From 872ea955f03bf3a8b5d823063416a0e598d278d2 Mon Sep 17 00:00:00 2001 From: Tommy Date: Sun, 14 Aug 2022 20:01:33 -0400 Subject: [PATCH] Fix bad URL Signed-off-by: Tommy --- content/knowledge/FLOSS Security.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/knowledge/FLOSS Security.md b/content/knowledge/FLOSS Security.md index 1155b38..b27311e 100644 --- a/content/knowledge/FLOSS Security.md +++ b/content/knowledge/FLOSS Security.md @@ -102,7 +102,7 @@ Decompilers are seldom used alone in this context. Instead, they're typically a These reverse-engineering techniques---a combination of tracing, packet sniffing, binary analysis, and memory dumps---make up the workings of most modern malware analysis. See [this example](https://www.hybrid-analysis.com/sample/1ef3b7e9ba5f486afe53fcbd71f69c3f9a01813f35732222f64c0981a0906429/5e428f69c88e9e64c33afe64) of a fully-automated analysis of the Zoom Windows installer. It enumerates plenty of information about Zoom without access to its source code: reading unique machine information, anti-VM and anti-reverse-engineering tricks, reading config files, various types of network access, scanning mounted volumes, and more. -To try this out yourself, use a sandbox designed for dynamic analysis. [Cuckoo](https://cuckoosandbox.org/) is a common and easy-to-use solution, while [DRAKVUF](https://drakvuf.com/) is more advanced. +To try this out yourself, use a sandbox designed for dynamic analysis. [Cuckoo](https://github.com/cuckoosandbox) is a common and easy-to-use solution, while [DRAKVUF](https://drakvuf.com/) is more advanced. ### Extreme example: the truth about Intel ME and AMT @@ -221,4 +221,4 @@ Releasing source code is just one thing vendors can do to improve audits; other [^13]: Linux distributions' CFI+ASLR implementations rely executables compiled with CFI+PIE support, and ideally with stack-smashing protectors and no-execute bits. These implementations are flawed (see [On the Effectiveness of Full-ASLR on 64-bit Linux](https://web.archive.org/web/20211021222659/http://cybersecurity.upv.es/attacks/offset2lib/offset2lib-paper.pdf) and [Brad Spengler's presentation comparing these with PaX's own implementation](https://grsecurity.net/PaX-presentation.pdf)). -[^14]: The [best attempt I know of](https://signal.org/blog/private-contact-discovery/) leverages [Trusted Execution Environments](https://en.wikipedia.org/wiki/Trusted_execution_environment), but for limited functionality using an implementation that's [far from bulletproof](https://en.wikipedia.org/wiki/Software_Guard_Extensions#Attacks). \ No newline at end of file +[^14]: The [best attempt I know of](https://signal.org/blog/private-contact-discovery/) leverages [Trusted Execution Environments](https://en.wikipedia.org/wiki/Trusted_execution_environment), but for limited functionality using an implementation that's [far from bulletproof](https://en.wikipedia.org/wiki/Software_Guard_Extensions#Attacks).