An initial release of pltsec has been made. pltsec is a patch against OpenBSD 3.7-STABLE for i386 that blocks procedure linkage table (PLT) hijacking attempts by detecting malicious writes to the PLT.



The patch can be downloaded here.

A new release of itrace has been made. The main change has been the addition of memory inspection, as well as numerous bugfixes.



Source can be downloaded here.

The next version of dlmalloc (v2.8) is slated to include a variant of the heap protection patch as a compile-time option. As a result, the versions hosted here are now deprecated in favor of the officially supported version in glibc.

Snort alert verification v0.9.6 has been released for snort v2.1.3. The patch can be downloaded from the project download page.

Snort alert verification v0.9.5.1 has been released, which updates the preferred Nessus libraries to v2.0.10 and addresses an RPM build error reported in v0.9.5. The patch and source archive can be downloaded here.

The v0.9.5 snort-av patch has been backported to Snort v2.0.6, and can be downloaded at the usual place.

An update to our alert verification patch to Snort has been released which updates the upstream Snort source to v2.1.0 as well as fixes a FreeBSD build issue. The current patch and pre-patched Snort source archive can be fetched from the project software page.

An initial release of itrace, a dynamic application execution tracer, has been made. I find it useful in reverse engineering stripped binaries, perhaps you might as well. I have quite a list of improvements I would like to make to this tool, though, including bringing its featureset closer to strace, improving its support for reverse engineering, as well as porting its functionality to more platforms and architectures.



Source can be downloaded here.

A new release of our glibc heap protection patch is now available. This update incorporates fixes for several issues, including a potentially exploitable weak seeding of __heap_magic discovered by Eugene Tsyrklevich, and a vmalloc chunk magic bug reported by Kyle Sallee.

A new release of our glibc heap protection patch is now available. This update fixes the inclusion of x86 assembly in a protection macro which would cause builds to fail on non-x86 architectures. A number of compilation warnings regarding missing chunk pointer casts within protection macros have also been addressed.