We are "patient" zero, so we hardened ourselves!

Feb 9, 2018 - 17 minute read - Research

Federated XMPP with OTR (Off-the-record v3) to protect privacy for Linux user

Principle of OTR protocol Diffie–Hellman (DH) key exchange Diffie–Hellman key exchange is performed between integers and a finite cyclic group. Started here, integers are represented with lowercase letters, while elements of the cyclic group are represented with uppercase letters, and “==” is used to represent mathematical identity. Character of finite cyclic groups The number of the elements of a finite cyclic group is finite (as its name), and is called the order of the group.

Oct 16, 2017 - 6 minute read - Research

Exploiting on CVE-2016-6787

=== Abstract perf is a complex system in linux kernel, and exists other vulnerabilities like CVE-2013-2094. Di Shen, a member of Keen Team, presetated a parper (Defeating Samsung KNOX with zero privilege)[1] that mentioned CVE-2016-6787[2]. Analysis of CVE-2016-6787 This is a double-free vulnerability. The vulnerable object is struct perf_event_context. Review below code firstly, the mainly bug is in the if(move_group) statement; thus set move_group to 1 is necessary. We will talk about how to set the variable move_group up in later section.

Jul 31, 2017 - 2 minute read - Research

Firmware auditing with CHIPSEC

Install the prerequisite packages: Or if you are using PaX/Grsecurity 4.9.x: Install the CHIPSEC Firmware security checklist based on CHIPSEC According to the firmware security training from McAfee Advanced Threat Research. CHIPSEC modules perform a couple checks for the auditing purposes: Issue CHIPSEC Module References SMRAM Locking common.smm CanSecWest 2006 BIOS Keyboard Buffer Sanitization common.bios_kbrd_buffer DEFCON 16 SMRR Configuration common.

May 26, 2017 - 2 minute read - Story

Security Promotion - Mandatory TLS Connection for XMPP

Security Promotion: Mandatory TLS Connection for XMPP Although, according to RFC7590 “Use of Transport Layer Security (TLS) in the Extensible Messaging and Presence Protocol (XMPP)”, TLS was recommended for XMPP connection. But it is not mandatory. Despite the consensus to switch XMPP on mandatory encryption reached by XMPP communities on 2014, there are still some XMPP service providers support non-encrypted connection as a fallback along with TLS. This will probably lead to some security risks.

Apr 29, 2017 - 5 minute read - Story

HardenedLinux: The way to the Ark

HardenedLinux: The way to the Ark PaX/Grsecurity no longer provides the public access to test patch in Apr 26 2017. In the FAQ of the announcement, PaX team and Spender listed a couple of reasons why they do this. As some people already know, it’s not the whole story. As the result of a discussion inside h4rdenedzer0, we believe that Linux foundation is the culprit behind all this result that the commercial/individual/community users losing access to the test patches.

Mar 17, 2017 - 4 minute read - Research

Mission impossible: Hardening the x86 based core infrastructures

By citypw Mission impossible: Hardening the x86 based core infrastructures “Once upon a time, hackers lives in a world with full of libre/free software/firmware/hardware”…oh, wait, it’s not happened yet. Not sure if we can make it happen. It’s totally depends on the decision we make today. Some people might think we are already lost our freedom on x86. Because there are a bunch of shitty binary blobs during the boot/runtime( Who’s gonna watching the watchers?