After quite some time and work, I’m happy to announce the new release of the Linux Heap Analysis Plugins, which are now part of the Rekall project, but not yet part of an official Rekall release, so you have to grab them manually.
This release fixes several bugs and adds the following features:
Continue reading “New Release of Glibc Heap Analysis Plugins”
Tag: Linux
Creating Static Binaries for Nmap, Socat and other Tools
In various scenarios it might be helpful or even required to have a statically compiled version of Nmap available. This applies to e.g. scenarios where only limited user privileges are available and installing anything to the system might not be desirable.
Continue reading “Creating Static Binaries for Nmap, Socat and other Tools”
Continue readingLet’s talk about RFC 6980
Following my work with the FreeBSD implementation of RFC 6980 I was happy to present my work at last week’s DENOG 9 meeting.
To make it available to anyone who did not meet me there and go into some more detail that would have exceeded the boundaries of the talk, I will cover the topic here.
Continue reading “Let’s talk about RFC 6980”
Continue readingDFRWS USA 2017
As mentioned in my last blogpost, I had the pleasure to participate in this years DFRWS USA and present our paper. The paper and presentation can be freely viewed and downloaded here or here. Note that there is also an extended version of the paper, which can be downloaded here.
The keepassx, zsh and heap analysis plugins are now also part of the Rekall release candidate 1.7.0RC1, so it’s easier to get started.
The conference had some great talks and workshops, which I’m going to briefly sum up.
Continue reading “DFRWS USA 2017”
Release of Glibc Heap Analysis Plugins for Rekall
I’m happy to announce the release of several Glibc heap analysis plugins (for Linux), resp. plugins to gather information from keepassx and zsh, which are now included in the Rekall Memory Forensic Framework. This blogpost will demonstrate these plugins and explain how they can be used. More detailed information, including real world scenarios, will be released after the talk at this years DFRWS USA.
Continue reading “Release of Glibc Heap Analysis Plugins for Rekall”
Continue readingSolving sound issues when using WebEx with Linux and Firefox
Hello everybody,
Some of you might use WebEx in their daily life. And some of you might use Linux (as I and many of us do). However, this combination often results in issues with your PC’s sound or microphone use in a WebEx session.
The problem here is that WebEx won’t run as intended with Firefox and JRE x64. But the solution is quite easy! Use the x86-versions of each.
Probably you don’t want to replace your x64 versions of either of them — and neither do I. So I wrote a little script which helps you to quickly switch to the x86 versions, while you still have the x64 versions installed. And here is how to do it:
Continue reading “Solving sound issues when using WebEx with Linux and Firefox”
Continue readingHardening Against Local PrivEsc: Protecting Your Links
Following up on this post, we want to provide some details on two rather new (well, compared to its lifespan) Linux kernel parameters — and emphasize the need to enable those:
- fs.protected_hardlinks
- fs.protected_symlinks
Continue reading “Hardening Against Local PrivEsc: Protecting Your Links”
Continue readingRevisiting an Old Friend: Shell Globbing
One interesting observation we make when testing complex environments is that at the bottom of huge technology stacks, there is usually a handful of shell scripts doing interesting stuff. More often than not these helper scripts are started as part of cron jobs running as root and perform basic administrative tasks like compressing and copying log files or deleting leftover files in temporary directories. Of course, these high privileges make them an interesting target for privilege escalation attacks and one class of vulnerability we reliably encounter in shell scripts is unsafe handling of globbing or filename expansions. Continue reading “Revisiting an Old Friend: Shell Globbing”
Continue readingIPv6 Hardening Guide for Linux Servers
We were recently approached by a customer asking us for support along the lines of “do you have any recommendations as for strict hardening of IPv6 parameters on Linux systems?”. It turned out that the systems in question process quite sensitive data and are located in certain, not too big network segments with very high security requirements.
Continue reading “IPv6 Hardening Guide for Linux Servers”
Continue reading