Skip to content

Instantly share code, notes, and snippets.

@quend
quend / compile_to_bitcode.sh
Last active Sep 22, 2016
Script to compile the OpenSSL project to LLVM Bitcode on a Linux system.
View compile_to_bitcode.sh
#!/bin/bash
#!/usr/bin/env bash
# Run this script in the main directory of openssl.
# Requires python3
set -e
# download necessary parsing script
wget https://gist.githubusercontent.com/quend/e44520133e2cd8a6da98ce1c2a02a7b1/raw/8c93794dc2dc6cdd84255eb2de8416b59cf53a9b/comp_db_generate.py
View comp_db_generate.py
#!/usr/bin/env python3
'''
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License
Generate a shell script to replicate build steps from a compile database
produced by the Bear tool, but create bitcode files instead of object files.
usage:
./comp_db_generate.py -o build.sh -l [llvm root] compile_database.json \
View standalone_aesni_cbc_hmac_sha1_cipher.c
// clang -L/usr/local/opt/openssl/lib -I/usr/local/opt/openssl/include -lssl -lcrypto -O0 -g aesni_cbc_hmac_sha1_cipher.c && ./a.out
#include <stdio.h>
#include <string.h>
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/aes.h>
#include <openssl/sha.h>
#include <openssl/rand.h>
View MAST Summary
A mobile application security toolkit to provide binary obfuscation,
both static and dynamic at the compiler level for iOS and OSX applications.
The features target to defend against hackers, reverse engineers, software pirates, and competitors.
This LLVM based toolkit relies on advances is the use of cryptography,
code obfuscation, anti-debugging capabilities and novel iOS jailbreak detection.
It was developed as a part of DARPA’s Cyber Fast Track.
View AEG background material
Existing AE work focused on Restricted Models:
Sean Heelan’s “Automatic Generation of Control Flow Hijacking Exploits for Software Vulnerabilities”
David Brumley (@ Carnegie Mellon) et al. (AEG, MAYHEM, etc)
Most whitepapers on Cyber Grand Challenge! (CGC)
[Good Course Material]
https://www.cs.umd.edu/class/spring2013/cmsc631/lectures/symbolic-exec.pdf
https://www.utdallas.edu/~zxl111930/spring2012/public/lec4.pdf
http://web.mit.edu/16.399/www/lecture_01-intro/Cousot_MIT_2005_Course_01_4-1.pdf
http://homepage.cs.uiowa.edu/~tinelli/classes/seminar/Cousot.pdf
View Google Cyber Open Source Initiative
The Core Infrastructure Initiative (CII) and its members have come together to invest in core infrastructure,
providing funding for fundamental projects like OpenSSL, OpenSSH, NTPd and others.
These impact of these grants was felt immediately, with projects being able to add team members,
improve coding best practices, set up predictable release schedules and roadmaps and perform audits
to help future proof code. Under the guidance of the Advisory Board, CII is actively researching and
identifying new projects that need support and working with established projects to ensure best practices
are being followed to help create a culture of secure coding practices.
List of past projects:
GnuPG
View gist:8f4e81435a079d966d0d
Sharon Simmons
RPISEC
Department of Computer Science
Rensselaer Polytechnic Institute
Lally 209A
110 8th Street
Troy, NY 12180
View since 2:44pm?
10:33 loo : Hello
10:33 loo : xerphn: did you fix your issue?
10:33 loo : doom: 200 upvotes!
10:33 loo : Do people sleep now?
10:33 aweinstock : https://opensource.com/life/15/10/open-source-cobol-development
10:33 RyanWithZombies : doom: welcome to the frontier of human knowledge
10:33 RyanWithZombies : at ToB, that's our response to when people are googling something and the only thing that comes up is projects by other ToB members
10:33 *** : Playback Complete.
10:33 Mode: +nrt
10:33 Created at: Nov 13, 2014, 11:37 PM
View dump_prime.py
currentEa = 0x2214
i = 0
out = []
while i < 3476:
out.append(Word(currentEa))
currentEa += 2
i += 1
fd = open(r'prime_index_map.py', 'wb')
You can’t perform that action at this time.