Posts

What Value Is Stored In Uninitialized Variables?

Image
The value in an uninitialized variable is one of: zero, a compiler dependent value (such as 0xCC's in visual studio), or data previously stored in that memory location (old data).
Types of Uninitialized Variables And Their Values Classic C/C++ Uninitialized Stack Variables The classic type of uninitialized variables are local function variables written in a low level language (such as C/C++). You would think when these variables are left uninitalized they would simply save the last value they were give. However, there is a catch: when code is compiled in debug mode, the compiler may inject its own code that initializes empty variables to a default value.
This is done to protect against vulnerabilities (more on this later), and to more easily detect bugs by giving the variable a bogus value that can be easily identified as uninitialized if it is for example printed to the screen.

Below, a  program compiled with Visual Studio in debug mode prints an uninitialized variable. Code c…

Vulnerability Research Dictionary

Image
Refer to this page any time there's a vulnerability related term you want to better understand.
ASLR Address Space Layout Randomization. An exploit mitigation that randomizes the loading address of modules in memory to harden the system against exploits that depend on known memory addresses.
In Linux, the address of the heap, stack and external libraries is randomized.
In Windows the address of the code, heap, and stack is randomized. External libraries (DLLs) are randomized once when loaded, but their address is the same between separate processes.

Authentication Bypass A vulnerability that permits unauthorized users to bypass authentication and reach a protected resource or interface that would otherwise require authentication. Occasionally used as part of an exploit chain.

Brute-Force A methodology used to solve for an unknown value by exhausting all the possible options. Most commonly used as a password guessing technique, but can also be used to break ALSR by guessing the ra…

What Is A Software Vulnerability?

Image
tl;dr In the broadest sense, a software vulnerability is a flaw that allows the vulnerable system to perform unplanned actions. Examples of the results of these unplanned actions include, sensitive information disclosure (example), denial of service (DOS) (example), authentication bypass (example), and most dangerously, full takeover of a system (aka RCE) (example) by a malicious attacker.
Formal Definitions According to ENISA (European Union Agency for Network and Information Security) a vulnerability is, "The existence of a weakness, design, or implementation error that can lead to an unexpected, undesirable event" (reference).

According to  NICCS (National Initiative for Cybersecurity Careers & Studies) a vulnerability is, "Characteristic of location or security posture or of design, security procedures, internal controls, or the implementation of any of these that permit a threat or hazard to occur" (reference).

The definition I use defines a vulnerab…