Author: Wei Reviewer: Shawn Chang Revision: 0.1 Abstract: This article presents a step-by-step guide to the container hardening process on the GNU/Linux operating system. For demonstration, we create a containerized application using the Podman container platform and Pandoc. The hardening begins with creating a customized Seccomp policy profile by analyzing system calls for the container process and applying the profile. Then, MAC tools such as AppArmor and SELinux are set up on the host OS t...| HardenedLinux
Authors: • Wei • Shawn Chang Revision: 0.2 Abstract: In the modern operating system, application sandbox has become an effective security mechanism to confine the permissions of run-time programs, thereby reducing the risk that the other applications and the core system components in the system are affected by the program’s malicious behaviors. Although the development of sandbox solutions on the GNU/Linux operating systems falls relatively behind compared to some proprietary systems an...| HardenedLinux
By Anonymous How to access websites hostile toward Tor through Tor Tor is an effective tool that allows us to access network services anonymously. Unfortunately, certain network services, often websites, have hostility towards Tor and employ various methods to block TCP connections originating from Tor exit nodes. However, they usually accept TCP connections that do not originate from Tor exits. Therefore, to access these Tor-hostile websites, one approach is to route the traffic through a pr...| HardenedLinux
By HardcoreMatrix The HardcoreMatrix team specializes in firmware and infrastructure security, supply chain security, and threat modeling. We vividly illustrate the severe consequences that underlying threats pose to enterprise and personal information security. One “Leak” can rule them all! In March 2023, Micro-Star International (MSI) suffered a significant attack orchestrated by the Money Message ransomware group. Unfortunately, this is not just another random leak. The aftermath revea...| HardenedLinux
The seeds of HardenedLinux were planted in 2010, and by 2014, the fruits of our exploratory journey began to take shape. In 2014, Shawn C [a.k.a “citypw”] took the initiative to launch the HardenedLinux community project, marking the official beginning of their involvement. Recognizing the importance of sustained development and maintenance, Shawn extended their support by providing essential funding. This enabled the project to employ dedicated full-time maintainers, ensuring continuous ...| HardenedLinux
Assuming that you’re a hardware hacker with full passionate about to making the new product and you dont want to build your own factory by tweaking around the soldering workbench or PnP psychopunk machine. It’s likely you’re end up somewhere( Asia: Shenzhen/Hongkong/Vietnam/etc, EU: Estonia/Germany/Sweden/etc, Americas: New Jersey/Mexico City/etc) to fit your need due to the trend of regional supply chain. You may encounter some problems no matter how the supply chain was formed.| HardenedLinux
OpenTitan is the first open source project building a transparent, high-quality reference design and integration guidelines for silicon root of trust (RoT) chips. Yosys is a free/libre and open source framework for RTL synthesis tools. It currently has extensive Verilog-2005 support and provides a basic set of synthesis algorithms for various application domains. OpenTitan is a systemverilog project, but currently yosys only supports a small subset of systemverilog. So we need sv2v to convert...| HardenedLinux
Exploit use-after-free bugs in dedicated cache This is just a demonstration. HOWTO free the target object spray and eat all available memory, take high memory usage, hope to have the freed object poisoned trigger the use-after-free NOTICE For each cache, the Slab allocator keeps three doubly-linked lists of slabs: full slabs: all objects of a slab are used (i.e. allocated) free slabs: all objects of a slab are free (i.e. the slab is empty) partial slabs: some objects of the slab are used and ...| HardenedLinux
by Shawn C[ a.k.a “citypw”] Meltdown/Spectre Google project zero’s write-up explains how the vulnerablities( meltdown, spectre v1/v2) work. More info about v3a and v4, check Google project zero’s bug tracker and INTEL-SA-00115. Vulnerablity Affect Kernel mitigation Compiler support v3 Meltdown( rogue data cache load (CVE-2017-5754)) < IceLake( 2018/2019) KPTI/ PAX_UDEREF N/A Spectre v1( bounds check bypass (CVE-2017-5753)) < IceLake( 2018/2019) Code hardening N/A Spectre v1.1 ( Bounds...| HardenedLinux
