1. IT-Security >
  2. IT Security Tools


ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

IT Security Tools


Suchen

News RSS Quellen: 4x
News Kategorien unterhalb von IT Security Tools: 0x
News RSS Feeds dieser IT Security Tools Kategorie: RSS Feed IT Security Tools
Benutze Feedly zum Abonieren.Folge uns auf feedly
Download RSS Feed App für Windows 10 Store (Leider gibt es nicht mehr viele Extensions mit welchen Sie RSS-Feeds in einer Software abonieren können. Der Browser Support für RSS-Feeds wurde eingestellt (Firefox,Chrome).

Eigene IT Security Webseite / Blog / Quelle hinzufügen

Seitennavigation

Seite 10 von 269 Seiten (Bei Beitrag 315 - 350)
9.407x Beiträge in dieser Kategorie

Auf Seite 9 zurück | Nächste 11 Seite | Letzte Seite

[ 5 ] [ 6 ] [ 7 ] [ 8 ] [ 9 ] [10] [ 11 ] [ 12 ] [ 13 ] [ 14 ] [ 15 ] [ 16 ] [ 17 ] [ 18 ] [ 19 ] [ 20 ]

Ubuntu Security Notice USN-4077-1

Zur Kategorie wechselnIT Security Tools vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

Ubuntu Security Notice 4077-1 - It was discovered that tmpreaper incorrectly handled certain mount operations. A local attacker could possibly use this issue to create arbitrary files, leading to privilege escalation.
News Bewertung

Weiterlesen Weiterlesen

Red Hat Security Advisory 2019-1931-01

Zur Kategorie wechselnIT Security Tools vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

Red Hat Security Advisory 2019-1931-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A memory corruption issue was addressed.
News Bewertung

Weiterlesen Weiterlesen

Red Hat Security Advisory 2019-1932-01

Zur Kategorie wechselnIT Security Tools vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

Red Hat Security Advisory 2019-1932-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A memory corruption issue was addressed.
News Bewertung

Weiterlesen Weiterlesen

NSKeyedUnarchiver ObjC Object Use-After-Free

Zur Kategorie wechselnIT Security Tools vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

NSKeyedUnarchiver suffers from a use-after-free vulnerability with ObjC objects when unarchiving OITSUIntDictionary instances even if secureCoding is required.
News Bewertung

Weiterlesen Weiterlesen

Red Hat Security Advisory 2019-1930-01

Zur Kategorie wechselnIT Security Tools vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

Red Hat Security Advisory 2019-1930-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 75.0.3770.142. Crash and information disclosure vulnerabilities were addressed.
News Bewertung

Weiterlesen Weiterlesen

GigToDo 1.3 Cross Site Scripting

Zur Kategorie wechselnIT Security Tools vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

GigToDo versions 1.3 and below suffer from a persistent cross site scripting vulnerability.
News Bewertung

Weiterlesen Weiterlesen

Red Hat Security Advisory 2019-1907-01

Zur Kategorie wechselnIT Security Tools vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

Red Hat Security Advisory 2019-1907-01 - The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. An issue was address where an improper symlink resolution allows access to host files when executing podman cp on running containers.
News Bewertung

Weiterlesen Weiterlesen

Red Hat Security Advisory 2019-1910-01

Zur Kategorie wechselnIT Security Tools vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

Red Hat Security Advisory 2019-1910-01 - Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that runs virtually anywhere.
News Bewertung

Weiterlesen Weiterlesen

WordPress Real Estate Theme 2.8.9 Cross Site Scripting

Zur Kategorie wechselnIT Security Tools vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

WordPress Real Estate theme version 2.8.9 suffers from a cross site scripting vulnerability.
News Bewertung

Weiterlesen Weiterlesen

JSC ValueProfiles JSValue Use-After-Free

Zur Kategorie wechselnIT Security Tools vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

JavaScriptCore suffers from an issue where there's a JSValue use-after-free vulnerability in ValueProfiles.
News Bewertung

Weiterlesen Weiterlesen

Red Hat Security Advisory 2019-1880-01

Zur Kategorie wechselnIT Security Tools vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

Red Hat Security Advisory 2019-1880-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. An NTLM password overflow via integer overflow issue was addressed.
News Bewertung

Weiterlesen Weiterlesen

Red Hat Security Advisory 2019-1896-01

Zur Kategorie wechselnIT Security Tools vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

