Intro to Linux Pluggable Authentication Modules. Every time you log into a Linux system, you're using the Pluggable Authentication Modules (PAM). Let's take a closer look what's going on under the hood. Every time you log into a Linux system, you’re using the Pluggable Authentication Modules (PAM) behind the scenes. PAM simplifies Linux authentication, and makes it possible for Linux systems to easily switch from local file authentication to directory based authentication in just a few steps. If you haven’t thought about PAM and the role it plays on the system, let’s take a look at what it is and what it does. Actually, PAM is about more than logging into the system itself. Applications can use the PAM libraries to share authentication — so users can use a single username and password for many applications. A simple way of looking at this. There’s no beer or music involved, but PAM is meant to work in a similar fashion. Understanding PAM Out of the box, most Linux installations are configured to use file-based authentication.
How PAM works. PAM (Pluggable Authentication Modules) is one of those dark corners of Linux where most users don't venture - in fact, I'd be willing to bet that the majority of Linux users don't even know what it is. And yet, PAM is at the heart of every single thing in Linux to do with authentication. Take our guided tour of PAM, join our science lab and perform our experiments (no bunsen burner necessary!) And see how PAM gives you fine-grain control over your security policy. Getting to know PAM PAM is a framework that assists applications in performing what I'll call "authentication-related activities". The core pieces of PAM are a library (libpam) and a collection of PAM modules, which are dynamically linked libraries (.so) files in the folder /lib/security.
Each module performs one specific task, and a "PAM-aware" application typically uses a stack of several modules to get the job done. Figure 1: the PAM architecture and how its different parts are related. Which programs use PAM? Biometrics. Biometrics is the automated method of recognizing a person based on a physiological or behavioral characteristic. Biometric technologies are becoming the foundation of an extensive array of highly secure identification and personal verification solutions. Biometric technologies should be considered and evaluated giving full consideration to the following characteristics: Universality: Every person should have the characteristic. People who are mute or without a fingerprint will need to be accommodated in some way. Uniqueness: Generally, no two people have identical characteristics.
Biometrics is expected to be incorporated in solutions to provide for Homeland Security including applications for improving airport security, strengthening the United States' national borders, in travel documents, visas and in preventing ID theft. There are many needs for biometrics beyond Homeland Security. Using biometrics for identifying human beings offers some unique advantages. Secrets of Network Cartography - Stealth Scanning – The FIN Scan (-sF), Xmas Tree Scan (-sX), and Null Scan (-sN)
Steath Scanning - The FIN Scan (-sF), Xmas Tree Scan (-sX), and Null Scan (-sN) Requires Privileged Access: YES Identifies TCP Ports: YES Identifies UDP Ports: NO These three scans are grouped together because their individual functionality is very similar. These are called "stealth" scans because they send a single frame to a TCP port without any TCP handshaking or additional packet transfers. This is a scan type that sends a single frame with the expectation of a single response. These scans operate by manipulating the bits of the TCP header to induce a response from the remote station.
Except for the FIN scan, nmap creates TCP headers that combine bit options that should never occur in the real world. Instead of an obscure bit pattern, the FIN scan creates a scenario that should never occur in the real world. These purposely-mangled TCP header packets are thrown at a remote device, and nmap watches for the responses. The nmap output shows the open ports located with the FIN scan: Hispasec - Seguridad Informática. Www.segu-info.com.ar/boletin/boletin-119-080830.htm. "La cortesía es la única manera de evitar que se acumule la hostilidad" [ Arya a Eragon en Eldest - Christopher Paolini - Escritor Estadounidense - 1983- ] 1.
Informar vulnerabilidades como parte de la responsabilidad social 2. Atacar WPA/WPA2 PSK 3. Inspecciones a las bases de datos de las empresas 4. Desafío de la semana 1. La irresponsabilidad, negligencia, desidia, falta de educación y los objetivos comerciales exagerados son los principales motivos por los cuales empresas, desarrolladores, administradores y usuarios se ven perjudicados al cometer errores comunes.
Esta semana diversos usuarios nos informaron de un problema en el manejo de los datos privados en la empresa de telefonía celular Claro. El error se debía al diseño y a la programación del sitio web que permite a los usuarios su registro para solicitar el iPhone (en este momento en mantenimiento). Es importante remarcar que esta comunicación fue en un solo sentido ya que nunca se recibió respuesta oficial desde la empresa. Www.hackplayers.com/2012/03/escaneando-con-nmap-traves-de-tor.html. Este tutorial muestra cómo configurar algunas herramientas en Ubuntu para hacer un escaneo de puertos Nmap a través de la red Tor.
