By:n3o4po11o Project: STIG-4-Debian ##Why STIG? STIGs is bring by a government agency called The Defense Information System Agency(DISA), which is entity responsible for maintaining the security posture of the Department of Defence(DoD) IT infrastructure. After we heard how the NSA fuck this world from Mr.Sn0wd3n.We will pay more attention about how they do the defense. DoD use this Security Technical Implementation Guides to All DoD IT assets before online/operations. And the STIGs classification system based on Mission Assurance Catagory (I-III) and Confidentiality Level (Public-Classified), giving you 9 different possible combinations of config requirements.

by citypw and an anonymous dude “As long as there is technology, there will be hackers. As long as there are hackers, there will be PHRACK magazine.” — The Circle of Lost Hackers on Phrack issue 64 As long as there are bugs, there will be vulnerablities. As long as there are vulnerablities, there will be regular/stable/weaponized exploits. Bug hunting is one of most important issues that we’ve been fighting for decades in FLOSS community.

by zet Build the Clang Toolchains for Android The following process is used to build the Clang that is used by both the Android platfrom and the NDK. And this process is done in the AOSP tree. Both GNU/Linux and Windows toolchains are built on GNU/Linux machines. Windows host binaries are built with mingw. My developing environment is Linux Mint 17.3 Source versions in AOSP Create the work directory mkdir working_directory TOOLCHAINS_BUILD_TOP=work_direcory # optional, only for clear description # below export TOOLCHAINS_BUILD_TOP cd work_directory # build will be done in this directory There are two versions Clang/LLVM code tree in AOSP, the first is: aosp/platform/external/(clang|llvm), and the second is: aosp/toolchain/(clang|llvm).

By Pray3r -[ 0. About this documentation I am researching linux kernel exploitation for the outline and reference books/papers. I will keep update this list and share some of my findings on HardenedLinux. If you have any questions or suggestions don’t hesitate to contact me. -[ 1. Review Linux Memory Management -[ 2. Exploitation -[ 2.1 Attack Surface -[ 2.2 A Taxonomy of Kernel Vulnerabilities -[ 2.3 Finding VULNS/BUGS -[ 2.

By citypw –[ CONTENTS About this doc Build and install customized kernel with PaX/Grsecurity patch PaX flags: paxctl-ng & pax-bites Kernel tuning Networking Sandboxing: seccomp Crypto 6.1 Entropy 6.2 Daily bread ##–[ 0. About this documentation We just celebrated another new year a couple of days ago, which means it’s 2016 already. A another new year usually just brings us to another fight. FOSS is still our fortress, as always.

project STIG-4-Debian will be soonn…. Debian GNU/Linux security checklist and hardening –[ CONTENTS About this doc Security updates Vulnerability Assessment 2.1 GCC mitigation 2.2 0ld sch00l *nix file auditing 2.3 GNU/Linux’s auditd 2.4 T00ls Kernel security 3.1 Apparmor 3.2 SELinux 3.3 Mempo kernel 3.3.1 PaX\/Grsecurity SSL/TLS Checklist 4.1 Ciphersuites in Apache2/Nginx 4.2 OpenSSH 4.2.1 OpenSSH in post-prism era Web security 5.1 Web server( Apache/Nginx?) 5.2 WAF( Web Application Firewall) Security standard