Red Hat Security Advisory 2019-1896-01 - 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Issues addressed include a denial of service vulnerability.
News Bewertung

Weiterlesen Weiterlesen

Red Hat Security Advisory 2019-1881-01

Zur Kategorie wechselnIT Security Tools vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

Red Hat Security Advisory 2019-1881-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-ma packages provide the user-space component for running virtual machines that use KVM on the IBM z Systems, IBM Power, and 64-bit ARM architectures. Issues addressed include a buffer overflow vulnerability.
News Bewertung

Weiterlesen Weiterlesen

Red Hat Security Advisory 2019-1873-01

Zur Kategorie wechselnIT Security Tools vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

Red Hat Security Advisory 2019-1873-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include null pointer and use-after-free vulnerabilities.
News Bewertung

Weiterlesen Weiterlesen

Red Hat Security Advisory 2019-1883-01

Zur Kategorie wechselnIT Security Tools vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

Red Hat Security Advisory 2019-1883-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Issues addressed include a buffer overflow vulnerability.
News Bewertung

Weiterlesen Weiterlesen

Red Hat Security Advisory 2019-1891-01

Zur Kategorie wechselnIT Security Tools vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

Red Hat Security Advisory 2019-1891-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include null pointer and use-after-free vulnerabilities.
News Bewertung

Weiterlesen Weiterlesen

Red Hat Security Advisory 2019-1898-01

Zur Kategorie wechselnIT Security Tools vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

Red Hat Security Advisory 2019-1898-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. A weak Digest auth nonce generation in mod_auth_digest was addressed.
News Bewertung

Weiterlesen Weiterlesen

JSC DFG LICM Object Property Access Unguarded

Zur Kategorie wechselnIT Security Tools vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

JavaScriptCore DFG loop-invariant code motion (LICM) has an issue where it leaves object property access unguarded.
News Bewertung

Weiterlesen Weiterlesen

Red Hat Security Advisory 2019-1884-01

Zur Kategorie wechselnIT Security Tools vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

Red Hat Security Advisory 2019-1884-01 - The libssh2 packages provide a library that implements the SSH2 protocol. An out-of-bounds memory comparison was addressed.
News Bewertung

Weiterlesen Weiterlesen

Ubuntu Security Notice USN-3990-2

Zur Kategorie wechselnIT Security Tools vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

Ubuntu Security Notice 3990-2 - USN-3990-1 fixed a vulnerability in urllib3. This update provides the corresponding update for Ubuntu 14.04 ESM. It was discovered that urllib3 incorrectly stripped certain characters from requests. A remote attacker could use this issue to perform CRLF injection. Various other issues were also addressed.
News Bewertung

Weiterlesen Weiterlesen

Linux/x86 NOT +SHIFT-N+ XOR-N Encoded /bin/sh Shellcode

Zur Kategorie wechselnIT Security Tools vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

168 bytes small Linux/x86 NOT +SHIFT-N+ XOR-N encoded /bin/sh shellcode.
News Bewertung

Weiterlesen Weiterlesen

USBRIP- Simple Command Live Forensic Tool For Tracking USB device

Zur Kategorie wechselnIT Security Tools vom | Quelle: blog.hackersonlineclub.com Direktlink direkt öffnen

USBRIP- Simple Command Live Forensic Tool For Tracking USB device

Simple command line forensics tool for tracking USB device artifacts (history of USB events) on GNU/Linux.


usbrip (derived from "USB Ripper", not "USB R.I.P." astonished) is an open source forensics tool with CLI interface that lets you keep track of USB device artifacts (aka USB event history, "Connected" and "Disconnected" events) on Linux machines.

usbrip is a small piece of software written in pure Python 3 (using some external modules though, see Dependencies/PIP) which parses Linux log files (/var/log/syslog* or /var/log/messages* depending on the distro) for constructing USB event history tables. Such tables may contain the following columns: "Connected" (date & time), "User", "VID" (vendor ID), "PID" (product ID), "Product", "Manufacturer", "Serial Number", "Port" and "Disconnected" (date & time).

Besides, it also can:
  • export gathered information as a JSON dump (and open such dumps, of course);
  • generate a list of authorized (trusted) USB devices as a JSON (call it auth.json);
  • search for "violation events" based on the auth.json: show (or generate another JSON with) USB devices that do appear in history and do NOT appear in the auth.json;
  • When installed with -s flag create crypted storages (7zip archives) to automatically backup and accumulate USB events with the help of crontab scheduler;
  • search additional details about a specific USB device based on its VID and/or PID.