La técnica consiste en usar tortunnel via proxychains, ya que nos permite usar directamente el nodo de salida y por lo tanto nos provee mayor velocidad. Aún así, el escaneo será mucho más lento que uno normal por lo tendremos que asumir un pequeño sacrificio a cambio de "privacidad". Esta técnica se puede utilizar en un test de intrusión, aunque evidentemente se prodiga más en atacantes malintencionados. Si se quiere conservar el anonimato hay que ser especialmente cuidadoso con las opciones especificadas en Nmap, y como veréis más adelante, se puede añadir una regla de iptables para bloquear tráfico saliente en un análisis determinado y proteger más la IP origen del tráfico. 1. Instalar tor y proxychains - apt-get install tor tor-geoipdb proxychains- vi /etc/tor/torrc añade la línea "SocksPolicy accept 10.1.1.0/24" 2. 3. 4. 5. 6.
. - iptables -A OUTPUT --dest 7. Chapter 10. Technical background. Chapter 10. Technical background The contents of this chapter are not required to use VirtualBox successfully. The following is provided as additional information for readers who are more familiar with computer architecture and technology and wish to find out more about how VirtualBox works "under the hood". 10.1. Where VirtualBox stores its files In VirtualBox, a virtual machine and its settings are described in a virtual machine settings file in XML format. 10.1.1. Starting with version 4.0, by default, each virtual machine has one directory on your host computer where all the files of that machine are stored -- the XML settings file (with a .vbox file extension) and its disk images.
By default, this "machine folder" is placed in a common folder called "VirtualBox VMs", which VirtualBox creates in the current system user's home directory. For simplicity, we will abbreviate this as $HOME below. 10.1.2. The old layout had several severe disadvantages. 10.1.3. 10.1.4. Table 10.1. 10.1.5. Information - Honeypots. A honeypot is a computer resource whose only purpose is to get exploited. It is a trap, but for computer criminals. An attacked and properly investigated honeypot can provide valuable information about both the attack, and the attacker.
Although honeypots serve a specialized role on the network, they are disguised as a normal network resource. This makes for a more attractive target if the attacker sees them as a valuable asset to take advantage of, and not a cleverly disguised and controlled trap. Although honeypots are a generalized concept, we typically encounter only a handful of particular applications, and it is further useful to divide them into two distinct classes. ↑ Contents Low Interaction Low interaction honeypots are defined as such due to the limited interaction an attacker or malware is allowed. Examples of Low Interaction Honeypots Software.
O'Reilly Sysadmin. This doesn’t look good, right? Most open source monitoring tools do filesystem health checking by comparing the current percentage of used space against a set value. If it’s is 90% full, send out a warning page; if it’s 89%, send the all clear. Notice that I said filesystem, and not actual disk. A single disk that’s 90% full can be a bad thing, because there are fewer free blocks available for writing, which leads to longer write times and file fragmentation. Not all filesystems are restricted to a single disk: there may be a back-end RAID solution, or the filesystem may be a shared filesystem served over NFS. Unfortunately, you could be the receiver of flapping alert pages where a filesystem sits between 90% and 89%, but it still performs fine. Unlike a broken Ethernet cable, the resolution for a filesystem threshold may not be so easy. Everything comes down to disk blocks, even SAN and NAS solutions.
What about the inverse? I take it back. Main - HomePage. Automating Firewall Log Scanning. Firewalls are computers dedicated to filtering particular kinds of network traffic between two networks. They are usually employed to protect a LAN from the rest of the Internet. Securing every box on the LAN is much more costly and time consuming than deploying, administering and monitoring a single firewall. A firewall is particularly essential to those institutions permanently connected to the Internet. Depending on the network configuration, the router can be set up as a packet filter; usually, though, it is more convenient to set up a dedicated box to act as a firewall.
Because they can be made extremely secure and have a low cost, Linux boxes can be very effective firewalls. Deploying a firewall on the Linux kernels 2.2.x is done with ipchains, while iptables are used on the new 2.4.x kernels. Here is a setup for a very simple firewall to which we will refer as a working example later in the article. echo 1 > /proc/sys/net/ipv4/ip_forward Finally we set up permissive policies:
Www.offensivecomputing.net/files/active/0/vm.pdf. Exploit writing tutorial part 11 : Heap Spraying Demystified. Introduction A lot has been said and written already about heap spraying, but most of the existing documentation and whitepapers have a focus on Internet Explorer 7 (or older versions). Although there are a number of public exploits available that target IE8 and other browsers, the exact technique to do so has not been really documented in detail. Of course, you can probably derive how it works by looking at those public exploits. A good example of such an exploit is the Metasploit module for MS11_050, including DEP bypass targets for IE8 on XP and Windows 7, which were added by sinn3r.
