Linux Hardening Guide | Madaidan's Insecurities
Last edited: March 19th, 2022 Linux is not a secure operating system. However, there are steps you can take to improve it. This guide aims to explain how to harden Linux as much as possible for security and privacy. This guide attempts to be distribution-agnostic and is not tied to any specific one. DISCLAIMER: Do not attempt to apply anything in this article if you do not know exactly what you ar
1 Introduction Compilers, assemblers and similar tools generate all the binary code that processors execute. It is no surprise then that these tools play a major role in security analysis and hardening of relevant binary code. Often the only practical way to protect all binaries with a particular security hardening method is to have the compiler do it. And, with software security becoming more and
CVE-2021-22555: Turning \x00\x00 into 10000$ Andy Nguyen (theflow@) - Information Security Engineer CVE-2021-22555 is a 15 years old heap out-of-bounds write vulnerability in Linux Netfilter that is powerful enough to bypass all modern security mitigations and achieve kernel code execution. It was used to break the kubernetes pod isolation of the kCTF cluster and won 10000$ for charity (where Goog
After almost three years since the initial design document and hundreds of CLs in the meantime, the V8 Sandbox — a lightweight, in-process sandbox for V8 — has now progressed to the point where it is no longer considered an experimental security feature. Starting today, the V8 Sandbox is included in Chrome's Vulnerability Reward Program (VRP). While there are still a number of issues to resolve be
OpenSSH: Release Notes
OpenSSH Release Notes OpenSSH 9.7/9.7p1 (2024-03-11) OpenSSH 9.7 was released on 2024-03-11. It is available from the mirrors listed at https://www.openssh.com/. OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed
Following our presentation at Black Hat USA, in this blog post we provide some details on CVE-2022-20233, the latest vulnerability we found on Titan M, and how we exploited it to obtain code execution on the chip. Introduction During the last year and a half, we (Damiano Melotti, Maxime Rossi Bellom & Philippe Teuwen) studied the Titan M, a security chip introduced by Google in their Pixel smartph
GitHub - blaCCkHatHacEEkr/PENTESTING-BIBLE: articles
-1- 3 Ways Extract Password Hashes from NTDS.dit: https://www.hackingarticles.in/3-ways-extract-password-hashes-from-ntds-dit -2- 3 ways to Capture HTTP Password in Network PC: https://www.hackingarticles.in/3-ways-to-capture-http-password-in-network-pc/ -3- 3 Ways to Crack Wifi using Pyrit,oclHashcat and Cowpatty: www.hackingarticles.in/3-ways-crack-wifi-using-pyrit-oclhashcat-cowpatty/ -4-BugBou
Windows 10の更新プログラムKB4549951でBSODやBluetooth/WiFiの問題、システムクラッシュが発生 | ソフトアンテナ
Windows 10 Version 1903/1909用の最新の月例更新プログラムKB4549951で複数の問題が発生していることがわかりました(MSPoweruser)。 まず、KB4549951を正常にインストールできないという問題が報告されており、この場合0x8007000d、0x800f081f、0x80073701などのエラーメッセージが表示される模様。 またインストールが正常に完了した場合でも、BluetoothやWi-Fi、BSOD、システムのクラッシュ、パフォーマンスの低下などさまざまなタイプの問題が発生するようです。 Microsoftコミュニティフォーラムには「KB4549951適用後Bluetoothがデバイスマネージャーに表示されなくなり機能しなくなった」というコメントや、「Wi-Fiアダプタはデバイスマネージャーに表示されるもののインターネットに接続できなくなっ
Safer Usage Of C++
Safer Usage Of C++ This document is PUBLIC. Chromium committers can comment on the original doc. If you want to comment but can’t, ping palmer@. Thanks for reading! Google-internal short link: go/safer-cpp Authors/Editors: adetaylor, palmer Contributors: ajgo, danakj, davidben, dcheng, dmitrig, enh, jannh, jdoerrie, joenotcharles, kcc, markbrand, mmoroz, mpdenton, pkasting, rsesek, tsepez, awhalle
dbs-002.dvi
Foundations and Trends R � in Databases Vol. 1, No. 2 (2007) 141–259 c � 2007 J. M. Hellerstein, M. Stonebraker and J. Hamilton DOI: 10.1561/1900000002 Architecture of a Database System Joseph M. Hellerstein1 , Michael Stonebraker2 and James Hamilton3 1 University of California, Berkeley, USA, hellerstein@cs.berkeley.edu 2 Massachusetts Institute of Technology, USA 3 Microsoft Research, USA Abstra
08-02-2020 update: Reddit discussion here, Hacker News here. Appreciate all the community feedback! Tools shape both their user and their result. Paradigms of C and C++ have molded generations of systems programmers, the ubiquity and staying power of both languages is a testament to their utility. But the resultant software has suffered decades of memory corruption CVEs. Rust, as a compiled langua
Introduction Dusting off a few new (old) vulns Have you ever been casually perusing the source code of the Linux kernel and thought to yourself "Wait a minute, that can’t be right"? That’s the position we found ourselves in when we found three bugs in a forgotten corner of the mainline Linux kernel that turned out to be about 15 years old. Unlike most things that we find gathering dust, these bugs
