HardenedLinux

We are "patient" zero, so we hardened ourselves!

Oct 13, 2024 - 16 minute read - Research

Container Hardening Process

This is a step-by-step guide to the container hardening process on the GNU/Linux operating system. A containerized application (Podman with Pandoc) has been created for demonstration. The process begins with applying a customized Seccomp policy profile created by analyzing system calls for the container process. Then, MAC tools (AppArmor and SELinux) are set up on the host OS to protect file systems from being accessed arbitrarily. There are some suggestions and discussions in the end about further hardening options.

Aug 20, 2024 - 21 minute read - Research

GNU/Linux Sandboxing - A Brief Review

This paper is an incomplete review of the sandbox solutions on the GNU/Linux operating system, which covers the often-used or commonly studied solutions. It also introduces the interfaces to be restricted by an application sandbox and discusses the idea of application sandboxing in the end. Hopefully, it can be a reference for the GNU/Linux communities, including users, package maintainers, and application developers.

Jan 17, 2024 - 6 minute read - Research

How to access websites hostile toward Tor through Tor

By Anonymous How to access websites hostile toward Tor through Tor Tor is an effective tool that allows us to access network services anonymously. Unfortunately, certain network services, often websites, have hostility towards Tor and employ various methods to block TCP connections originating from Tor exit nodes. However, they usually accept TCP connections that do not originate from Tor exits. Therefore, to access these Tor-hostile websites, one approach is to route the traffic through a proxy server after exiting the Tor network.

Sep 7, 2023 - 5 minute read - Research

Boot Unguarded: x86 Trust Anchor Downfalls to The Leaked OEM Internal Tools and Signing Keys

By HardcoreMatrix The HardcoreMatrix team specializes in firmware and infrastructure security, supply chain security, and threat modeling. We vividly illustrate the severe consequences that underlying threats pose to enterprise and personal information security. One “Leak” can rule them all! In March 2023, Micro-Star International (MSI) suffered a significant attack orchestrated by the Money Message ransomware group. Unfortunately, this is not just another random leak. The aftermath revealed a leak of internal data, including highly sensitive information such as the BootGuard private key.

Feb 10, 2021 - 17 minute read - Research

Cheap PCB story

Assuming that you’re a hardware hacker with full passionate about to making the new product and you dont want to build your own factory by tweaking around the soldering workbench or PnP psychopunk machine. It’s likely you’re end up somewhere( Asia: Shenzhen/Hongkong/Vietnam/etc, EU: Estonia/Germany/Sweden/etc, Americas: New Jersey/Mexico City/etc) to fit your need due to the trend of regional supply chain. You may encounter some problems no matter how the supply chain was formed.

May 14, 2020 - 11 minute read - Research

OpenTitan RTL synthesis with Yosys using sv2v and RTL-to-GDS generated by OpenROAD

OpenTitan is the first open source project building a transparent, high-quality reference design and integration guidelines for silicon root of trust (RoT) chips. Yosys is a free/libre and open source framework for RTL synthesis tools. It currently has extensive Verilog-2005 support and provides a basic set of synthesis algorithms for various application domains. OpenTitan is a systemverilog project, but currently yosys only supports a small subset of systemverilog. So we need sv2v to convert the source code to verilog.