background preloader

Security

Facebook Twitter

Intro to Linux Pluggable Authentication Modules. Every time you log into a Linux system, you're using the Pluggable Authentication Modules (PAM).

Intro to Linux Pluggable Authentication Modules

Let's take a closer look what's going on under the hood. How PAM works. PAM (Pluggable Authentication Modules) is one of those dark corners of Linux where most users don't venture - in fact, I'd be willing to bet that the majority of Linux users don't even know what it is.

How PAM works

And yet, PAM is at the heart of every single thing in Linux to do with authentication. Take our guided tour of PAM, join our science lab and perform our experiments (no bunsen burner necessary!) And see how PAM gives you fine-grain control over your security policy. Getting to know PAM PAM is a framework that assists applications in performing what I'll call "authentication-related activities". Each module performs one specific task, and a "PAM-aware" application typically uses a stack of several modules to get the job done. Figure 1: the PAM architecture and how its different parts are related. Biometrics. Biometrics is the automated method of recognizing a person based on a physiological or behavioral characteristic.

Biometrics

Biometric technologies are becoming the foundation of an extensive array of highly secure identification and personal verification solutions. Biometric technologies should be considered and evaluated giving full consideration to the following characteristics: Universality: Every person should have the characteristic. People who are mute or without a fingerprint will need to be accommodated in some way. Uniqueness: Generally, no two people have identical characteristics. Biometrics is expected to be incorporated in solutions to provide for Homeland Security including applications for improving airport security, strengthening the United States' national borders, in travel documents, visas and in preventing ID theft.

Secrets of Network Cartography - Stealth Scanning – The FIN Scan (-sF), Xmas Tree Scan (-sX), and Null Scan (-sN) Steath Scanning - The FIN Scan (-sF), Xmas Tree Scan (-sX), and Null Scan (-sN) Requires Privileged Access: YES Identifies TCP Ports: YES Identifies UDP Ports: NO These three scans are grouped together because their individual functionality is very similar.

Secrets of Network Cartography - Stealth Scanning – The FIN Scan (-sF), Xmas Tree Scan (-sX), and Null Scan (-sN)

These are called "stealth" scans because they send a single frame to a TCP port without any TCP handshaking or additional packet transfers. This is a scan type that sends a single frame with the expectation of a single response. These scans operate by manipulating the bits of the TCP header to induce a response from the remote station. Except for the FIN scan, nmap creates TCP headers that combine bit options that should never occur in the real world. One of the references in RFC 793, Transmission Control Protocol, states that stations receiving information on a closed TCP port should send a RST frame and an available TCP port should not respond at all.

Hispasec - Seguridad Informática. Www.segu-info.com.ar/boletin/boletin-119-080830.htm. "La cortesía es la única manera de evitar que se acumule la hostilidad"

www.segu-info.com.ar/boletin/boletin-119-080830.htm

Www.hackplayers.com/2012/03/escaneando-con-nmap-traves-de-tor.html. Este tutorial muestra cómo configurar algunas herramientas en Ubuntu para hacer un escaneo de puertos Nmap a través de la red Tor.

www.hackplayers.com/2012/03/escaneando-con-nmap-traves-de-tor.html

La técnica consiste en usar tortunnel via proxychains, ya que nos permite usar directamente el nodo de salida y por lo tanto nos provee mayor velocidad. Aún así, el escaneo será mucho más lento que uno normal por lo tendremos que asumir un pequeño sacrificio a cambio de "privacidad". Esta técnica se puede utilizar en un test de intrusión, aunque evidentemente se prodiga más en atacantes malintencionados.

Si se quiere conservar el anonimato hay que ser especialmente cuidadoso con las opciones especificadas en Nmap, y como veréis más adelante, se puede añadir una regla de iptables para bloquear tráfico saliente en un análisis determinado y proteger más la IP origen del tráfico. Chapter 10. Technical background. Chapter 10.

Chapter 10. Technical background

Technical background The contents of this chapter are not required to use VirtualBox successfully. The following is provided as additional information for readers who are more familiar with computer architecture and technology and wish to find out more about how VirtualBox works "under the hood". Information - Honeypots. A honeypot is a computer resource whose only purpose is to get exploited.

Information - Honeypots

It is a trap, but for computer criminals. An attacked and properly investigated honeypot can provide valuable information about both the attack, and the attacker. O'Reilly Sysadmin. This doesn’t look good, right?

O'Reilly Sysadmin

Most open source monitoring tools do filesystem health checking by comparing the current percentage of used space against a set value. If it’s is 90% full, send out a warning page; if it’s 89%, send the all clear. Notice that I said filesystem, and not actual disk. A single disk that’s 90% full can be a bad thing, because there are fewer free blocks available for writing, which leads to longer write times and file fragmentation. Main - HomePage. Automating Firewall Log Scanning. Firewalls are computers dedicated to filtering particular kinds of network traffic between two networks.

Automating Firewall Log Scanning

Www.offensivecomputing.net/files/active/0/vm.pdf. Exploit writing tutorial part 11 : Heap Spraying Demystified. Introduction A lot has been said and written already about heap spraying, but most of the existing documentation and whitepapers have a focus on Internet Explorer 7 (or older versions). Although there are a number of public exploits available that target IE8 and other browsers, the exact technique to do so has not been really documented in detail. Of course, you can probably derive how it works by looking at those public exploits. A good example of such an exploit is the Metasploit module for MS11_050, including DEP bypass targets for IE8 on XP and Windows 7, which were added by sinn3r. With this tutorial, I’m going to provide you with a full and detailed overview on what heap spraying is, and how to use it on old and newer browsers.

I’ll start with some “ancient” (“classic”) techniques that can be used on IE6 and IE7. I’ll finish this tutorial with sharing some of my own research on getting reliable heap spraying to work on newer browsers such as Internet Explorer 9 and Firefox 9. Free. Marco Ramilli's Blog. Hi folks, today I was seeking something able to grab pieces of web. I'm building a kind of spam-message-compositor for one research of mine, and what I found is pretty much interesting.

It's called Web-Harvest, and of course it does much than a simple grab, but for my purpose is more than enough. VSR - Application Security Specialists. Security Systems - Investigación. 1. Zero Day Initiative. SecuriTeam.com - A Free Accurate and Independent Source of Vulnerability Information. Hardening Linux Web Servers.

Security is a process, not a result. It is a process which is difficult to adopt under normal conditions; the problem is compounded when it spans several job descriptions. 802.1X Port-Based Authentication HOWTO. How to Prevent DoS Attacks. Denial of Service (DoS) attacks are among the most feared threats in today's cybersecurity landscape. Difficult to defend against and potentially costly, DoS attacks can cause outages of web sites and network services for organizations large and small. DoS attacks can also be lucrative for criminals, some of whom use these attacks to shake down businesses for anywhere from thousands to millions of dollars.