j
  
• SAMATE - Software Assurance Metrics And Tool Evaluation
  
• The ASTRÉE Static Analyzer
  
• Type Inference and Static Analysis for Object-Oriented Software
  
• Static Driver Verifier - Finding Driver Bugs at Compile-Time
  
• Specifying and Checking Properties of Software
  
• .Net static analyser
  
• Splint Publications Statically Detecting Likely Buffer Overflow Vulnerabilities, Improving Security Using Extensible Lightweight Static Analysis, Static Detection of Dynamic Memory Errors
  
• Flawfinder - a program that examines source code and reports possible security weaknesses (``flaws'') sorted by risk level
  
  
  
  

IxLabs » Dwarfs, elfs and checkers

IxLabs » Dwarfs, elfs and checkers

some sites we used:

• 
  readelf. We modified it's source code too to output and xml file based on the DWARF2 data in the elf file
  
  
  
• 
  Prefast. Useful hints on what kind of flaws we can determine
  
  
  
• 
  libelf. this is used to locate the dwarf .debug_* sections in the elf binary
  
  
  
  
• 
  dwarf2xml. These guys gave us the ideea to modify readelf to output xml data. They also have an interesting paper argumenting the bennefits and downsides of static checking and build some little applications (get a function call graph and cross-referencers).
  
  
  
• 
  libdwarf. Trust me, you don't really want to read dwarf2 information directly just through libelf. dwarf2 is designed to use very little space to represent it's knowledge so you'll have loooots of bits and bitfields and fuuun. NOT
  
  
  
  
• 
  elf & dwarf2 mini tutorial. Some basic info to get yourself started.
  
  
  
• 
  man pages for some of binutils' & binutils-dev's components used (expecially the <dis-asm.h> & <bfd.h> )
  
  
  
  
  
  

Practical Common Lisp

Practical Common Lisp:
that book is dead sexy —Xach on #lisp
or so they say

PLT Scheme

PLT Scheme

Windows IPC Fuzzing Tools | Information Security Partners, LLC

Windows IPC Fuzzing Tools | Information Security Partners, LLC:
"This is a collection of tools used to attack applications that use Windows Interprocess Communication mechanisms. This package includes tools to intercept and fuzz named pipes, as well as a shared memory section fuzzer."

Table of Contents

Table of Contents: "Microsoft® Windows® Internals, Fourth Edition: Microsoft Windows Server™ 2003,"

an online copy of the book

Windows Native API Demystified

Windows Native API Demystified
a list of some internal NT API functions

Windows keyed events, critical sections, and new Vista synchronization features
http://www.bluebytesoftware.com/blog/PermaLink,guid,db9f8f5b-8d1d-44b0-afbd-3eadde24b678.aspx