Quick Start

usbrip is available for download and installation at PyPI:

$ pip3 install usbrip



Git Clone

For simplicity, lets agree that all the commands where ~/usbrip$ prefix is appeared are executed in the ~/usbrip directory which is created as a result of git clone:

~$ git clone https://github.com/snovvcrash/usbrip.git usbrip && cd usbrip
~/usbrip$

Dependencies

usbrip works with non-modified structure of system log files only, so, unfortunately, it won't be able to parse USB history if you change the format of syslogs (with syslog-ng or rsyslog, for example). That's why the timestamps of "Connected" and "Disconnected" fields don't have the year, by the way. Keep that in mind.

DEB Packages

  • python3.6 (or newer) interpreter
  • python3-venv
  • p7zip-full (used by storages module)
  • ~$ sudo apt install -y python3-venv p7zip-full

PIP Packages

usbrip makes use of the following external modules:
  • terminaltables
  • termcolor

To resolve Python dependencies manually (it's not necessary actually because pip or setup.py can automate the process, see Installation) create a virtual environment (optional) and run pip from within:

~/usbrip$ python3 -m venv venv && source venv/bin/activate
(venv) ~/usbrip$ pip install -r requirements.txt

Or let the pipenv one-liner do all the dirty work for you:

~/usbrip$ pipenv install && pipenv shell

After that you can run usbrip portably:

(venv) ~/usbrip$ python -m usbrip -h
Or
(venv) ~/usbrip$ python __main__.py -h

Installation

There are two ways to install usbrip into the system: pip or setup.py.

pip or setup.py

First of all, usbrip is pip installable. This means that after git cloning the repo you can simply fire up the pip installation process and after that run usbrip from anywhere in your terminal like so:

~/usbrip$ python3 -m venv venv && source venv/bin/activate
(venv) ~/usbrip$ pip install .

(venv) ~/usbrip$ usbrip -h

Or if you want to resolve Python dependencies locally (without bothering PyPI), use setup.py:

~/usbrip$ python3 -m venv venv && source venv/bin/activate
(venv) ~/usbrip$ python setup.py install

(venv) ~/usbrip$ usbrip -h

alien Note: you'd likely want to run the installation process while the Python virtual environment is active (like it is shown above).

install.sh

Secondly, usbrip can also be installed into the system with the ./installers/install.sh script.

When using the ./installers/install.sh some extra features become available:
  • the virtual environment is created automatically;
  • the storage module becomes available: you can set a crontab job to backup USB events on a schedule (the example of crontab jobs can be found in usbrip/cron/usbrip.cron).

Warning: if you are using the crontab scheduling, you want to configure the cron job with sudo crontab -e in order to force the storage update submodule run as root as well as protect the passwords of the USB event storages. The storage passwords are kept in /var/opt/usbrip/usbrip.ini.

The ./installers/uninstall.sh script removes all the installation artifacts from your system.

To install usbrip use:

~/usbrip$ chmod +x ./installers/install.sh
~/usbrip$ sudo -H ./installers/install.sh [-l/--local] [-s/--storages]
~/usbrip$ cd

~$ usbrip -h

  • When -l switch is enabled, Python dependencies are resolved from local .tar packages (./3rdPartyTools/) instead of PyPI.
  • When -s switch is enabled, not only the usbrip project is installed, but also the list of trusted USB devices, history and violations storages are created.

Note: when using -s option during installation, make sure that system logs do contain at least one external USB device entry. It is a necessary condition for usbrip to successfully create the list of trusted devices (and as a result, successfully create the violations storage).

After the installation completes, feel free to remove the usbrip folder.

Paths

When installed, the usbrip uses the following paths:
  • /opt/usbrip/ — project's main directory;
  • /var/opt/usbrip/usbrip.ini — usbrip configuration file: keeps passwords for 7zip storages;
  • /var/opt/usbrip/storage/ — USB event storages: history.7z and violations.7z (created during the installation process);
  • /var/opt/usbrip/log/ — usbrip logs (recommended to log usbrip activity when using crontab, see usbrip/cron/usbrip.cron);
  • /var/opt/usbrip/trusted/ — list of trusted USB devices (created during the installation process);
  • /usr/local/bin/usbrip — symlink to the /opt/usbrip/venv/bin/usbrip script.

cron

Cron jobs can be set as follows:

~/usbrip$ sudo crontab -l > tmpcron && echo "" >> tmpcron
~/usbrip$ cat usbrip/cron/usbrip.cron | tee -a tmpcron
~/usbrip$ sudo crontab tmpcron
~/usbrip$ rm tmpcron

uninstall.sh

To uninstall usbrip use:

~/usbrip$ chmod +x ./installers/uninstall.sh
~/usbrip$ sudo ./installers/uninstall.sh [-a/--all]

When -a switch is enabled, not only the usbrip project directory is deleted, but also all the storages and usbrip logs are deleted too.

