|kconfig-hardened-check|
🤙The Shizo is in touch!
🛡Today I will slowly begin to cover the topic of Linux kernel security.
The kernel device has already been disassembled more than a dozen times, and you need to keep in mind that the core is needed to connect low-level hardware and high-level components of the operating system (processes).
Now we will not go into the level below: hardware and the level above: user processes, but we will focus on the kernel.
Just in case, I will write that the code executed by the system (Linux) on the process is executed in two modes: nuclear (kernel mode) and user, the same separation in memory. It follows from this that when the code is executed in kernel mode, we get unlimited access to hardware, and in user mode our hands are relatively tied and we can interact with the kernel through the system call interface (SCI).
Next, I consider the topic of the post.
Actually Linux kernel has a lot of ways and methods to enhance security.
If we talk about gain options, then most of them are not included in distributions out of the box.
To simplify the verification of configs, I advise you to use kconfig-hardened-check, and then we turn on the options we need after checking with our own hands.
After all, for anonymity, we also need high security of the system. Kconfig-hardened-check
it may be necessary just to check the Kconfig parameters and the parameters of the cmdline kernel.
The author of the tool is not required in the presentation, Alexander Popov is engaged in the development of Linux kernel, working at Positive Technologies, and is also a security researcher.
In the key of the defence kernel, you can note its Linux Kernel Defence Map.
It is quite simple to use:
1️⃣first we go to the directory where we placed a copy of the repository
2️⃣run the binary located in the /bin directory, the
with the "
kernel configuration file
the full launch will look like this:
🤙The Shizo is in touch!
🛡Today I will slowly begin to cover the topic of Linux kernel security.
The kernel device has already been disassembled more than a dozen times, and you need to keep in mind that the core is needed to connect low-level hardware and high-level components of the operating system (processes).
Now we will not go into the level below: hardware and the level above: user processes, but we will focus on the kernel.
Just in case, I will write that the code executed by the system (Linux) on the process is executed in two modes: nuclear (kernel mode) and user, the same separation in memory. It follows from this that when the code is executed in kernel mode, we get unlimited access to hardware, and in user mode our hands are relatively tied and we can interact with the kernel through the system call interface (SCI).
Next, I consider the topic of the post.
Actually Linux kernel has a lot of ways and methods to enhance security.
If we talk about gain options, then most of them are not included in distributions out of the box.
To simplify the verification of configs, I advise you to use kconfig-hardened-check, and then we turn on the options we need after checking with our own hands.
After all, for anonymity, we also need high security of the system. Kconfig-hardened-check
it may be necessary just to check the Kconfig parameters and the parameters of the cmdline kernel.
The author of the tool is not required in the presentation, Alexander Popov is engaged in the development of Linux kernel, working at Positive Technologies, and is also a security researcher.
In the key of the defence kernel, you can note its Linux Kernel Defence Map.
It is quite simple to use:
1️⃣first we go to the directory where we placed a copy of the repository
2️⃣run the binary located in the /bin directory, the
kconfig-hardened-check binarywith the "
-c" key (checking the kconfig kernel file for compliance with the settings) and an argument in the form kernel configuration file
/boot/config-kernel-version
and check the cmdline kernel file located in the /proc directory using the "-l" flagthe full launch will look like this:
./bin/kconfig-hardened-check -c /boot/config-kernel-version -l /proc/cmdline#linux #kernel #security
👍2🤮1
🔓Интересная на мой взгляд статья от mrd0x про способы социальной инженерии для получения начального доступа. Ведь как известно - чаще приходится проявлять творческие навыки в таком процессе, поэтому рекомендую прочитать полностью.
🔓 An interesting article in my opinion from mrd0x about social engineering methods for obtaining initial access. After all, as you know, you often have to show creative skills in such a process, so I recommend reading in full.
#socialEngineering
🔓 An interesting article in my opinion from mrd0x about social engineering methods for obtaining initial access. After all, as you know, you often have to show creative skills in such a process, so I recommend reading in full.
#socialEngineering
👍4❤1
|Lazy Shizo scan|
🔎Продолжу тему "ленивого" анализа вредоносов
(предыдущий пост)/
I will continue the topic of "lazy" analysis of malware
(previous post).