Posted By Samuel Groß, Project Zero On December 20, Citizenlab published “The Great iPwn”, detailing how “Journalists [were] Hacked with Suspected NSO Group iMessage ‘Zero-Click’ Exploit”. Of particular interest is the following note: “We do not believe that [the exploit] works against iOS 14 and above, which includes new security protections''. Given that it is also now almost exactly one year ag
Linux Security Hardening and Other Tweaks by @blakkheim Last updated: 10/30/2023 This page lists the changes I make to a vanilla install of Arch Linux for security hardening, as well as some other changes I find useful. Most of the changes will work on any Linux distro that's reasonably up to date. It's not a one-size-fits-all setup, but hopefully certain pieces will be useful to anyone wanting a
Introduction This blogpost covers the development of three exploits targeting SpiderMonkey JavaScript Shell interpreter and Mozilla Firefox on Windows 10 RS5 64-bit from the perspective of somebody that has never written a browser exploit nor looked closely at any JavaScript engine codebase. As you have probably noticed, there has been a LOT of interest in exploiting browsers in the past year or t
Finding LogoFAIL: The Dangers of Image Parsing During System Boot | Binarly – AI -Powered Firmware Supply Chain Security Platform
Binarly REsearch team investigates vulnerable image parsing components across the entire UEFI firmware ecosystem and finds all major device manufacturers are impacted on both x86 and ARM-based devices. [ See previous blog post “The Far-Reaching Consequences of LogoFAIL” preview of Black Hat EU presentation ] As discussed in our previous blog, security defects in image parsers expose significant at
The More You Know, The More You Know You Don’t Know
A Year in Review of 0-days Used In-the-Wild in 2021 Posted by Maddie Stone, Google Project Zero This is our third annual year in review of 0-days exploited in-the-wild [2020, 2019]. Each year we’ve looked back at all of the detected and disclosed in-the-wild 0-days as a group and synthesized what we think the trends and takeaways are. The goal of this report is not to detail each individual exploi
SecurityThe Android kernel mitigations obstacle raceIn this post I’ll exploit CVE-2022-22057, a use-after-free in the Qualcomm gpu kernel driver, to gain root and disable SELinux from the untrusted app sandbox on a Samsung Z flip 3. I’ll look at various mitigations that are implemented on modern Android devices and how they affect the exploit. In this post, I’ll exploit a use-after-free (UAF) bug,
How should you do concurrency in an embedded no_std application? There's no built-in support for time-sliced threads in core; that abstraction is only available in std (see std::thread). The latest stable release brought the async/await feature to no_std thanks to our compiler work. Should you always use that instead? Is cooperative scheduling appropriate for all kind of embedded applications? Wha
[ OpenSSL 3.0 Series Release Notes ] - /news/openssl-3.0-notes.html
OpenSSL 3.0 Series Release Notes The major changes and known issues for the 3.0 branch of the OpenSSL toolkit are summarised below. The contents reflect the current state of the NEWS file inside the git repository. More details can be found in the ChangeLog. Major changes between OpenSSL 3.0.12 and OpenSSL 3.0.13 [30 Jan 2024] Fixed PKCS12 Decoding crashes ([CVE-2024-0727]) Fixed Excessive time sp
Evil eBPF Practical Abuses of an In-Kernel Bytecode Runtime Jeff Dileo DEF CON 27 call_usermodehelper("/bin/sh",(char*[]){"/bin/sh","-c","whoami",NULL},NULL,5) • @chaosdatumz • Agent of chaos • Unix aficionado • Principal Consultant / Research Director @ NCC Group • I like to do terrible things to/with/in: • programs • languages • runtimes • memory • kernels • packets • bytes • ... Outline • Intro
Dirty stream attack poses billions of Android installs at risk | ZLoader Malware adds Zeus's anti-analysis feature | Ukrainian REvil gang member sentenced to 13 years in prison | HPE Aruba Networking addressed four critical ArubaOS RCE flaws | Threat actors hacked the Dropbox Sign production environment | CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog | Panda Restaurant Group
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
Low-Level Software Security for Compiler Developers
CVE-2021-22555: Turning \x00\x00 into 10000$
The V8 Sandbox · V8
Attacking Titan M with Only One Byte
Blue Team Rust: What is "Memory Safety", Really?
New Old Bugs in the Linux Kernel
A Look at iMessage in iOS 14
Linux Security Hardening and Other Tweaks
Introduction to SpiderMonkey exploitation.
The Android kernel mitigations obstacle race
Concurrency Patterns in Embedded Rust
DEF CON 27 Hacking Conference Presentation
Two kids found a screensaver bypass in Linux Mint