Sandbox Strings

Many shell users, and certainly most of the people working in computer forensics or other fields of information security, have a habit of running /usr/bin/strings on binary files originating from the Internet. Their understanding is that the tool simply scans the file for runs of printable characters and dumps them to stdout – something that is very unlikely to put you at any risk.

The strings utility tries to leverage the common libbfd infrastructure to detect supported executable formats and “optimize” the process by extracting text only from specific sections of the file.

So here  what i did is a small explanation of what i did with the crew at hackers.mu.

Every members were assign a different utility to work on and reinforce it. what we did was basically attached a system call filter to a process thus reducing the attack  surface of the kernel.

the vulnerability encountered is: CVE-2014-8485

here is how my sandbox looks like :

sandbox.png

 

 

 

Advertisements

One thought on “Sandbox Strings

  1. I see you don’t monetize your page, don’t waste your traffic, you can earn additional bucks every month because you’ve got hi quality content.
    If you want to know how to make extra bucks, search for: Boorfe’s tips best adsense alternative

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s