Collaborate Disseminate
My host is Fedora, and I want to add an extra layer of protection against 0day KVM/QEMU exploits that execute code on the host. For example there have been CVEs where if we run a specially crafted malicious windows executable on the window… Continue reading Can I use SELinux to add an extra layer of protection against 0-day VM escape exploits in KVM/QEMU?
Is it possible to lock and unlock VMs in VirtualBox or VMware using a fingerprint device in Linux? I know that VMware’s latest versions support TPM, but i want to encrypt and unlock the entire Virtual Machine content with a FingerPrint dev… Continue reading How to lock and unlock VMware or VirtualBox VMs with a fingerprint device? [migrated]
Let’s say you have a important file/folder, and want to only allow certain processes (based on process name, or its corresponding ELF file on the disk, or the digital signature of the corresponding ELF, etc) to read/write to that file. How… Continue reading How to only allow whitelisted processes to access a certain file using SElinux?
My question is, how can i completely restrict Steam’s processes and modules to only have access to what they suppose to, and not be able to do anything malicious, for example running bin/sh or accessing files that it shouldn’t?
Basically, … Continue reading How to completely restrict Steam in Linux to defend against remote zero day exploits?
Lets say i have connected to a VPN server using Linux with the help of Cisco anyconnect protocol or PPTP protocol.
now when i try to connect to it, it says :
The certificate may be invalid or untrusted!
Reason: signer not found
In Windows, Autoruns tool is a really helpful tool for forensic investigators to help them find suspicious startup executables and filter the benign ones.
but i couldn’t anything good like this in linux, so what is the easiest way to achie… Continue reading What is the equivalent of autoruns tool in linux for finding suspicious startup executables? [migrated]
I’m planning to write a driver that unhooks the rootkit hooks in the miniport layer (hooks of device objects or major function array)
But I want my driver to be generic and work in most Windows versions and both 32 and 64 bit Windows.
The … Continue reading Are port and miniport drivers protected by PatchGuard in Windows?
So for example one of the famous alternatives to Virustotal aka Nodistribute.com claims that it doesn’t send the file to AVs, but if it doesn’t, then how can they scan it? just by checking the hash? if so, wouldn’t that make … Continue reading How do AVs scan the file in websites that claim they don’t send the files to AVs like Nodistribute.com? [on hold]
Can any application install a kernel driver? if not, then how Windows decides who can and who cannot?
If AVs can install kernel drivers, considering they are an application with an installer just like the rest of apps, then what stops mal… Continue reading What are the the requirements for third party apps to install kernel drivers on Windows?
I was wondering how big companies secure each computer from malware compared to home users? what is the most common way of doing it?
For example, do they install an AV on each computer and also use some NIPS/NIDS on some rou… Continue reading What is the most common way for big companies to secure their end point computers from malware? [on hold]