Announcement HardenedLinux is a FLOSS community focus only FLOSS security and we have nothing to do with any commcercial organizations. h4rdenedzer0 team and other contributors have their own day job and we’ve been contributing to HardenedLinux in our night job time. We encourage commcercial organizations contribute FLOSS projects. h4rdenedzer0 is the credit for those long-term contributor. Anyone who has not any activities in HardenedLinux community or other FLOSS security project more than 6 months, will be treated as quit h4rdenedzer0 team automatically.

Reproducible builds for PaX/Grsecurity A series of scripts are created to do reproducible builds for Linux kernel with PaX/Grsecurity patch set. Thanks to: PaX/Grsecurity Mempo project Debian GNU/Linux Community Shawn C[a.k.a “Citypw”] Linux From Scratch Without the contributions of the projects, community and people, the scripts cannot be accomplished. The project’s GitHub repo is at https://github.com/hardenedlinux/grsecurity-reproducible-build . Why do reproducible builds? Reproducible builds are important to the binary’s reliability. With reproducible builds, anyone can recreate the binary, so it can be proved that the source code provided is really the source code used to build the binary, and no more backdoors (either manually inserted into the code or inserted by hijacked toolchain) is contained in the binary.

By:n3o4po11o Project: STIG-4-Debian ##Why STIG? STIGs is bring by a government agency called The Defense Information System Agency(DISA), which is entity responsible for maintaining the security posture of the Department of Defence(DoD) IT infrastructure. After we heard how the NSA fuck this world from Mr.Sn0wd3n.We will pay more attention about how they do the defense. DoD use this Security Technical Implementation Guides to All DoD IT assets before online/operations. And the STIGs classification system based on Mission Assurance Catagory (I-III) and Confidentiality Level (Public-Classified), giving you 9 different possible combinations of config requirements.

by citypw and an anonymous dude “As long as there is technology, there will be hackers. As long as there are hackers, there will be PHRACK magazine.” — The Circle of Lost Hackers on Phrack issue 64 As long as there are bugs, there will be vulnerablities. As long as there are vulnerablities, there will be regular/stable/weaponized exploits. Bug hunting is one of most important issues that we’ve been fighting for decades in FLOSS community.

by zet Build the Clang Toolchains for Android The following process is used to build the Clang that is used by both the Android platfrom and the NDK. And this process is done in the AOSP tree. Both GNU/Linux and Windows toolchains are built on GNU/Linux machines. Windows host binaries are built with mingw. My developing environment is Linux Mint 17.3 Source versions in AOSP Create the work directory mkdir working_directory TOOLCHAINS_BUILD_TOP=work_direcory # optional, only for clear description # below export TOOLCHAINS_BUILD_TOP cd work_directory # build will be done in this directory There are two versions Clang/LLVM code tree in AOSP, the first is: aosp/platform/external/(clang|llvm), and the second is: aosp/toolchain/(clang|llvm).

By Pray3r -[ 0. About this documentation I am researching linux kernel exploitation for the outline and reference books/papers. I will keep update this list and share some of my findings on HardenedLinux. If you have any questions or suggestions don’t hesitate to contact me. -[ 1. Review Linux Memory Management -[ 2. Exploitation -[ 2.1 Attack Surface -[ 2.2 A Taxonomy of Kernel Vulnerabilities -[ 2.3 Finding VULNS/BUGS -[ 2.