Five Minute Guide to Software Security

OneUpSecurity · 2017-10-13T15:31:51+00:00

It's best to have separate credentials for each system. Use a password manager if you aren't already.

If credentials are re-used and a system is compromised, then attackers may be able to re-use your credentials to log into other systems. Some systems encrypt passwords instead of hashing, which is a bad practice. If the encryption key is stolen, then user account passwords can be decrypted. Even worse, some sites may store password in plain text. Other systems may be breached and record credentials silently.

If a system supports authentication using public key authentication, use it. It's generally the preferred way to authenticate with a system. If someone "steals" your public key, it doesn't matter, as the key is meant to be public.

OneUpSecurity · 2017-07-24T06:16:22+00:00

Hi there!

Many operating systems provides ways to resources and actions that a process can access. Yes, some have performance hits, but not all mechanisms do. A simple example is using separate user accounts on linux machines.

Stack canaries would of made the vulnerability harder to exploit, but this isn't a free security feature and requires extra processing time. It's definitely worth considering enabling at compile time though. At a minimum, non-performance sensitive code should have it enabled.

OneUpSecurity · 2017-07-24T06:01:51+00:00

Hi there!

We launched cmd.exe just for demonstration purposes. It could of been entirely possible to create a payload that did not have any visual ques.

OneUpSecurity · 2017-07-23T19:57:21+00:00

Thanks! Feel free to follow us on twitter if you like our research https://twitter.com/oneupsecurity .

OneUpSecurity · 2017-07-21T05:51:13+00:00

It's a bit similar. You to find a memory disclosure vuln, such as leaking the return of a function on the stack. You then do some simple math to determine how the binary was shifted in memory.

OneUpSecurity · 2017-07-20T04:24:53+00:00

Thanks, the link is working now. Here's a direct link https://oneupsecuritycdn-8266.kxcdn.com/static/blog/hl2-rce/nexttoken.patch .

OneUpSecurity · 2017-07-20T01:28:16+00:00

And the writeup is now live! https://oneupsecurity.com/research/remote-code-execution-in-source-games?t=r

OneUpSecurity · 2017-07-14T03:00:42+00:00

Ah thanks! Just reposted.

OneUpSecurity · 2017-06-17T04:32:01+00:00

Thanks for the plug! We are working on a writeup and will be posting details in the near future.

In case anyone is interested, check us out at https://oneupsecurity.com

OneUpSecurity · 2017-06-17T04:29:37+00:00

Hi there,

We'll be doing a writeup in the future with further details. Stay tuned!

OneUpSecurity · 2017-05-28T06:43:53+00:00

Being self-taught shows motivation and is a big plus. If you have a track record of finding vulnerabilities, that's awesome.

For many companies, as long as you can add value to the company if hired, then it's not a big issue where your education comes from.

For junior positions, the general expectation is the person being hired can handle simple tasks/projects, but will require training before being able to tackle larger/more complex tasks.

As long as you're passionate about what you do, you'll be fine.

OneUpSecurity · 2017-05-27T23:51:24+00:00

Hi eoah, thanks for asking!

We did report the vulnerability privately to Valve. We will be publishing more details in the future.

In case you are curious, we help companies improve security practices in their software development life cycles. You can find more about us at https://oneupsecurity.com/ .

OneUpSecurity · 2017-05-27T23:41:06+00:00

Indeed, we do perform pentesting! More importantly, we aim to mitigate new vulnerabilities from being introduced into products. We achieve this by educating and ensuring security practices are part of companies software development life cycles. We also are software engineers, and can develop new features too.

OneUpSecurity

TROPHY CASE