Collaborate Disseminate
Logwatch shows that proftpd was tried to be logged into using root
0.0.0.0 (111.254.68.221[111.254.68.221]) – SECURITY VIOLATION: Root login attempted
I found:
Normally, proftpd does not allow root logins under any circumstance. If a clie… Continue reading SECURITY VIOLATION: Root login attempted – Which password is affected?
In the previous article of this series, “Wireless Pentesting Part 2 – Building a WiFi Hacking Rig”, we discussed building a WiFi hacking rig. We covered the hardware, operating systems, and software requirements for setting up your own wireless pentest… Continue reading Wireless Pentesting Part 3 – Common Wireless Attacks
Context: I own a machine; I trust root and all the accounts. I virtualize untrusted guests using KVM, and don’t want them to escape.
When /dev/kvm has the right permissions, non-root users can run KVM guests. Does this bring any security a… Continue reading What are the security risks of running QEMU/KVM as root?
“So, I heard back from the team. They really liked you, but I had no idea that you’ve just been promoted. The policy is that if you’ve been promoted, you have to wait a full year before you can change departments. I’m so sorry. … Continue reading BBP: You’ve Just Been Promoted…
I have a system where root user is sysadm_u. When the user tries to start at job, get this error “execle: couldn’t get security context for user root”.
After going through the source code of at and other selinux docs, the issue seems to b… Continue reading selinux : root as sysadm_u not able to start at job
Researchers say the bugs are easy to exploit and will likely be weaponized within a day. Continue reading Salt Bugs Allow Full RCE as Root on Cloud Servers
For Example
Is it safer to do:
$ sudo [cmd] [args] [enter user password]
or
$ su – [enter root password]
# [cmd] [args]
I always assumed they are the exact same thing, because sudo utilizes setuid-root, so the process that is … Continue reading Does sudo ever de-escalate privilege while the program/command/service is running?
A couple of zero-day vulnerabilities found in the MacOS version of the Zoom video conferencing application could let attackers elevate their rights to root or to gain access to the microphone and camera. Just a couple of days ago, Zoom removed the Face… Continue reading Zoom for macOS Has a Couple of Dangerous Zero-Day Vulnerabilities
My understanding is that if Issuer and Subject fields for same, the certificate is self-signed and must be a root certificate. I’m trying to do this comparison in code but facing issues.
m_X509_NAME *R_CDECL2 = X509_get_subject_name( p… Continue reading How to determine whether the certificate is a root certificate
PowerShell has gained popularity with SysAdmins and for good reason. It’s on every Windows machine (and now some Linux machines as well), has capabilities to interact with almost every service on every machine on the network, and it’s a com… Continue reading WMI 101 for Pentesters