Collaborate Disseminate
I understand the point of IAT/IDT/ INT and dynamically loaded DLLs at runtime. The OriginalFirstThunk in the Import Directory table refers to the function names stored (in the case of an ordinal) in the Import Lookup/Name table and in the … Continue reading OriginalFirstThunk in memory
I’m connected to an open router and I keep seeing this localhost thing in my Android kernel I have never seen it before. Can someone tell me what it is?
I want to monitor systemcalls with bpftrace (https://github.com/iovisor/bpftrace/). For most systemcalls, this works without problems, but I have problems to monitor applications, where the suid bit is set.
Folowing syscalls are monitored … Continue reading Linux BPFtrace – user switch from suid bit applications not detected
user namespaces in Linux are presented as a security feature, which should increase security. But is this really true?
Is it possible that while user namespaces fix one kind of problem, they introduce another, unexpected, problem with pote… Continue reading user namespaces: do they increase security, or introduce new attack surface?
My current understanding is that the user does not have any way of knowing the kernel address space layout due to the protection mechanisms such as Kernel Address Space Layout Randomization (KASLR).
However, I see that if I use cat /proc/i… Continue reading Can I know kernel address layout and memory mapped IO layout from the user privilege in linux kernel?
I have no experience of kernel programming or anything low level. I just watched this video and at 21:10 the presenter started to talk about modifying kernel memory using two pointers.
From my understanding he simply points pointer A to so… Continue reading Why does this method of modifying kernel memory work?
In fscrypt, master key is received from userspace and actual encryption keys are derived from this master key using KDF. If any other process is able to get hold of the master key, they can unlock the encrypted directory and access the con… Continue reading fscrypt master key handling at kernel space adding additional secure params
Jack Wallen walks you through two different methods of installing the latest Linux kernel on Ubuntu 22.04.
The post How to install Linux kernel 6.0 on Ubuntu 22.04 appeared first on TechRepublic.
Continue reading How to install Linux kernel 6.0 on Ubuntu 22.04
I am still studying kernel credential management (https://kernel.org/doc/html/v5.9/security/credentials.html) and I have encountered a use case I cannot explain.
I am in a VM (Kali).
❯ uname -a
Linux cactus-ths 5.18.0-kali5-amd64 #1 SMP … Continue reading Explanation of capabilities: CAP_NET_BIND_SERVICE
I am doing some security research on Kubernetes and I found something still mysterious to me, concerning capabilities.
Example of simple pod:
apiVersion: v1
kind: Pod
metadata:
name: my-pod-httpd
spec:
containers:
– name: my-pod-http… Continue reading Capabilities DROP in container of Kubernetes pod running with specific UID