add slide about protections

index.html

@@ -152,7 +152,7 @@ C is full of holes, let's get to know one.
 
 Old skool, so no OS or hardware protections. Which today is mostly relevant in IoT. (Remember, the `S` in `IoT` stands for Security.)
 
-Stack smashing is making use of a buffer overflow vulnerability in code using variables on the stack. This type of vulenrability has been known for a long time. This attack was first properly documented in Phrack #49.
+Stack smashing is making use of a buffer overflow vulnerability in code using variables on the stack. This type of vulnerability has been known for a long time. This attack was first properly documented in Phrack #49.
 
 .footnote[Phrack #49(http://www.phrack.org/issues/49/14.html#article)]
 ]
@@ -355,6 +355,23 @@ Binary here: https://wizeazz.nl/smash/code/demo
 ]
 ---
 template: inverse
+# Protections
+---
+.left-column[
+## Protections
+]
+.right-column[
+- Stack canaries<br>
+  Place a value before the return address and check if it's been changed before returning from a function.
+- Nonexecutable stack<br>
+  W^X (write or execute) won't execute code on the stack (but will still follow return addresses).
+- Randomization<br>
+  Change function and stack addresses around so whenever a program is executed the locations are different.
+
+All these can be worked around given the right conditions. They just make things annoying, euh, harder.
+]
+---
+template: inverse
 # DIY
 ---
 .left-column[