Collaborate Disseminate
Trusting kernel drivers is bad. Is there something we can do to have at least an idea about what it does?
For example, let’s suppose an armv8a linux kernel. I’d search for all the syscalls, which according to https://stackoverflow.com/a/12… Continue reading Is it possible to determinate which functions a kernel module calls?
I was reading a few articles online about how some firmware can be altered into malware and essentially infect a hardware equipment for its entire life time.
Like almost all SSDs in the industry specially the ones intended for desktop use … Continue reading What are the dangers of a firmware malware in 2021 and is it possible?
I am attempting to exploit HEVD kernel driver buffer overflow challenge:
https://github.com/hacksysteam/HackSysExtremeVulnerableDriver
However when running the below code my windows 7 machine doesn’t execute the desired shellcode (assign c… Continue reading Assigning memory address of shellcode to buffer (for buffer overflow input)
When I do in linux root shell cat /boot/System.map-$(uname -r) it returns me segments of memory but there is a big gap around phys_startup_64:
00000000000228c0 D softnet_data
0000000000022a80 d rt_uncached_list
0000000000022ac0 d rt6_uncac… Continue reading How to get information about segments of physical memory not described in System.map on linux
Forenote: I’m not familiar with how virtualisation works on a low-level (but I’d certainly like to learn) so this question could arise from ignorance.
Example Scenario: One virtualised router is connected to a networked device. Appropriate… Continue reading Can a host OS be attacked through the network stack?
Isovalent, a startup that aims to bring networking into the cloud-native era, today announced that it has raised a $29 million Series A round led by Andreessen Horowitz and Google. In addition, the company today officially launched its Cilium Enterprise platform (which was in stealth until now) to help enterprises connect, observe and secure their […] Continue reading With $29M in funding, Isovalent launches its cloud-native networking and security platform
Google Project Zero disclosed the bug before a patch becomes available from Microsoft. Continue reading Unpatched Windows Zero-Day Exploited in the Wild for Sandbox Escape
I’d like to have a table of executables that are allowed to be run on the machine with everything else not getting executed even when the executable flag is set. For instance via a config file like this:
| command | location … Continue reading Is there a way to specify in a table which executables (via locations & hashes) are allowed to run on Debian? [migrated]
as far as my understanding goes, an OS needs to implement some sort of reference monitor, as the entity which grants or denies permissions as an access control decision.
Furthermore, I think the Linux kernel does this by providing Linux Se… Continue reading Linux security modules (LSM) and reference monitor implementation
Intel and Google are urging users to update the Linux kernel to version 5.9 or later. Continue reading Google, Intel Warn on ‘Zero-Click’ Kernel Bug in Linux-Based IoT Devices