a person sitting on the floor with vr goggles using a computer

Writing a Linux Kernel Remote in 2022

In this post the author aims to shed some light on remote kernel exploitation, through the lens of a recent remote stack overflow (CVE-2022-0435) discovered by our Threat Advisory Services team. Author noticed when working on this bug that the …

Continue reading Writing a Linux Kernel Remote in 2022

Build a LAMP Server on Ubuntu 14.04 Desktop

This video tutorial will show how to turn an Ubuntu 14.04 desktop into a LAMP server. Watch as I install Apache, MySql, and phpMyAdmin to have a test server for building web pages. I also install VSFTP for a FTP server. Finally, I install Webmin for a web interface and even set up a WordPress to use locally.

Continue reading Build a LAMP Server on Ubuntu 14.04 Desktop

Account Password Security: Advanced Edition

Just the Steps What follows is a discussion on how to use file sync software like Dropbox and encryption software like TrueCrypt to securely and conveniently access an offline password database like those created through KeePassX on every device. The idea is to create a small encrypted file container with TrueCrypt, place the password database inside of it, and sync the file container using Dropbox. Then on any device access the file container in Dropbox, decrypt and mount it with TrueCrypt, and load the password database with KeePassX; this only has to be done once until a device is shut …

Continue reading Account Password Security: Advanced Edition

Account Password Security: Basic Edition

The Short Version Sharing credentials (username and passwords) between the numerous online accounts we have is a difficult dangerous habit to break. I propose the following steps as a manageable way to fix the problem: Select password database software like KeePassX or LastPass and if necessary complementary mobile apps Track down all of the online accounts you’re aware of and scour your email account(s) for accounts you’ve forgotten; for each account: If you no longer care about the account, delete with prejudice (pkill -9 $account) if possible If two-factor authentication is available, set it up Remove any non-critical personal information, …

Continue reading Account Password Security: Basic Edition

Unix/Linux Bash: Critical security hole uncovered

By Steven J. Vaughan-Nichols for NetworkingBash, aka the Bourne-Again Shell, has a newly discovered security hole. And, for many Unix or Linux Web servers, it’s a major problem. Like many others, I use Bash for my default desktop and server shell, which means I need to get it patched as soon as possible. The flaw involves how Bash evaluates environment variables. With specifically crafted variables, a hacker could use this hole to execute shell commands. This, in turn, could render a server vulnerable to ever greater assaults. By itself, this is one of those security holes where an attacker would …

Continue reading Unix/Linux Bash: Critical security hole uncovered

[TUTORIAL] Building Virtual Machine on Linux Operating System

Virtual machine is a machine or computer that are running virtually on a computer. It’s like we have another computer in one computer. Virtual machine has a lot of functions. For example, if you want to run an application, but it can only work on another…

Continue reading “[TUTORIAL] Building Virtual Machine on Linux Operating System”

Linux Hacking Tools

Nessus– this tool can be used to scan configuration settings, patches, and networks etc. it can be found at https://www.tenable.com/products/nessus NMap. This tool can be used to monitor hosts that are running on the server and the services that they are utilizing. It can also be used to scan for ports. It can be found at https://nmap.org/ SARA – SARA is the acronym for Security Auditor’s Research Assistant. As the name implies, this tool can be used to audit networks against threats such as SQL Injection, XSS etc. it can be found at https://www-arc.com/sara/sara.html The above list is not exhaustive; …

Continue reading Linux Hacking Tools