And don't forget to remove the cron job.

Usage

Synopsis

# ---------- BANNER ----------

$ usbrip banner
Get usbrip banner.

# ---------- EVENTS ----------

$ usbrip events history [-t | -l] [-e] [-n <NUMBER_OF_EVENTS>] [-d <DATE> [<DATE> ...]] [--user <USER> [<USER> ...]] [--vid <VID> [<VID> ...]] [--pid <PID> [<PID> ...]] [--prod <PROD> [<PROD> ...]] [--manufact <MANUFACT> [<MANUFACT> ...]] [--serial <SERIAL> [<SERIAL> ...]] [--port <PORT> [<PORT> ...]] [-c <COLUMN> [<COLUMN> ...]] [-f <FILE> [<FILE> ...]] [-q] [--debug]
Get USB event history.

$ usbrip events open <DUMP.JSON> [-t | -l] [-e] [-n <NUMBER_OF_EVENTS>] [-d <DATE> [<DATE> ...]] [--user <USER> [<USER> ...]] [--vid <VID> [<VID> ...]] [--pid <PID> [<PID> ...]] [--prod <PROD> [<PROD> ...]] [--manufact <MANUFACT> [<MANUFACT> ...]] [--serial <SERIAL> [<SERIAL> ...]] [--port <PORT> [<PORT> ...]] [-c <COLUMN> [<COLUMN> ...]] [-f <FILE> [<FILE> ...]] [-q] [--debug]
Open USB event dump.

$ usbrip events gen_auth <OUT_AUTH.JSON> [-a <ATTRIBUTE> [<ATTRIBUTE> ...]] [-e] [-n <NUMBER_OF_EVENTS>] [-d <DATE> [<DATE> ...]] [--user <USER> [<USER> ...]] [--vid <VID> [<VID> ...]] [--pid <PID> [<PID> ...]] [--prod <PROD> [<PROD> ...]] [--manufact <MANUFACT> [<MANUFACT> ...]] [--serial <SERIAL> [<SERIAL> ...]] [--port <PORT> [<PORT> ...]] [-f <FILE> [<FILE> ...]] [-q] [--debug]
Generate a list of trusted (authorized) USB devices.

$ usbrip events violations <IN_AUTH.JSON> [-a <ATTRIBUTE> [<ATTRIBUTE> ...]] [-t | -l] [-e] [-n <NUMBER_OF_EVENTS>] [-d <DATE> [<DATE> ...]] [--user <USER> [<USER> ...]] [--vid <VID> [<VID> ...]] [--pid <PID> [<PID> ...]] [--prod <PROD> [<PROD> ...]] [--manufact <MANUFACT> [<MANUFACT> ...]] [--serial <SERIAL> [<SERIAL> ...]] [--port <PORT> [<PORT> ...]] [-c <COLUMN> [<COLUMN> ...]] [-f <FILE> [<FILE> ...]] [-q] [--debug]
Get USB violation events based on the list of trusted devices.

# ---------- STORAGE ----------

$ usbrip storage list <STORAGE_TYPE> [-q] [--debug]
List contents of the selected storage (7zip archive). STORAGE_TYPE is "history" or "violations".

$ usbrip storage open <STORAGE_TYPE> [-t | -l] [-e] [-n <NUMBER_OF_EVENTS>] [-d <DATE> [<DATE> ...]] [--user <USER> [<USER> ...]] [--vid <VID> [<VID> ...]] [--pid <PID> [<PID> ...]] [--prod <PROD> [<PROD> ...]] [--manufact <MANUFACT> [<MANUFACT> ...]] [--serial <SERIAL> [<SERIAL> ...]] [--port <PORT> [<PORT> ...]] [-c <COLUMN> [<COLUMN> ...]] [-q] [--debug]
Open selected storage (7zip archive). Behaves similary to the EVENTS OPEN submodule.