🦠UNPACME(Automated malware unpacking and artifact extraction)
🦠Triage(state-of-the-art malware analysis sandbox designed for cross-platform support (Windows, Android, Linux, and macOS), high-volume malware analysis capabilities, and malware configuration extraction for dozens of malware families)
🦠FileScan.IO(rapid in-depth file assessments, threat intelligence and IOCs extraction)
🦠analyze.intezer(Analyze files, endpoints, URLs, and memory dumps, to detect and classify threats)
🦠joesandbox(Automated Malware Analysis)
🦠Malwoverview(threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, ThreatFox, Triage and it is able to scan Android devices against VT)
🦠php-malware-scanner(Scans PHP files for malwares and known threats)
🦠Pandora(analysis framework to discover if a file is suspicious and conveniently show the results )
🦠Cuckoo Sandbox(automated dynamic malware analysis system)
🦠K7 Free Scanner
🦠F‑Secure Free Online Scanner
🦠Metadefender(simple online tool which scans and analyzes files, hashes, and IP addresses)
#malware #analysis
🔎Продолжу тему "ленивого" анализа вредоносов
(предыдущий пост)/
I will continue the topic of "lazy" analysis of malware
(previous post).
🦠UNPACME(Automated malware unpacking and artifact extraction)
🦠Triage(state-of-the-art malware analysis sandbox designed for cross-platform support (Windows, Android, Linux, and macOS), high-volume malware analysis capabilities, and malware configuration extraction for dozens of malware families)
🦠FileScan.IO(rapid in-depth file assessments, threat intelligence and IOCs extraction)
🦠analyze.intezer(Analyze files, endpoints, URLs, and memory dumps, to detect and classify threats)
🦠joesandbox(Automated Malware Analysis)
🦠Malwoverview(threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, ThreatFox, Triage and it is able to scan Android devices against VT)
🦠php-malware-scanner(Scans PHP files for malwares and known threats)
🦠Pandora(analysis framework to discover if a file is suspicious and conveniently show the results )
🦠Cuckoo Sandbox(automated dynamic malware analysis system)
🦠K7 Free Scanner
🦠F‑Secure Free Online Scanner
🦠Metadefender(simple online tool which scans and analyzes files, hashes, and IP addresses)
#malware #analysis
🔄хммм, опять мелкомякгие накосячили...
В офисе убрали блокировку макросов по умолчанию и теперь распространять вредоносы будет проще.
🔄hmmm, microsoft messed up again...
the office removed the default macros block and now it will be easier to distribute malware.
#microsoft #office #malware
В офисе убрали блокировку макросов по умолчанию и теперь распространять вредоносы будет проще.
🔄hmmm, microsoft messed up again...
the office removed the default macros block and now it will be easier to distribute malware.
#microsoft #office #malware
😁6👍1
This media is not supported in your browser
VIEW IN TELEGRAM
🤙Отличных выходных и всего наилучшего, дорогой подписчик.
🤙Have a great weekend and all the best, dear subscriber.
🤙Have a great weekend and all the best, dear subscriber.
❤13
🕵️♂️Результаты тестирования функции создания диска в DFT версии 1.0 с помощью методик испытания компьютерной форензики инструментов(CFTT) в виде CFTT FRRT для создания образа 5-ой версии.
Данная процедура нужна была для удостоверения точности результатов, выдаваемых инструментом DFT
версии 1.0.
Помимо этого теста прикладываю ещё и для Tableau TX1 Forensic Imager Version 21.3
🕵️♂️The results of testing the disk creation function in DFT version 1.0 using the methods of testing computer forensis tools (CFTT) in the form of CFTT FRRT to create an image of the 5th version.
This procedure was needed to verify the accuracy of the results issued by the DFT tool
version 1.0.
In addition to this test, I also apply for Tableau TX1 Forensic Imager Version 21.3
#forensics #CFTT #DHS #SandT #NIST
Данная процедура нужна была для удостоверения точности результатов, выдаваемых инструментом DFT
версии 1.0.
Помимо этого теста прикладываю ещё и для Tableau TX1 Forensic Imager Version 21.3
🕵️♂️The results of testing the disk creation function in DFT version 1.0 using the methods of testing computer forensis tools (CFTT) in the form of CFTT FRRT to create an image of the 5th version.
This procedure was needed to verify the accuracy of the results issued by the DFT tool
version 1.0.
In addition to this test, I also apply for Tableau TX1 Forensic Imager Version 21.3
#forensics #CFTT #DHS #SandT #NIST
👍3