Many shell users, and certainly most of the people working in computer forensics or other fields of information security, have a habit of running /usr/bin/strings on binary files originating from the Internet. Their understanding is that the tool simply scans the file for runs of printable characters and dumps them to stdout – something that is very unlikely to put you at any risk.
The strings utility tries to leverage the common libbfd infrastructure to detect supported executable formats and “optimize” the process by extracting text only from specific sections of the file.
So here what i did is a small explanation of what i did with the crew at hackers.mu.
Every members were assign a different utility to work on and reinforce it. what we did was basically attached a system call filter to a process thus reducing the attack surface of the kernel.
the vulnerability encountered is: CVE-2014-8485
here is how my sandbox looks like :