$ usbrip storage update <STORAGE_TYPE> [-a <ATTRIBUTE> [<ATTRIBUTE> ...]] [-e] [-n <NUMBER_OF_EVENTS>] [-d <DATE> [<DATE> ...]] [--user <USER> [<USER> ...]] [--vid <VID> [<VID> ...]] [--pid <PID> [<PID> ...]] [--prod <PROD> [<PROD> ...]] [--manufact <MANUFACT> [<MANUFACT> ...]] [--serial <SERIAL> [<SERIAL> ...]] [--port <PORT> [<PORT> ...]] [--lvl <COMPRESSION_LEVEL>] [-q] [--debug]
Update storage — add USB events to the existing storage (7zip archive). COMPRESSION_LEVEL is a number in [0..9].

$ usbrip storage create <STORAGE_TYPE> [-a <ATTRIBUTE> [<ATTRIBUTE> ...]] [-e] [-n <NUMBER_OF_EVENTS>] [-d <DATE> [<DATE> ...]] [--user <USER> [<USER> ...]] [--vid <VID> [<VID> ...]] [--pid <PID> [<PID> ...]] [--prod <PROD> [<PROD> ...]] [--manufact <MANUFACT> [<MANUFACT> ...]] [--serial <SERIAL> [<SERIAL> ...]] [--port <PORT> [<PORT> ...]] [--lvl <COMPRESSION_LEVEL>] [-q] [--debug]
Create storage — create 7zip archive and add USB events to it according to the selected options.

$ usbrip storage passwd <STORAGE_TYPE> [--lvl <COMPRESSION_LEVEL>] [-q] [--debug]
Change password of the existing storage.

# ---------- IDs ----------

$ usbrip ids search [--vid <VID>] [--pid <PID>] [--offline] [-q] [--debug]
Get extra details about a specific USB device by its <VID> and/or <PID> from the USB ID database.

$ usbrip ids download [-q] [--debug]
Update (download) the USB ID database.

Help

To get a list of module names use:

$ usbrip -h

To get a list of submodule names for a specific module use:

$ usbrip <module> -h

To get a list of all switches for a specific submodule use:

$ usbrip <module> <submodule> -h


Examples

Show the event history of all USB devices, supressing banner output, info messages and user interaction (-q, --quiet), represented as a list (-l, --list) with latest 100 entries (-n NUMBER, --number NUMBER):

$ usbrip events history -ql -n 100

Show the event history of the external USB devices (-e, --external, which were actually disconnected) represented as a table (-t, --table) containing "Connected", "VID", "PID", "Disconnected" and "Serial Number" columns (-c COLUMN [COLUMN], --column COLUMN [COLUMN]) filtered by date (-d DATE [DATE ...], --date DATE [DATE ...]) with logs taken from the outer files (-f FILE [FILE ...], --file FILE [FILE ...]):

$ usbrip events history -et -c conn vid pid disconn serial -d "Dec  9" "Dec 10" -f /var/log/syslog.1 /var/log/syslog.2.gz

Build the event history of all USB devices and redirect the output to a file for further analysis. When the output stream is NOT terminal stdout (| or > for example) there would be no ANSI escape characters (color) in the output so feel free to use it that way. Also notice that usbrip uses some UNICODE symbols so it would be nice to convert the resulting file to UTF-8 encoding (with encov for example) as well as change newline characters to Windows style for portability (with awk for example):

usbrip history events -t | awk '{ sub("$", "\r"); print }' > usbrip.out && enconv -x UTF8 usbrip.out

Remark: you can always get rid of the escape characters by yourself even if you have already got the output to stdout. To do that just copy the output data to usbrip.out and add one more awk instruction:

awk '{ sub("$", "\r"); gsub("\\x1B\\[[0-?]*[ -/]*[@-~]", ""); print }' usbrip.out && enconv -x UTF8 usbrip.out

Generate a list of trusted USB devices as a JSON-file (trusted/auth.json) with "VID" and "PID" attributes containing the first three devices connected on September 26:

$ usbrip events gen_auth trusted/auth.json -a vid pid -n 3 -d "Sep 26"

Search the event history of the external USB devices for violations based on the list of trusted USB devices (trusted/auth.json) by "PID" attribute, restrict resulting events to those which have "Bob" as a user, "EvilUSBManufacturer" as a manufacturer, "1234567890" as a serial number and represent the output as a table with "Connected", "VID" and "PID" columns:

