We are "patient" zero, so we hardened ourselves!

Apr 1, 2016 - 10 minute read - Guide

(A/T/KT) - Sanitized GNU/Linux: a new way of bug hunter in FLOSS Community

by citypw and an anonymous dude “As long as there is technology, there will be hackers. As long as there are hackers, there will be PHRACK magazine.” — The Circle of Lost Hackers on Phrack issue 64 As long as there are bugs, there will be vulnerablities. As long as there are vulnerablities, there will be regular/stable/weaponized exploits. Bug hunting is one of most important issues that we’ve been fighting for decades in FLOSS community.

Apr 1, 2016 - 3 minute read - Guide

How to build Clang toolchains for Android

by zet Build the Clang Toolchains for Android The following process is used to build the Clang that is used by both the Android platfrom and the NDK. And this process is done in the AOSP tree. Both GNU/Linux and Windows toolchains are built on GNU/Linux machines. Windows host binaries are built with mingw. My developing environment is Linux Mint 17.3 Source versions in AOSP Create the work directory mkdir working_directory TOOLCHAINS_BUILD_TOP=work_direcory # optional, only for clear description # below export TOOLCHAINS_BUILD_TOP cd work_directory # build will be done in this directory There are two versions Clang/LLVM code tree in AOSP, the first is: aosp/platform/external/(clang|llvm), and the second is: aosp/toolchain/(clang|llvm).

Jan 19, 2016 - 2 minute read - Research

An Introduction to Linux Kernel Exploitation

By Pray3r -[ 0. About this documentation I am researching linux kernel exploitation for the outline and reference books/papers. I will keep update this list and share some of my findings on HardenedLinux. If you have any questions or suggestions don’t hesitate to contact me. -[ 1. Review Linux Memory Management -[ 2. Exploitation -[ 2.1 Attack Surface -[ 2.2 A Taxonomy of Kernel Vulnerabilities -[ 2.3 Finding VULNS/BUGS -[ 2.

Jan 10, 2016 - 6 minute read - Guide

Hardening your desktop: Linux Mint with PaX/Grsecurity

By citypw –[ CONTENTS About this doc Build and install customized kernel with PaX/Grsecurity patch PaX flags: paxctl-ng & pax-bites Kernel tuning Networking Sandboxing: seccomp Crypto 6.1 Entropy 6.2 Daily bread ##–[ 0. About this documentation We just celebrated another new year a couple of days ago, which means it’s 2016 already. A another new year usually just brings us to another fight.

Jun 9, 2015 - 14 minute read - Guide

Debian GNU/Linux security checklist and hardening

project STIG-4-Debian will be soonn…. Debian GNU/Linux security checklist and hardening –[ CONTENTS About this doc Security updates Vulnerability Assessment 2.1 GCC mitigation 2.2 0ld sch00l *nix file auditing 2.3 GNU/Linux’s auditd 2.4 T00ls Kernel security 3.1 Apparmor 3.2 SELinux 3.3 Mempo kernel 3.3.1 PaX\/Grsecurity SSL/TLS Checklist 4.1 Ciphersuites in Apache2/Nginx 4.2 OpenSSH 4.2.1 OpenSSH in post-prism era Web security

May 11, 2015 - 4 minute read - Research

PaX/Grsecurity for Nexus 7 2013

Update( May 28 2015) The porting work of the PaX patch already done. We tested it with Towel & KINGROOT. The result as expected: they all failed to root the Android 5.0.2 with kernel code base from 2014. Perhaps, we might try to make GRSEC & RBAC into the Android in the future……… armv7-nexus7-grsec PaX/Grsecurity patch for Nexus7, which the original version is 3.4 kernel based with a bunch of backport features and fixes.