For we wrestle not against flesh and blood, but against principalities, against powers, against the rulers of the darkness of this world, against spiritual wickedness in high places. — Ephesians 6:12 Original art design - The Fellowship of Libre firmware: Hunting the Shadow 最初の章:預言者の到来 Since the birth of the technology deity, the free software/firmware/hardware community has faced numerous adversaries, and Intel ME (Management Engine) stands as one of the most clandest...| HardenedLinux
Principle of OTR protocol Diffie–Hellman (DH) key exchange Diffie–Hellman key exchange is performed between integers and a finite cyclic group. Started here, integers are represented with lowercase letters, while elements of the cyclic group are represented with uppercase letters, and “==” is used to represent mathematical identity. Character of finite cyclic groups The number of the elements of a finite cyclic group is finite (as its name), and is called the order of the group.| HardenedLinux
=== Abstract perf is a complex system in linux kernel, and exists other vulnerabilities like CVE-2013-2094. Di Shen, a member of Keen Team, presetated a parper (Defeating Samsung KNOX with zero privilege)[1] that mentioned CVE-2016-6787[2]. Analysis of CVE-2016-6787 This is a double-free vulnerability. The vulnerable object is struct perf_event_context. Review below code firstly, the mainly bug is in the if(move_group) statement; thus set move_group to 1 is necessary. We will talk about how t...| HardenedLinux
Install the prerequisite packages: Or if you are using PaX/Grsecurity 4.9.x: Install the CHIPSEC Firmware security checklist based on CHIPSEC According to the firmware security training from McAfee Advanced Threat Research. CHIPSEC modules perform a couple checks for the auditing purposes: Issue CHIPSEC Module References SMRAM Locking common.smm CanSecWest 2006 BIOS Keyboard Buffer Sanitization common.bios_kbrd_buffer DEFCON 16 SMRR Configuration common.smrr ITL 2009, CanSecWest 2009 BIOS Pro...| HardenedLinux
Security Promotion: Mandatory TLS Connection for XMPP Although, according to RFC7590 “Use of Transport Layer Security (TLS) in the Extensible Messaging and Presence Protocol (XMPP)”, TLS was recommended for XMPP connection. But it is not mandatory. Despite the consensus to switch XMPP on mandatory encryption reached by XMPP communities on 2014, there are still some XMPP service providers support non-encrypted connection as a fallback along with TLS. This will probably lead to some securit...| HardenedLinux
HardenedLinux: The way to the Ark PaX/Grsecurity no longer provides the public access to test patch in Apr 26 2017. In the FAQ of the announcement, PaX team and Spender listed a couple of reasons why they do this. As some people already know, it’s not the whole story. As the result of a discussion inside h4rdenedzer0, we believe that Linux foundation is the culprit behind all this result that the commercial/individual/community users losing access to the test patches.| HardenedLinux
By citypw Mission impossible: Hardening the x86 based core infrastructures “Once upon a time, hackers lives in a world with full of libre/free software/firmware/hardware”…oh, wait, it’s not happened yet. Not sure if we can make it happen. It’s totally depends on the decision we make today. Some people might think we are already lost our freedom on x86. Because there are a bunch of shitty binary blobs during the boot/runtime( Who’s gonna watching the watchers?| HardenedLinux
By citypw PaX/Grsecurity –> KSPP –> AOSP kernel: Linux kernel mitigation checklist( Sep 18 2017) We should treat security as a whole, just like the combination of PaX/Grsecurity features/code hardening build up a defense-in-depth solution for Linux kernel, which is a core infrastructre we are highly rely on. PaX/Grsecurity is a set of security hardening specific patch that brings the linux kernel security into another level. It’s a great value to make all FLOSS community getting benefit...| HardenedLinux
Author: persmule Mail: persmule@hardenedlinux.org 00 ME: Management Engine First introduced in Intel’s 965 Express Chipset Family, the Intel Management Engine (ME) is a separate computing environment physically located in the (G)MCH chip (for Core 2 family CPUs which is separate from the northbridge), or PCH chip replacing ICH(for Core i3/i5/i7 which is integrated with northbridge). The ME consists of an individual processor core, code and data caches, a timer, and a secure internal bus to ...| HardenedLinux
Build debug environment for the dynamic linker of Glibc @(Toolchains)[Glibc|dynamic-linker|gdb|gcc] 00 Prologue Recently my work need some research about the dynamic linker of Glibc, when I use gdb from the PLT table of executable or shared library into the Glibc source in a general way will see this: [...] |0xf7ff04b3 mov 0x10(%esp),%edx | >|0xf7ff04b7 mov 0xc(%esp),%eax | |0xf7ff04bb call 0xf7fea080 [...] (gdb) si [...] 0x0804852b in stub@plt () 0x08048500 in ?| HardenedLinux