$ usbrip events violations trusted/auth.json -a pid -et --user Bob --manufact EvilUSBManufacturer --serial 1234567890 -c conn vid pid

Search for details about a specific USB device by its VID (--vid VID) and PID (--pid PID):

$ usbrip ids search --vid 0781 --pid 5580

Download the latest version of usb_ids/usb.ids database (the source is here):

$ usbrip ids download

Download USBrip

News Bewertung

Weiterlesen Weiterlesen

MemGuard- Secure Software Enclave For Storage of Sensitive Information in Memory

Zur Kategorie wechselnIT Security Tools vom | Quelle: blog.hackersonlineclub.com Direktlink direkt öffnen



MemGuard- Secure Software Enclave For Storage of Sensitive Information in Memory


This package attempts to reduce the likelihood of sensitive data being exposed. It supports all major operating systems and is written in pure Go.

Features


  • Sensitive data is encrypted and authenticated in memory using xSalsa20 and Poly1305 respectively. The scheme also defends against cold-boot attacks.
  • Memory allocation bypasses the language runtime by using system calls to query the kernel for resources directly. This avoids interference from the garbage-collector.
  • Buffers that store plaintext data are fortified with guard pages and canary values to detect spurious accesses and overflows.
  • Effort is taken to prevent sensitive data from touching the disk. This includes locking memory to prevent swapping and handling core dumps.
  • Kernel-level immutability is implemented so that attempted modification of protected regions results in an access violation.
  • Multiple endpoints provide session purging and safe termination capabilities as well as signal handling to prevent remnant data being left behind.
  • Side-channel attacks are mitigated against by making sure that the copying and comparison of data is done in constant-time.
  • Accidental memory leaks are mitigated against by harnessing the garbage-collector to automatically destroy containers that have become unreachable.

Some features were inspired by libsodium, so credits to them.

Full documentation and a complete overview of the API can be found here. Interesting and useful code samples can be found within the examples subpackage.

Installation

$ go get github.com/awnumar/memguard

We strongly encourage you to pin a specific version for a clean and reliable build. This can be accomplished using modules.

Contributing


  • Using the package and identifying points of friction.
  • Reading the source code and looking for improvements.
  • Adding interesting and useful program samples to ./examples.
  • Developing Proof-of-Concept attacks and mitigations.
  • Improving compatibility with more kernels and architectures.
  • Implementing kernel-specific and cpu-specific protections.
  • Writing useful security and crypto libraries that utilise memguard.
  • Submitting performance improvements or benchmarking code.

Issues are for reporting bugs and for discussion on proposals. Pull requests should be made against master.

Future goals


  • Ability to stream data to and from encrypted enclave objects.
  • Catch segmentation faults to wipe memory before crashing.
  • Evaluate and improve the strategies in place, particularly for Coffer objects.
  • Formalise a threat model and evaluate our performance in regards to it.
  • Use lessons learned to apply patches upstream to the Go language and runtime.

News Bewertung

Weiterlesen Weiterlesen

Schneider Electric Pelco Endura NET55XX Encoder

Zur Kategorie wechselnIT Security Tools vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

This Metasploit module exploits inadequate access controls within the Schneider Electric Pelco Endura NET55XX webUI to enable the SSH service and change the root password. This module has been tested successfully on: NET5501, NET5501-I, NET5501-XT, NET5504, NET5500, NET5516, NET550 versions.
News Bewertung

Weiterlesen Weiterlesen

ABUS Secvest 3.01.01 Unchecked Message Transmission Error Condition

Zur Kategorie wechselnIT Security Tools vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

Thomas Detert found out that the jamming detection of the ABUS alarm central does not detect short jamming signals that are shorter than normal ABUS RF messages. Thus, an attacker is able to perform a "reactive jamming" attack. The reactive jamming simply detects the start of a RF message sent by a component of the ABUS Secvest wireless alarm system, for instance a wireless motion detector (FUBW50000) or a remote control (FUBE50014 or FUBE50015), and overlays it with random data before the original RF message ends. Thereby, the receiver (alarm central) is not able to properly decode the original transmitted signal. This enables an attacker to suppress correctly received RF messages of the wireless alarm system in an unauthorized manner, for instance status messages sent by a detector indicating an intrusion. Version 3.01.01 is affected.
News Bewertung

Weiterlesen Weiterlesen

Red Hat Security Advisory 2019-1862-01

Zur Kategorie wechselnIT Security Tools vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

