IoT devices and web applications often provide services by utilizing its underlying OS commands instead of implementing the whole service from scratch. For example, the majority of modern Wi-Fi routers provide network ping service for users to check if their network setup is correct; and its implementation is built on top of existing Linux `ping` command instead of re-implementing the entire ICMP protocol. Re-using OS commands has the benefit of providing fast/accurate service development with minimal engineering effort. However, improper data sanitization exposes such service to OS command injection which is a serious yet easy-to-overlook security flaw. Exploiting OS command injection is way too easy compared to other system exploitation techniques; however, its security impact is high. In this tutorial, I will demonstrate advanced OS command injection techniques against common bash shells and explain how we can bypass various filters/restrictions. Also I will provide a docker-based platform as a small series of CTF/Wargame challenges to practice such exploitation techniques as a lab exercise.
Ensuring confidentiality and integrity of sensitive workloads is becoming increasingly more difficult with today's computing systems. Modern software is growing more and more complex and inevitably contains bugs. The presence of vulnerabilities in user programs and even operating system kernels render the protection of secrets a daunting challenge. Trusted Execution Environments (TEEs) ensures confidentiality and integrity of sensitive program code and data by constructing a safe and isolated execution compartment within the system by leveraging hardware support for isolation in modern architectures.
Intel has introduced Software Guard eXtension (SGX) in its processor architecture to provide secure enclaves for protecting program secrets. This tutorial will discuss the security model, design patterns, and applications of SGX. Then, we will write a simple SGX-protected program together to provide a hands-on experience with trusted execution environments.