Blog Posts Tagged with "Linux"
September 25, 2012 Added by:Andrew Case
This post will discuss Volatility’s new Linux features for recovering network information including enumerating sockets, network connections, and packet contents, and will discuss each plugin along with implementation, how to use it, output, and which forensics scenarios apply...
September 18, 2012 Added by:Andrew Case
KBeast is a rootkit that loads as a kernel module. It also has a userland component that provides remote access. This backdoor is hidden from other userland applications by the kernel module. KBeast also hides files, directories, and processes that start with a user defined prefix...
September 16, 2012 Added by:Andrew Case
This post showcases some of Volatility’s new Linux features by analyzing a popular Linux kernel rootkit named “Average Coder” and includes recovering .bash_history, finding userland processes elevated to root, and discovering overwritten file operation structure pointers...
September 09, 2012 Added by:Dan Dieterle
I’ve never seen Pentoo before, but couldn’t resist taking a peek. Basically Pentoo is Gentoo Linux with a bunch of security focused tweaks. I am married to Backtrack and am not interested in switching to another Linux Security Distro, but Pentoo looks enticing...
August 20, 2012 Added by:Dan Dieterle
Because we had a root shell, we were able to grab the Linux password hashes from the system by simply copying them and pasting them on our local machine. We were then able to use John the Ripper to crack them. We now have passwords to play with...
August 14, 2012 Added by:Andrew Case
Tmpfs is interesting from a forensics perspective for a few reasons. The first is that, in a traditional forensics scenario, the investigator expects that he can shut a computer off, images its disk(s), and get back the filesystem at the time of when the computer was running. With tmpfs, this is obviously not true...
July 12, 2012 Added by:Pierluigi Paganini
Using a JAR, the malware is able to identify the OS and download the right files to infect the targeted machine. After identifying the type of operating system a unit is running, a Java class file will download the appropriate malware, with the purpose to open a backdoor to allow remote access to the machine...
July 11, 2012 Added by:Headlines
"The JAR file checks if the user's machine is running in Windows, Mac or Linux then downloads the appropriate files... the three different platforms behave the same way. They all connect to 22.214.171.124 to get additional code to execute. The ports are 8080, 8081, and 8082 for OSX, Linux, and Windows respectively..."
May 22, 2012 Added by:Dan Dieterle
Metasploitable is a great platform to practice and develop your penetration testing skills. In this tutorial, I will show you how to scan the system, find one of the vulnerable services, and then exploit the service to gain root access...
May 18, 2012 Added by:Dan Dieterle
Okay, you have been reading up on computer security, and even played around with Backtrack some. You have been gaining some penetration testing skills, but now you want to try them out. What do you do? There are several sites that exist that allow you to (legally) test your abilities...
April 12, 2012 Added by:Headlines
Adobe has released critical updates to address multiple vulnerabilities in Adobe Reader X (10.1.2) and earlier versions for Windows and Macintosh, Adobe Reader 9.4.6 and earlier versions for Linux, and Adobe Acrobat X (10.1.2) and earlier versions for Windows and Macintosh...
April 09, 2012 Added by:Infosec Island Admin
Multiple vulnerabilities affecting the WAGO IPC 758-870, which is an embedded Linux programmable logic controller (PLC)could allow an attacker to gain unauthorized access or to make unauthenticated configuration changes, which may include arbitrary code...
March 07, 2012 Added by:Headlines
"Within 48 hours of the system going live, we had gained nearcomplete control of the election server. We successfully changed every vote and revealed almost every secret ballot. Election officials did not detect our intrusion for nearly two business days..."
March 06, 2012 Added by:Infosec Island Admin
Adobe has released critical updates for Android, Windows, Linux and Solaris operating systems to mitigate vulnerabilities in the company's Flash Player software that may have allowed attackers to inflict a denial of service or take control of a targeted system...
February 16, 2012 Added by:Danny Lieberman
Encryption, buzzword, not a silver bullet for protecting data on your servers. In order to determine how encryption fits into server data protection, consider four encryption components on the server side: passwords, tables, partitions and inter-tier socket communications...
February 10, 2012 Added by:Kevin McAleavey
The Symantec leak could pose a risk to RSA's SecurID. Examination of the source code for PCAnywhere turned up something disturbing - numerous header files and several libraries belonging to RSA, and SecurID code is part of the exposed PCAnywhere product source code...
What is the Deep Web? A Trip into the Abyss.... Smukke Smukke on 06-13-2013
NSA Surveillance Is Legal And Not Targeting ... John Smith on 06-13-2013
Vulnerability Management and Root Cause Anal... Ian Tibble on 06-12-2013