Red Hat Security Advisory 2019-1862-01 - As part of the maintenance phase, qualified security patches of Critical or Important impact, as well as select mission-critical bug-fix patches, were released for Red Hat OpenShift Enterprise 3.6 and 3.7. After July 31st, 2019, customers will not receive those updates.
News Bewertung

Weiterlesen Weiterlesen

Ubuntu Security Notice USN-4076-1

Zur Kategorie wechselnIT Security Tools vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

Ubuntu Security Notice 4076-1 - It was discovered that a race condition existed in the Serial Attached SCSI implementation in the Linux kernel. A local attacker could possibly use this to cause a denial of service or execute arbitrary code. It was discovered that the ext4 file system implementation in the Linux kernel did not properly zero out memory in some situations. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
News Bewertung

Weiterlesen Weiterlesen

WordPress Database Backup Remote Command Execution

Zur Kategorie wechselnIT Security Tools vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

There exists a command injection vulnerability in the Wordpress plugin wp-database-backup for versions less than 5.2. For the backup functionality, the plugin generates a mysqldump command to execute. The user can choose specific tables to exclude from the backup by setting the wp_db_exclude_table parameter in a POST request to the wp-database-backup page. The names of the excluded tables are included in the mysqldump command unsanitized. Arbitrary commands injected through the wp_db_exclude_table parameter are executed each time the functionality for creating a new database backup are run. Authentication is required to successfully exploit this vulnerability.
News Bewertung

Weiterlesen Weiterlesen

Logwatch 7.5.2

Zur Kategorie wechselnIT Security Tools vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

Logwatch analyzes and reports on unix system logs. It is a customizable and pluggable log monitoring system which will go through the logs for a given period of time and make a customizable report. It should work right out of the package on most systems.
News Bewertung

Weiterlesen Weiterlesen

Zurmo 3.2.6 Persistent Cross Site Scripting

Zur Kategorie wechselnIT Security Tools vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

Zurmo version 3.2.6 suffers from a persistent cross site scripting vulnerability.
News Bewertung

Weiterlesen Weiterlesen

Zurmo 3.2.6 Iframe Injection

Zur Kategorie wechselnIT Security Tools vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

Zurmo version 3.2.6 suffers from an iframe injection vulnerability.
News Bewertung

Weiterlesen Weiterlesen

Zurmo 3.2.6 Open Redirection

Zur Kategorie wechselnIT Security Tools vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

Zurmo version 3.2.6 suffers from an open redirection vulnerability.
News Bewertung

Weiterlesen Weiterlesen

Zurmo 3.2.6 Out Of Band Code Evaluation

Zur Kategorie wechselnIT Security Tools vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

Zurmo version 3.2.6 suffers from an out-of-band code evaluation vulnerability.
News Bewertung

Weiterlesen Weiterlesen

Ubuntu Security Notice USN-4054-2

Zur Kategorie wechselnIT Security Tools vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

Ubuntu Security Notice 4054-2 - USN-4054-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. A sandbox escape was discovered in Firefox. If a user were tricked in to installing a malicious language pack, an attacker could exploit this to gain additional privileges. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass same origin restrictions, conduct cross-site scripting attacks, conduct cross-site request forgery attacks, spoof origin attributes, spoof the addressbar contents, bypass safebrowsing protections, or execute arbitrary code. It was discovered that Firefox treats all files in a directory as same origin. If a user were tricked in to downloading a specially crafted HTML file, an attacker could potentially exploit this to obtain sensitive information from local files. Various other issues were also addressed.
News Bewertung

Weiterlesen Weiterlesen

Ahsay Backup 7.x / 8.x XML Injection

Zur Kategorie wechselnIT Security Tools vom | Quelle: packetstormsecurity.com Direktlink direkt öffnen

Ahsay Backup versions 7.x through 8.1.1.50 suffer from an XML external entity injection vulnerability.
News Bewertung

Weiterlesen Weiterlesen

Seitennavigation

Seite 10 von 269 Seiten (Bei Beitrag 315 - 350)
9.407x Beiträge in dieser Kategorie

Auf Seite 9 zurück | Nächste 11 Seite | Letzte Seite

[ 5 ] [ 6 ] [ 7 ] [ 8 ] [ 9 ] [10] [ 11 ] [ 12 ] [ 13 ] [ 14 ] [ 15 ] [ 16 ] [ 17 ] [ 18 ] [ 19 ] [ 20 ]