Introduction and release of seccomp-nurse, a new
sandboxing method based on SECCOMP. It is designed to run applications in a
kind of jail (enforced by the kernel). It does not use ptrace() at all and does
not suffer from common flaws of systrace-like projects.
ptrace is one of the least documented and most obscure syscall
available on Linux. The SunOS man page event describes ptrace() as
"unique and arcane" and this is partly right.
This report presents the ptrace undocumented features, why theses
options are interesting and how to use them when injecting code
into processes.
Finally, we present multiple use-cases based on ptrace(), among one
showing an evasion attack of the applicative firewall NuFW.
We present a blackbox audit of a Cisco VoIP network where we
targeted the end-point devices and the protocols involved (SCCP,
CDP, TCP/IP stack).
This reports show our methodology, tools implemented for
the audit, protocols reverse engineering, binary analysis and
finally, some abnormal behaviors encountered.
This talks presents the architecture of a Cisco VoIP networks: its
architecture, the protocols involved and the different devices. At
that time, no documentation was available and the SCCP protocol
had to been reverse-engineeredd in order to implement a call
interception system, named ilty.
The last part of the report talks about the hardening measure
available and their limits.