Collaborate Disseminate
I have no experience of kernel programming or anything low level. I just watched this video and at 21:10 the presenter started to talk about modifying kernel memory using two pointers.
From my understanding he simply points pointer A to so… Continue reading Why does this method of modifying kernel memory work?
In fscrypt, master key is received from userspace and actual encryption keys are derived from this master key using KDF. If any other process is able to get hold of the master key, they can unlock the encrypted directory and access the con… Continue reading fscrypt master key handling at kernel space adding additional secure params
Jack Wallen walks you through two different methods of installing the latest Linux kernel on Ubuntu 22.04.
The post How to install Linux kernel 6.0 on Ubuntu 22.04 appeared first on TechRepublic.
Continue reading How to install Linux kernel 6.0 on Ubuntu 22.04
I am still studying kernel credential management (https://kernel.org/doc/html/v5.9/security/credentials.html) and I have encountered a use case I cannot explain.
I am in a VM (Kali).
❯ uname -a
Linux cactus-ths 5.18.0-kali5-amd64 #1 SMP … Continue reading Explanation of capabilities: CAP_NET_BIND_SERVICE
I am doing some security research on Kubernetes and I found something still mysterious to me, concerning capabilities.
Example of simple pod:
apiVersion: v1
kind: Pod
metadata:
name: my-pod-httpd
spec:
containers:
– name: my-pod-http… Continue reading Capabilities DROP in container of Kubernetes pod running with specific UID
I tried to debug my android phone using mvt-android on kali linux, and guess what happened, my samsung phone started flickering (pink screen) all of a sudden that i had to restart it, then i re-plugged it to my laptop, and now it’s chargin… Continue reading Hijacked android phone (not detected by windows and cannot reset it)
Background Information
As I developer I am running multiple (partly virtual-)machines with Debian GNU/Linux and on some of these machines I work with highly confidential documents or dangerous executables like malware. (research and analyt… Continue reading Was the kernel I used vulnerable/deprecated?
I would like to monitor some COM object/interfaces to identify if a program is using them.
I only managed to monitor the associated DLL loading (with Microsoft-Windows-Kernel-Process) but I can’t go any further. I used python but I also di… Continue reading Is it possible to monitor COM class/interface by using ETW
I want to know what security features is added or improved in each Linux kernel release, is there anything like "security change log"?
I couldn’t find it on the internet, the only thing I found is this: https://github.com/iovisor… Continue reading Linux kernel changelog for security features [migrated]
I understand the difference between a Ring-0 rootkit and a Ring-3 rootkit, in terms of their hierarchical depth in computational models. That is kernel mode and usermode, respectively.
I am confused as to whether there is a difference betw… Continue reading Is there a difference between a bootkit and a ring-0 rootkit?