Forwarded from BlackBox (Security) Archiv
Huawei HKSP Introduces Trivially Exploitable Vulnerability
5/11/2020 Update: We were contacted this morning by Huawei PSIRT who referenced an email by the patch author to the KSPP list: https://www.openwall.com/lists/kernel-hardening/2020/05/10/3 and stated that "The patchset is not provided by Huawei official but an individual. And also not used in any Huawei devices." They asked if we would update the description of the article to correct this information.
Based on publicly-available information, we know the author of the patch is a Huawei employee, and despite attempts now to distance itself from the code after publication of this post, it still retains the Huawei naming. Further, on information from our sources, the employee is a Level 20 Principal Security staffer, the highest technical level within Huawei.
The Github repository mentioned in the article had a commit added to it this morning that inserted a notice to the top of the README file, distancing the code from Huawei. This commit was (intentionally or not) backdated to Friday when the repository was created, creating the impression that we somehow intentionally ignored pertinent information that was readily available. This is obviously untrue, and examining the contents of https://api.github.com/repos/cloudsec/hksp/events proves the commit was pushed to the repo this morning.
We replied to Huawei PSIRT's mail and mentioned that we'd be fine with mentioning the patches aren't shipping on any Huawei devices (I believed it already to be unlikely given the poor code quality), but regarding the other claim (particularly due to the surreptitious Github repo edit), we'd have to also include the additional information we discovered.
ππΌ Read more:
https://grsecurity.net/huawei_hksp_introduces_trivially_exploitable_vulnerability
https://www.openwall.com/lists/kernel-hardening/2020/05/10/3
https://api.github.com/repos/cloudsec/hksp/events
#huawei #PSIRT #hksp #exploitable #kernel #hardening #vulnerability
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
5/11/2020 Update: We were contacted this morning by Huawei PSIRT who referenced an email by the patch author to the KSPP list: https://www.openwall.com/lists/kernel-hardening/2020/05/10/3 and stated that "The patchset is not provided by Huawei official but an individual. And also not used in any Huawei devices." They asked if we would update the description of the article to correct this information.
Based on publicly-available information, we know the author of the patch is a Huawei employee, and despite attempts now to distance itself from the code after publication of this post, it still retains the Huawei naming. Further, on information from our sources, the employee is a Level 20 Principal Security staffer, the highest technical level within Huawei.
The Github repository mentioned in the article had a commit added to it this morning that inserted a notice to the top of the README file, distancing the code from Huawei. This commit was (intentionally or not) backdated to Friday when the repository was created, creating the impression that we somehow intentionally ignored pertinent information that was readily available. This is obviously untrue, and examining the contents of https://api.github.com/repos/cloudsec/hksp/events proves the commit was pushed to the repo this morning.
We replied to Huawei PSIRT's mail and mentioned that we'd be fine with mentioning the patches aren't shipping on any Huawei devices (I believed it already to be unlikely given the poor code quality), but regarding the other claim (particularly due to the surreptitious Github repo edit), we'd have to also include the additional information we discovered.
ππΌ Read more:
https://grsecurity.net/huawei_hksp_introduces_trivially_exploitable_vulnerability
https://www.openwall.com/lists/kernel-hardening/2020/05/10/3
https://api.github.com/repos/cloudsec/hksp/events
#huawei #PSIRT #hksp #exploitable #kernel #hardening #vulnerability
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
Security things in Linux v5.8
https://outflux.net/blog/archives/2021/02/08/security-things-in-linux-v5-8/
#linux #security #kernel
https://outflux.net/blog/archives/2021/02/08/security-things-in-linux-v5-8/
#linux #security #kernel
Linux Kernel Security Done Right
https://security.googleblog.com/2021/08/linux-kernel-security-done-right.html
#Linux #Kernel #Security
https://security.googleblog.com/2021/08/linux-kernel-security-done-right.html
#Linux #Kernel #Security
Google Online Security Blog
Linux Kernel Security Done Right
Posted by Kees Cook, Software Engineer, Google Open Source Security Team To borrow from an excellent analogy between the modern computer ec...
0xor0ne@infosec.exchange - Nice three parts series on Linux kernel exploitation
Part 1: https://lkmidas.github.io/posts/20210123-linux-kernel-pwn-part-1/
Part 2: https://lkmidas.github.io/posts/20210128-linux-kernel-pwn-part-2/
Part 3: https://lkmidas.github.io/posts/20210205-linux-kernel-pwn-part-3/
#Linux #infosec #cybersecurity #kernel
Part 1: https://lkmidas.github.io/posts/20210123-linux-kernel-pwn-part-1/
Part 2: https://lkmidas.github.io/posts/20210128-linux-kernel-pwn-part-2/
Part 3: https://lkmidas.github.io/posts/20210205-linux-kernel-pwn-part-3/
#Linux #infosec #cybersecurity #kernel
0xor0ne@infosec.exchange - Great website if you need a quick reference to Linux kernel syscalls (numbers)
https://syscalls.mebeim.net
#Linux #kernel #programming
https://syscalls.mebeim.net
#Linux #kernel #programming
0xor0ne@infosec.exchange - Very cool series about persistence in Linux environments
Persistence map: https://pberba.github.io/assets/posts/common/20220201-linux-persistence.pdf
Auditd, Sysmon, Osquery: https://pberba.github.io/security/2021/11/22/linux-threat-hunting-for-persistence-sysmon-auditd-webshell/
Account Creation and Manipulation: https://pberba.github.io/security/2021/11/23/linux-threat-hunting-for-persistence-account-creation-manipulation/
Systemd, Timers, and Cron: https://pberba.github.io/security/2022/01/30/linux-threat-hunting-for-persistence-systemd-timers-cron/
Initialization Scripts and Shell Configuration: https://pberba.github.io/security/2022/02/06/linux-threat-hunting-for-persistence-initialization-scripts-and-shell-configuration/
Systemd Generators: https://pberba.github.io/security/2022/02/07/linux-threat-hunting-for-persistence-systemd-generators/
#Linux #kernel #malware #cybersecurity #infosec
Persistence map: https://pberba.github.io/assets/posts/common/20220201-linux-persistence.pdf
Auditd, Sysmon, Osquery: https://pberba.github.io/security/2021/11/22/linux-threat-hunting-for-persistence-sysmon-auditd-webshell/
Account Creation and Manipulation: https://pberba.github.io/security/2021/11/23/linux-threat-hunting-for-persistence-account-creation-manipulation/
Systemd, Timers, and Cron: https://pberba.github.io/security/2022/01/30/linux-threat-hunting-for-persistence-systemd-timers-cron/
Initialization Scripts and Shell Configuration: https://pberba.github.io/security/2022/02/06/linux-threat-hunting-for-persistence-initialization-scripts-and-shell-configuration/
Systemd Generators: https://pberba.github.io/security/2022/02/07/linux-threat-hunting-for-persistence-systemd-generators/
#Linux #kernel #malware #cybersecurity #infosec