What's the most secure OS out of the box?

You have me confused with user, user, I'm user, not user.

you seem to be on the wrong board, /g/ is over there

Pick one.

Windows has dozens of complex services and dozens of complex drivers running by default. Each exposing multiple interfaces which can be attacked via ALPC/RPC/Pipes, ioctls, DLL/Code Injection, Memory mapping vulnerabilities, Local sockets, Filesystem vulnerabilities.

Oh also UAC is useless. explorer.exe can be injected by any medium integrity processs, and have it's AicLaunchAdminProcess() function hooked so that whenever you start a process as admin, the actual process started will be something an attacker controls without your knowledge.
blog.cylance.com/trick-me-once-shameonuac

Not to mention all the other UAC vulnerabilities.

Hardened Gentoo Linux.

If that's your actual name, you're gonna have a bad time.

Holla Forums is dead.

Go for it. explain.

Control. Flow. Guard.

That sounds like a threat towards OP.

He's gonna be doxxed is all I'm saying, not that I'm gonna be bothered by doing it.

bother myself*
No hablo Ingles

aand

technically for Holla Forums but applies here too

are you from reddit?

please user.

doxing != doxxing

doxing probably started on /i/

only reddit fags call doxing doxxing

also fucking funny how someone who doesn't normally go on imageboards asks a question and because you can't argue reasons why, you just drop his dox. (which is public, so whatever)

Following the guide you posted
Since this board is becoming more and more like Holla Forums everyday.

Genuine retardation.
Please quote my post where I posted his personal info. I'll be waiting.

Holy shit. Beware ye all who enter, this thread has devolved to kindergarten level argumentation.

...

ikr
it's beautiful

...

see

It's called reading comprehension. That smug anime face also fully validates your argument.

upvoted, where can i gift 4chan gold?

odili cared
I care
besides you may wonder why you get a copy of playboy magazine every month to your door.

Hey Ilfak, I pirated IDA 6.8.
and radare2 is better

hahaha disregard, i suck cocks

hey how's that decompiler working out for you? :^)

also nice roll faggot

shoo shoo pajeet

thanks fam
enjoy your explorer.exe vuln i guess

...

explorer.exe vuln? any file named explorer.exe is vulnerable? damn that's a huge issue. abandon windows now!

it's obvious you've never audited large applications

get your head out of your ass and read the posts above.

how much time do you spe d in the basement?

with a medium integrity process running you could also keylog someone for their admin password, I'm not saying it's not an issue but I dunno how you'd mitigate that.

VLCSetupFull.exe

could you explain?

sometimes, in the real world, people want real, proprietary software audited
that's when you break out your favorite debugger, disassembler and decompiler

I have. But I mainly reverse engineer malware, or applications protected by packers. Decompilers will fail to properly express ideal semantics(or anything at all) on these because a lot of the time the assembly was generated via an obfuscating algorithm rather than C/C++ source code.

there's a good plugin by a community member that universally detects the original entry point of a file and unpacks it, then decompiles it. I'd be happy to send you a demo, what's your email?

Wow, now I feel bad for being unfriendly ealier.
(Also I would pay for IDA if I actually had money.)

You can contact me at [email protected]/* */

There's a student discount which is usually somewhere between 10-20% depending on situation, it's assessed on a case by case basis.

...

I didn't know about that.

Oh I recently had an idea, but I don't have the time/resources to implement it. But have you ever though of augmenting the decompiler with machine learning?
You could train it on multiple compilers gcc/msvc/icc and compile open source projects. The algorithm could then be trained on a representation of the code and data to output the source that it was compiled from.

Hell, you could even auto-generate syntactically correct C code and compile that as training data.

>>>/g/

Low quality bait, OP.

youtube.com/watch?v=HZmAeyNM-TM

exploit-db.com/search/?action=search&description=windows 10

The most secure OS out of the box is Gentoo.
/thread

comparing security of Windows and any other big OS is like comparing whether males or females are more vulnerable to cancer

By representation of code and data I mean something along the lines of an AST

This is actually unpatchable. Holy kekkle.

Problem with this is that you don't only need to know the source code, but also the compiler and the parameters passed to it. If you know all that data, you don't really need a neural network or curve fitting algorithm as much as you need a massive database of equivalences.