Announcement HardenedLinux is a FLOSS community focus only FLOSS security and we have nothing to do with any commcercial organizations. h4rdenedzer0 team and other contributors have their own day job and we’ve been contributing to HardenedLinux in our night job time. We encourage commcercial organizations contribute FLOSS projects. h4rdenedzer0 is the credit for those long-term contributor. Anyone who has not any activities in HardenedLinux community or other FLOSS security project more tha...| HardenedLinux
Reproducible builds for PaX/Grsecurity A series of scripts are created to do reproducible builds for Linux kernel with PaX/Grsecurity patch set. Thanks to: PaX/Grsecurity Mempo project Debian GNU/Linux Community Shawn C[a.k.a “Citypw”] Linux From Scratch Without the contributions of the projects, community and people, the scripts cannot be accomplished. The project’s GitHub repo is at https://github.com/hardenedlinux/grsecurity-reproducible-build . Why do reproducible builds? Reproducib...| HardenedLinux
By:n3o4po11o Project: STIG-4-Debian ##Why STIG? STIGs is bring by a government agency called The Defense Information System Agency(DISA), which is entity responsible for maintaining the security posture of the Department of Defence(DoD) IT infrastructure. After we heard how the NSA fuck this world from Mr.Sn0wd3n.We will pay more attention about how they do the defense. DoD use this Security Technical Implementation Guides to All DoD IT assets before online/operations. And the STIGs classific...| HardenedLinux
by citypw and an anonymous dude “As long as there is technology, there will be hackers. As long as there are hackers, there will be PHRACK magazine.” — The Circle of Lost Hackers on Phrack issue 64 As long as there are bugs, there will be vulnerablities. As long as there are vulnerablities, there will be regular/stable/weaponized exploits. Bug hunting is one of most important issues that we’ve been fighting for decades in FLOSS community.| HardenedLinux
by zet Build the Clang Toolchains for Android The following process is used to build the Clang that is used by both the Android platfrom and the NDK. And this process is done in the AOSP tree. Both GNU/Linux and Windows toolchains are built on GNU/Linux machines. Windows host binaries are built with mingw. My developing environment is Linux Mint 17.3 Source versions in AOSP Create the work directory mkdir working_directory TOOLCHAINS_BUILD_TOP=work_direcory # optional, only for clear descript...| HardenedLinux
By Pray3r -[ 0. About this documentation I am researching linux kernel exploitation for the outline and reference books/papers. I will keep update this list and share some of my findings on HardenedLinux. If you have any questions or suggestions don’t hesitate to contact me. -[ 1. Review Linux Memory Management -[ 2. Exploitation -[ 2.1 Attack Surface -[ 2.2 A Taxonomy of Kernel Vulnerabilities -[ 2.3 Finding VULNS/BUGS -[ 2.| HardenedLinux
By citypw –[ CONTENTS About this doc Build and install customized kernel with PaX/Grsecurity patch PaX flags: paxctl-ng & pax-bites Kernel tuning Networking Sandboxing: seccomp Crypto 6.1 Entropy 6.2 Daily bread ##–[ 0. About this documentation We just celebrated another new year a couple of days ago, which means it’s 2016 already. A another new year usually just brings us to another fight. FOSS is still our fortress, as always.| HardenedLinux
project STIG-4-Debian will be soonn…. Debian GNU/Linux security checklist and hardening –[ CONTENTS About this doc Security updates Vulnerability Assessment 2.1 GCC mitigation 2.2 0ld sch00l *nix file auditing 2.3 GNU/Linux’s auditd 2.4 T00ls Kernel security 3.1 Apparmor 3.2 SELinux 3.3 Mempo kernel 3.3.1 PaX\/Grsecurity SSL/TLS Checklist 4.1 Ciphersuites in Apache2/Nginx 4.2 OpenSSH 4.2.1 OpenSSH in post-prism era Web security 5.1 Web server( Apache/Nginx?) 5.2 WAF( Web Application Fir...| HardenedLinux
Update( May 28 2015) The porting work of the PaX patch already done. We tested it with Towel & KINGROOT. The result as expected: they all failed to root the Android 5.0.2 with kernel code base from 2014. Perhaps, we might try to make GRSEC & RBAC into the Android in the future……… armv7-nexus7-grsec PaX/Grsecurity patch for Nexus7, which the original version is 3.4 kernel based with a bunch of backport features and fixes.| hardenedlinux.org
Santizer is the most effective way to enhance the memory safety. Fuzzer helps as well! Fil-C...| hardenedlinux.org