Collaborate Disseminate
Forescout Research Labs, in partnership with JSOF, disclosed a new set of DNS vulnerabilities, dubbed NAME:WRECK. These vulnerabilities affect four popular TCP/IP stacks – namely FreeBSD, IPnet, Nucleus NET and NetX – which are commonly pre… Continue reading New DNS vulnerabilities have the potential to impact millions of devices
I am considering using OpenZFS on FreeBSD. I am not quite sure how secure native OpenZFS encryption is? If somebody steals my server and the disks, is he able to decrypt the files?
In a Discord room I found a possible answer:
Native ZFS e… Continue reading Is native OpenZFS (on FreeBSD) block-level encryption secure?
I’m doing a pentest on a FreeBSD machine running CuppaCMS. Already managed to login into the CMS with admin privilege, but it only takes me to a manager menu, with some options to change some tables and stuff like that, no RCE visible esca… Continue reading LFI to RCE through User-Agent
With a new fuzzing tool created specifically for testing the security of USB drivers, researchers have discovered more than two dozen vulnerabilities in a variety of operating systems. “USBFuzz discovered a total of 26 new bugs, including 16 memo… Continue reading New fuzzing tool for USB drivers uncovers bugs in Linux, macOS, Windows
In my cybersecurity course, we installed a lab in VirtualBox with Pfsense (Bridged Adapter) and several other VMs (Connected to Pfsense’s internal network adapters). It was a success.
My question is, what challenges will I face if I do th… Continue reading What challenges will I face if I install Pfsense on my home router?
You can find many claims online regarding BSD jails being “better” in some way than Linux namespaces for containment, but they typically lack technical details.
From what I understand, the attack surface is pretty much equivalent (shared … Continue reading Do BSD jails protect against some vulnerability class that LXC doesn’t?
OpenBSD, an open-source operating system built with security in mind, has been found vulnerable to four new high-severity security vulnerabilities, one of which is an old-school type authentication bypass vulnerability in BSD Auth framework.
The other… Continue reading Severe Auth Bypass and Priv-Esc Vulnerabilities Disclosed in OpenBSD
The bug is identified as CVE-2019-18408, a high-priority ‘use-after-free’ bug when dealing with a failed archive. Continue reading Linux users warned to update libarchive to beat flaw
Suppose one is running a single internet-facing daemon, as a service in a FreeBSD jail, and expects targeted hostile attacks targeting open WAN ports and services.
Like many services, the service and indeed its jail don’t ne… Continue reading Tightly locking down a FreeBSD jail
A 39-year-old password of Ken Thompson, the co-creator of the UNIX operating system among, has finally been cracked that belongs to a BSD-based system, one of the original versions of UNIX, which was back then used by various computer science pioneers…. Continue reading UNIX Co-Founder Ken Thompson’s BSD Password Has Finally Been Cracked