I am currently learning penetration testing as part of a cybersecurity career path. I was working on a vulnhub machine that required me writing some malware to exploit a buffer overflow bug. I decided to write it in C for the sake of practicing OpSec. I used code::blocks on my machine to write the code and us…
Tag: security
Is there a command execution vulnerability in this C program?
So I am working on a challenge problem to find a vulnerability in a C program binary that allows a command to be executed by the program (using the effective UID in Linux). I am really struggling to find how to do this with this particular program. The disassembly of the function in question (main function): …
Docker – is it safe to switch to non-root user in ENTRYPOINT?
Is it considered a secure practice to run root privileged ENTRYPOINT [“/bin/sh”, entrypoint.sh”], that later switches to non-root user before running the application? More context: There are a number of articles (1, 2, 3) suggesting that running the container as non-root user is a best pract…
How to configure Key for IdentityServer4 on Linux
I have an asp.net core app with IdentityServer4. In production it requires a key. On Windows Server, I deployed it OK – created a self-signed certificate and added LocalMacine/my as the key location. How can I do the same on Linux? appsettings.json config on Windows – need syntax for Linux: Answer…
Meaning of the read permission for binary executable?
I am interested in the full impact of the read permission for binary executables. Indeed, I have encountered some behaviors that I wish to understand. Let’s say I have a C program that just call sleep(300). When the binary has the read permission, I am able to inspect the /proc/$PID folder associated wi…
May I use a root user to expose the python bottle application to the Internet?
I made a WEB application using Bottle and want to publish it. I decided to use paste for the web server because official document said it’s the easiest way. In order to let the web server process listen on the port 80, the process must be launched by the root user. I’m not a security expert and ca…
Validation URL information with nginx
We have API application, which uses many customers. Every customer have API token, which he passed in GET request. Example from access log: We want to create whitelist for tokens and limit the number of connections per second for each of the tokens using nginx. Can you advise something on the implementation o…
blocking all internal traffic except incoming traffic from a specific ip on a single port
I’m trying to use IPtables to block all internal traffic with the exception of one server, here are my rules but when i telnet from another instance i can still connect…. Answer When debugging iptables I normally: reset all the counter – ‘iptables -Z’ make the connection then rev…
Does the JVM have an option to automatically encrypt it’s memory?
just like most packers(PE encryptor) on windows,for protecting the secret they may encrypt the whole process memory when it’s running. wonder if jvm has a memory encryption option we can choose? just thinking if someone dumped the whole JVM memory and he could get some secret info on text, even vi or gr…
Can I block a new process execution using Kprobe?
Kprobe has a pre-handler function vaguely documented as followed: I was wondering if one can use this function (or any other Kprobe feature) to prevent a process from being executed forked. Answer As documented in the kernel documentation, you can change the execution path by changing the appropriate registe…