The Cyber Security Agency of the United States (CISA) added to its catalog of vulnerabilities that are being actively exploited a recently discovered flaw in UnRAR. About the UnRAR vulnerability As CVE-2022-30333, this is a path traversal vulnerability in the version of RAR for Linux and UNIX systems. If successfully exploited, a malicious actor is […]
Mosca Manual analysis tool to find bugs like a grep unix command, Version 0.05 because is not dynamic… uses static code to search… don’t confuse with academic views hahaha don’t have graph here or CFG… is a simple “grep” *egg modules is a config to find to vulnerabilities *you can use at C, PHP, […]
Ken Thompson, who co-created the popular operating system Unix along with Dennis Ritchie, remains a revered figure in the field of computer science. In 2014, famous open-source developer Leah Neukirchen got her hands on a /etc/password file from a BSD 3 source tree. It contained hashed passwords of some big names like Dennis Ritchie, Steve […]
Following the public disclosure of a critical zero-day vulnerability in Webmin last week, the project’s maintainers today revealed that the flaw was not actually the result of a coding mistake made by the programmers. Instead, it was secretly planted by an unknown hacker who successfully managed to inject a backdoor at some point in its […]
We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security auditing tool. Used by system administrators, security […]
r2 is a rewrite from scratch of radare in order to provide a set of libraries and tools to work with binary files. Radare project started as a forensics tool, a scriptable command-line hexadecimal editor able to open disk files, but later added support for analyzing binaries, disassembling code, debugging programs, attaching to remote […]
We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security auditing tool. Used by system administrators, security […]
Wildpwn is a Python UNIX wildcard attack tool that helps you generate attacks. It’s considered a fairly old-skool attack vector, but it still works quite often. Wildpwn Usage It goes something like this: usage: wildpwn.py [-h] [–file FILE] payload folder Tool to generate unix wildcard attacks positional arguments payload Payload to use: (combined | tar […]
Cyber security organization specialists from the International Institute of Cyber Security reported the launch of the Lynis security tool. In this new release, several major changes have been made in its central functions. These changes have been made with the purpose of simplifying its use, although there is a possibility of breaking the existing configuration. Lynis […]
Back in late 2014, a team of “Veteran Unix Admins” announced their plans to release a systemd-free fork of Debian GNU+Linux; it was named Devuan. In mid-2017, the first Devuan 1.0 release arrived. Following the same, Devuan 2.0 has just been shipped by the developers as a stable release to provide an alternative to systemd and its […]
BEURK is a userland preload rootkit for GNU/Linux, heavily focused around anti-debugging and anti-detection. Features: Hide attacker files and directories Realtime log cleanup (on utmp/wtmp) Anti process and login detection Bypass unhide, lsof, ps, ldd, netstat analysis Furtive PTY backdoor client Usage: Compile git clone https://github.com/unix-thrust/beurk.git cd beurk make Install scp libselinux.so root@victim.com:/lib/ ssh root@victim.com […]
We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security auditing tool. Used by system administrators, security […]
We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security auditing tool. Used by system administrators, security […]
Hey Guys, In this video i show you a great Security Auditing Tool for Unix/Linux Systems called Lynis. Lynis is an open source security auditing tool. Used by system administrators, security professionals, and auditors, to evaluate the security defenses of their Linux and UNIX-based systems. It runs on the host itself, so it performs more […]
r2 is a rewrite from scratch of radare in order to provide a set of libraries and tools to work with binary files. The radare project started as a forensics tool, a scriptable command-line hexadecimal editor able to open disk files, but later support for analyzing binaries, disassembling code, debugging programs, attaching to remote gdb […]
A vulnerability nicknamed “Stack Clash” allows an attacker to gain root privileges on a UNIX system and take over vulnerable machines. The flaw was discovered last month by security researchers from Qualys, who worked with various vendors to make sure patches are available before going public with their findings. According to Qualys researchers, the issue […]
Short Bytes: If you follow the developments of Linux world closely, you must be knowing about the Year 2038 bug. This problem exists because the latest time that can be represented in Unix’s signed 32-bit integer time format is 03:14:07 UTC on Jan. 19, 2038. After that, the C programs that use the standard time library […]
It can perform a lockdown. Unlike some other scripts it has the capability to backout changes. Files are backed up using cpio to a directory based on the date. Although it can perform a lockdown, as previously stated, we would recommend you address the warnings via policy, documentation and configuration management. Linux RHEL 5,6,7 Centos 5,6,7 […]
Short Bytes: A team of developers from University of Massachusetts, Amherst, has created a Unix-like operating system for your web browser. It uses a JavaScript-based kernel and extends the JS runtimes for C, C++, Go, and Node.js programs. It also comes with a POSIX-like shell. The modern web browsers are great for playing videos, reading blogs, […]
Lynis is a security auditing for UNIX derivatives like Linux, macOS, BSD, and others. It performs an in-depth security scan and runs on the system itself. The primary goal is to test security defenses and provide tips for further system hardening. It will also scan for general system information, vulnerable software packages, and possible configuration […]
Short Bytes: The developer of L0phtCrack, the “original” Windows password auditor, has announced the release of new and revamped L0phtCrack 7. If you use a GPU like AMD Radeon Pro Duo, compared to the previous version, L0phtCrack 7 performs up to 500 times faster. The new version also brings interface improvements and better cracking wizard. […]