What you could do, though, is train a neural network to identify the compiler version and flags passed to it of any given executable, but you would need a hell lot of resources to get all those compilers and try out every possible flag with them.

Anyway, decompiling helps in understanding a program, but it's not miraculous. A lot of data is lost when compiling to machine code and you will never be able to do stuff such as recovering variable names, so you can't really make a breakthrough in decompiling because it's as good as it can get right now.

mingw.org/
mingw-w64.org/doku.php
gcc.gnu.org/c99status.html

This is true on some level, but certain optimizations can be signals which can tell you what parameters where passed to it. For example if stack frames aren't present you can be certain that, that option was turned off. Of course some optimizations/features are easier to detect than others, the ones that don't actually change semantics and just reorder instructions would obviously be the hardest to detect.

Actually neural networks are quite good at storing equivalences if you don't mind a bit of fuzzy logic in them. Some equivalences will be quite similar to others and share the same synapses at the cost of a little degradation in accuracy.

I agree 100%. I wanted to do this but I calculated I would have to buy a $30,000 GPU-accelerated server to do it in a reasonable amount of time.

That's true, but I have a hypothesis that there is a lot more data than we currently are using, little nuances in the way a data structure is accessed and the types of function calls around it that can be used to recreate many things such as variable names and function names to a very close to original form.
With a powerful enough learning algorithm you could theoretically pick up on the psychological tendencies of software engineers and the typical patterns they use.

meant to reply to

Dear venerable Mr. Ilfanov-sama, could you share some advice on how to do stack analysis on machine level IR?
Specifically how to convert memory access to variables, like mem2reg of LLVM but on binary built from C language.
Currently I'm beginning academic work on reoptimisation of compiled binaries.

FreeDOS.
No network drivers out of box: no chance of outside tampering.
No GUI: normalfags can't do command line.
Limited scope: it's installed primarily on things that don't need to be secured.

That's completely fucking useless. You can do that to any operating system, as long as:
a. You have physical access to the machine
b. Full disk encryption isn't used

Gentoo is just as vulnerable to that attack as any other. Hell, gentoo is more vulnerable to this sort of attack because you don't even need a recovery CD to do it. As long as the bootloader isn't locked off, you can simply append "init=/bin/bash" to the end of the linux line, and you'll be dropped into a root shell.

TempleOS

Green Hills RTOS?

That's bullshit, and you just showed how you never even approached working at an audit firm.

Nobody calls reverse engineering "audit" because it ain't, stop talking out of your ass.

Wow, so I made an off the cuff remark about the image you posted and the retard brigade steps in. Anyway, what I meant was that your image seems to imply the VS compiler just recently got support for some form of stack smashing protection, while it's been a Unix feature since 1998.

Wow I'd never heard of this, it's good to see microsoft pushing new things into their OS in terms of security.

If I'm understanding from some quick reading, it's basically seccomp, no?

I have to wonder how much runtime overhead it adds, and how effective they actually are at profiling behaviour.

I still think that OpenBSD's pledge is the best scenario. Zero overhead and only a little bit of extra work on the part of developers.

seccomp with a profiler*

FUCKING NAMEFAG WINSHIT NORMIES
GET THE FUCK OFF MY Holla Forums
REEEEEEEEEEEEEEEEEEEEEEEE

...

Poor bait 3/10

Now fuck off now, back to reddit/twitter

Heh. And if you're a proprietary lover, why not vxworks?

Actually, I changed my mind. 1/10

Nice thread, bro.

Ehh. Sure VxWorks is fine. But Green Hills probably has the most intensive attacks directed against it in history of computing, both friendly and not. They are in a whole different league and I don't think the 'proprietary vs. not' has a lot of play in this domain in the first place tbh.

...

those aren't a part of the Windows OS so he's actually right

sage

>>>/suicide/

kek

Windows 10 has the most diverse userbase therefore it is the most resistant against different types of biological attacks

literal bloat.

(Unless you happen to be Gentoo)

It's pretty simple to install Gentoo to a chroot, and unmerge dev tools or package managers. I do that to get Gentoo on my netbook, but I leave portage and configure it to use distcc, so I can update the netbook without completely reinstalling everything.

If it's the most secure, why does it steal your data and send it to Microsoft which in turn sells it to everyone from shady advertisers to government people?

Checkmate.

To answer the question, it's OpenBSD.