lscpu vulnerabilities and mitigation I recently learned about lscpu command and was excited to know the architecture information. However, there is a section at the end where it shows lots of vulnerabilities. Did some google search and after going through forums and articles, came to know it is an architectural issue from Intel for their …
What tools are available to obtain SSL certs from a CA for an isolated/airgapped system? In the past, I have been able to leave the peculiarities of SSL certs to others, an mostly depend on self-signed certificates. That day has come to a close. I need to step up and configure a secured but not …
LUKS encryption: Hide disk unlock target on boot I would like to hide the device name of the LUKS-encrypted disk that is supposed to be unlocked during boot on Kali Purple. Currently whenever I boot my system there is a password prompt and below a small text banner which reads "Please unlock disk sda1_crypt" (example …
Is it possible to find out when a user changed their password? Or to see which user caused the security notice that /etc/spwd.db was changed? Asked By: tink || Source On OpenBSD, you need to start process accounting wuth the accton command: touch /var/account/acct # The file has to exist before accton accton /var/account/acct To …
Permission denied when opening a file in gdb I’m implementing some CTF challenges. The flags are in some text files, that get read from the programs. To protect the flags I have changed the owner of the files, but have set the setuid to the executables to be able to read the files. It works …
Run shellcode as root in a buffer overflow attack? I’m trying to exploit the following code: #include <stdio.h> #include <string.h> int main(int argc, char** argv){ char buffer[100]; strcpy(buffer, argv[1]); return 0; } with the following command ./vuln $(python -c "import sys; sys.stdout.buffer.write(b’x90’*60 + b’x31xc0x50x68x2fx2fx73x68x68x2fx62x69x6ex89xe3x89xc1x89xc2xb0x0bxcdx80x31xc0x40xcdx80′ + b’x40xd6xffxff’*6)") The first part is the NOPs, the second part …
Heavy UDP/sunrpc network usage to unknown IP addresses In the last week or so, my network monitory has indicated that my desktop computer has started periodically sending ~0.7MB/s out over my ethernet connection (eno). I understand very little about network protocols, but have been trying to figure out what processes are responsible for this heavy …
Totally Legit Signing Key <mallory@example.org> I run: gpg –list-keys I get: pub rsa1024 2014-01-26 [C] <REMOVED> uid [ unknown] Totally Legit Signing Key <mallory@example.org> Can this be dangerous? What is this? The address mallory@example.org is confusing. Asked By: Ohumeronen || Source The mallory keys were keys added to demonstrate that short key identifiers are easily …
Detecting used API calls for an application I need to run a proprietary C++ application under Linux and I need to understand if it contains any functions outside advertised features. Is there a way to list all the API calls that the application makes granted it doesn’t use Linux syscalls and only uses standard stdc++ …
What's the deal with gitlab (and github?) security? I just wanted to raise an issue (ie. report a bug) in some software package hosted on gitlab. I have a github account, but not a gitlab one. Whenever I log in from a new device (github), I need to "authorize" the new device. Now, I tried …
How to check permissions of a non sudoers user with full root access? doas is a sudo-like command recently packaged in Debian 12, Ubuntu Jammy (universe) and some other Linux distros. A non sudoers user (doasuser) can be added to /etc/doas.conf to be granted root access. Detailed instructions on Debian Wiki. Problem: The doasuser isn’t …
Clamscan viruses scanning, too many viruses I installed ClamAV to check for some malware. It took much time, 4 hours, to scan my PC, and the results are in this screenshot: I am on Ubuntu 22.04 and tried to stay safe, but I wanted to double-check my PC integrity. Moreover, as you can see I …
Is there a way to enforce 2FA for all users on the SSH server on the Unix PAM Subsystem? Is there a way to enforce two-factor authentication (2FA) for all users on the SSH server on the Unix PAM Subsystem? Asked By: Arunabh Bhattacharya || Source I don’t have access to the unnamed UNIX system …
Is noexec a standard setting for home? I have been told that noexec is a standard setting for /home folder for development environments. Can someone provide some references? Using noexec on /home prevents applications like IDEs, editors, etc. from working properly as expected. Asked By: user1221647 || Source I have been told that noexec is …
CVE-2023-3824, CVE-2023-3823 on PHP I have a focal machine ("Ubuntu 20.04.6 LTS") with php 7.4 installed (7.4.3-4ubuntu2.19), a vulnerability scan warned me about CVE-2023-3824, CVE-2023-3823 in PHP but the following: https://ubuntu.com/security/CVE-2023-3824 https://ubuntu.com/security/CVE-2023-3823 https://ubuntu.com/security/cves?q=&package=php7.4 It states that this machine is "Not vulnerable"; does anybody know how to get more details on this? I took a look …
How do you mitigate the Terrapin SSH attack? The Terrapin Attack on SSH details a "prefix truncation attack targeting the SSH protocol. More precisely, Terrapin breaks the integrity of SSH’s secure channel. By carefully adjusting the sequence numbers during the handshake, an attacker can remove an arbitrary amount of messages sent by the client or …
Why is user.max_user_namespaces enabled in Ubuntu by default? I’m looking into kernel exploits in recent years, approx 80% of them requires user.max_user_namespaces with a positive value. This setting is disabled in CentOS since 6.X series, but enabled in all recent Ubuntu LTS releases. The conclusion seems to be "Ubuntu is more easily exploitable" due to …
Why is my LAN cable opening an UDP port on my computer? OS: Debian 12 I’m working on my OPSEC pretty often because security is very important for me. Now I have a new router which opens a port on my computer when I plug in the LAN cable. When I disconnect the LAN cable, …
Client apps are opened in wrong vnc display I use ubuntu 22.04; gnom(wayland); tightvncserver. When i open client, like mate-calc, on vncviewer display :3 it pop-up on the console of the computer (display :0) instead of the vnc viewer display :3 My xstartup file: #!/bin/sh XDG_SESSION_TYPE=x11 unset SESSION_MANAGER unset DBUS_SESSION_BUS_ADDRESS /usr/bin/startplasma-x11 The command on the …
Find CVE fixed in linux-image-generic I want to know which CVE is fixed in linux-image-generic, but this information is unavailable in changelog, apt changelog linux-image-generic | cat Where can I find it? Asked By: daisy || Source Please note that linux-image-generic is a meta-package that will always depend on the latest generic kernel image available …
