Tips and tricks to understand some typical vulnerabilities and how to mitigate them following tips and tricks from an attacker's mind. In this presentation, we going to meet a lot of Linux kernel module generators for custom hardening.
Author: CoolerVoid Tips and tricks to understand some typical vulnerabilities and how to mitigate them following an untypical intelligent approach. abr. 17, 2022 Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
”Vudo Malloc Tricks” by Michel ”MaXX” and ”Once Upon A free()” defined the exploitation of overflowed dynamic memory chunks on Linux. late 2004, a series of patches to GNU libc malloc implemented over a dozen mandatory integrity assertions, effectively rendering the existing techniques to exploit obsolete. Malloc Maleficarum by Phantasmal Phantasmagoria dl.packetstormsecurity.net/papers/attack/MallocMaleficarum.txt cwe.mitre.org/data/definitions/122.html github.com/shellphish/how2heap Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
ptmalloc2 – glibc dlmalloc - Linux, android jemalloc – FreeBSD and Firefox tcmalloc – Google libumem – Solaris Hoard - CISCO, SAP and CreditSuisse Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
late 2010 DieHard Allocator: An error-resistant memory allocator for Windows, Linux, and Mac OS X microsoft.com/en-us/research/video/dieharder-securing-the-heap/ github.com/emeryberger/DieHard In late 2017 FreeGuard: A Faster Secure Heap Allocator arxiv.org/abs/1709.02746 In late 2019 GrapheneOS’s Hardened malloc: Successor to a previous implementation based on extending OpenBSD malloc with various additional security features. github.com/GrapheneOS/hardened_malloc Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
Figure: Yes, Java needs libC to run and use other resources like C libraries and syscalls. Yes, we are going to talk about kernel memory allocation soon. Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
library CVE-2014-0160 A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server. https://www.openssl.org/news/secadv/20140407.txt Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
LibreSSL Memory sanitization is a central feature in LibreSSL that is lacking in OpenSSL. Prior to the deallocation of objects, LibreSSL explicitly zeros out memory using OpenBSD’s explicit_bzero(3) function. This proactively reduces the impact of memory exposure in the event of a future vulnerability or an unprivileged process that gains control of a tainted memory segment. Google’s BoringSSL Currently BoringSSL is the SSL library in Chrome/Chromium and Android. BearSSL, MatrixSSL, mbedtls, PolarSSL, lib sodium and soon Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
fuzzing! AFL! Figure: Magic the gathering card, dark depths by Mathias Kollros Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
of each resource Linux’s seccomp() function OpenBSD’s Pledge() function Restrict a Container’s Syscalls with seccomp kubernetes.io/docs/tutorials/security/seccomp/ github.com/antitree/syscall2seccomp Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
using the proper vault Uses a safe library example LibreSSL and lib sodium Use safe algorithm for cryptography following OWASP, CERT and NIST. Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
system resources Casper-fs is a custom Linux Kernel Module generator to work with resources to protect or hide a custom list of files. Each LKM has resources to protect or hide files following a custom list in the YAML rule file. Not even the root has permission to see the files or make actions like edit and remove. The files only can be caught, edited, and deleted if the user sends a proper key to the custom device. github.com/CoolerVoid/casper-fs Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
libraries A tool to audit Unix/*BSD/Linux system libraries to find public security vulnerabilities Uses pkg-config resource to list all operational system libraries github.com/CoolerVoid/master_librarian Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
Vision2 analyses the Nmap XML scanning results, parses each CPE context, and correlates to search CVE on NIST. You can use that to find public vulnerabilities in services Uses nmap result to search security issues following NVD github.com/CoolerVoid/Vision2 Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
generate a Linux kernel module for hidden and custom rules with Netfilter hooking. (block ports, Hidden mode, firewall functions) The motivation: in a bad situation, an attacker can put your iptables/ufw to fall. But if you have HiddenWall, the attacker will not find the hidden kernel module that blocks external access because it has a hook to netfilter on kernel land(think like a second layer for Firewall). github.com/CoolerVoid/HiddenWall Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
SLAF is a Shared Library Application Firewall ”SLAF”. It has the purpose to protect any service that uses the OpenSSL library. The SLAF inserts hooking to intercept all communication to detect security anomalies and block and log attacks like buffer overflow, path traversal, XXE and SQL injection. So to detect anomalies, Spock uses Deterministic Finite Automaton with rank scores to compute risks and create alerts for each context. github.com/CoolerVoid/spock_slaf Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
coolervoid
satoshi7190
sonatard
bkuhlmann
pyama86
kentaroutakeda
polamjag
konifar
chiroruxx
okashoi
stewemetal
yossydev
hursman
shlominoach
aleyda
philhawksworth
jmmastey
vanstee
quramy
brettharned
tammyeverts
eileencodes
chriscoyier
bluesmoon
