Carter Yagemann

Assistant Professor of Computer Science and Engineering at the Ohio State University with interests in automated vulnerability discovery, root cause analysis, exploit prevention, and cyber-physical security.

#linux Articles


Weird Things Are Afoot In The Honeypot

Here's something you don't see every day. The logs from my SSH honeypot show someone brute-forcing the password for root and then executing: ls /data/data/com.android.providers.telephony/databases This is a strange directory to look for because it's where Android devices store the SQLite databases for SMS …

How ASLR Helps Enable Exploits (CVE-2013-2028)

The other day I was playing around with CVE-2013-2028 along with my peer Hong Hu when we came across something odd: CVE-2013-2028 is only exploitable on 64-bit GNU/Linux when ASLR is enabled. After confirming this observation multiple times, we were left very surprised. How could ASLR possibly worsen the …

Intel PT Data at Rest: A Compression Experiment

Full Disclosure: I am a researcher in Georgia Tech's ISTC-ARSA, which is funded by Intel. Although I reference two publications that share Xinyang Ge and Weidong Cui as authors, I am neither associated with them nor Microsoft Research at the time of writing. Intel Processor Trace (PT) is a powerful …

Intel Processor Trace, execvp, and ptrace

Lately, I've been playing around with Intel Processor Trace (PT); a x86 hardware feature that allows for complete tracing of process control flows. As part of my research, I've been developing my own Linux driver and user program to control PT. Tracing can be configured using a handful of model …

Getting the CR3 value for a PID in Linux

Writing low level code can be difficult due to the lack of examples on the internet. The answer is generally sitting somewhere in a 3,000 page manual where only the most dedicated programmers will find it. Last week I had such an experience. Currently my research involves a lot …

How Orange Helps You Sleep At Night

Originally written for the Syracuse University College of Engineering blog. Everyone at Syracuse University knows that orange is the very best college color, but who knew it could also help you sleep? Research conducted in recent years has shown that sleep problems are on the rise and one theory gaining …

Installing psad on Raspberry Pi Running Arch Linux

I've been fooling around with IDS and specifically psad and I thought it would be fun to try installing psad on my raspberry pi. Little did I know, installing psad on an ARM processor running Arch Linux with systemd is not a simple process. It took me great effort to …