With this tutorial, I’m going to provide you with a full and detailed overview on what heap spraying is, and how to use it on old and newer browsers. I’ll start with some “ancient” (“classic”) techniques that can be used on IE6 and IE7. I’ll finish this tutorial with sharing some of my own research on getting reliable heap spraying to work on newer browsers such as Internet Explorer 9 and Firefox 9. Free ! Marco Ramilli's Blog. Hi folks, today I was seeking something able to grab pieces of web. I'm building a kind of spam-message-compositor for one research of mine, and what I found is pretty much interesting. It's called Web-Harvest, and of course it does much than a simple grab, but for my purpose is more than enough.
Web-Harvest is Open Source Web Data Extraction tool written in Java. It offers a way to collect desired Web pages and extract useful data from them. In order to do that, it leverages well established techniques and technologies for text/xml manipulation such as XSLT, XQuery and Regular Expressions. Process of extracting data from Web pages is also referred as Web Scraping or Web Data Mining.
Every Web site and every Web page is composed using some logic. When Web-Harvest executes this part of configuration, the following steps occur: http processor downloads content from the specified URL. html-to-xml processor cleans up that HTML producing XHTML content. VSR - Application Security Specialists. Security Systems - Investigación. 1. Advisories de Seguridad Vulnerabilidades encontradas por CYBSEC: 2.
Políticas de publicación de Vulnerabilidades Ver política de publicación de vulnerabilidades (Formato PDF) Security Vulnerability Disclosure Policy (PDF Format) 3. SAFE: Es un software especialmente desarrollado para evaluar el nivel de seguridad de una implementación SAP/R3. Con SAFE podrá conocer en forma automática y sencilla si una instalación SAP cumple con los principales requerimientos de seguridad que exigen las auditorias y las regulaciones internacionales (Sarbanes Oxley Act, HIPAA, PCI, CobIT, etc.). SAFE realiza un exhaustivo análisis sobre los parámetros de configuración, autorización, comunicación, etc. de la instalación SAP y los compara con las best practices internacionales presentando los resultados mediante reportes en los cuales se indica el valor objetivo a alcanzar.
SAFE se encuentra disponible en formato FREE Version y ENTERPRISE Version. Descargar SAFE FREE Version Descargar sapyto. Zero Day Initiative. SecuriTeam.com - A Free Accurate and Independent Source of Vulnerability Information. Hardening Linux Web Servers. Security is a process, not a result. It is a process which is difficult to adopt under normal conditions; the problem is compounded when it spans several job descriptions. All the system level security in the world is rendered useless by insecure web-applications. The converse is also true—programming best practices, such as always verifying user input, are useless when the code is running on a server which hasn’t been properly hardened.
Securing forward facing GNU/Linux web servers can seem like a daunting task, but it can be made much easier by breaking the process into manageable portions. This article will cover installing, configuring and hardening free software web servers and associated software including Apache 2.2.0, MySQL 5.0.18, PHP 5.1.2, Apache-Tomcat 5.5.16 and common Apache modules such as mod_security, mod_ssl, mod_rewrite, mod_proxy and mod_jk. Common security mistakes in web-applications and how to fix them will also be discussed, focusing on PHP and Java environments. 802.1X Port-Based Authentication HOWTO. How to Prevent DoS Attacks. Denial of Service (DoS) attacks are among the most feared threats in today's cybersecurity landscape.
Difficult to defend against and potentially costly, DoS attacks can cause outages of web sites and network services for organizations large and small. DoS attacks can also be lucrative for criminals, some of whom use these attacks to shake down businesses for anywhere from thousands to millions of dollars. Any deliberate effort to cut off your web site or network from its intended users qualifies as a DoS attack. Such attacks have been successfully deployed against major online businesses including Visa and Mastercard, Twitter, and WordPress. If there is a silver lining to DoS attacks, it's this: The objective of the typical DoS attack is not to steal or expose confidential data. The exception to this is when a DoS attack is used as a distraction to funnel attention and resources away while a targeted breach attack is being launched. DoS vs. DDoS: The Rise of the Botnets Inside a DDoS.