Aug 19 2023

10 Best Linux Distributions In 2023

Category: Linux Securitydisc7 @ 12:46 pm

The Linux Distros is generally acknowledged as the third of the holy triplet of PC programs, along with Windows and macOS. Here we have provided you with a top 10 best Linux distros in 2023 for all professionals.

Hence Linux can be defined as the most rebellious among the three, as it’s flexible and customizable, including a bunch of various Best Linux distros designed by unique associations for various values.

Moreover, the Linux “core” (kernel) and most distros are free, which is a significant trading point for the OS when it is compared to Windows and macOS.

As there are several Linux distros are available for various situations. Even if you are behind an OS that is customized for desktops, workstations, laptops, servers, gaming, or A/V editing, there is a distro over there for everyone.

Hence, we are trying to summarize the most reliable and popular Linux distros accessible, each of which is customized for desktop use.

Therefore, you can install those Linux distros on a Chromebook, PC, or Mac as a substitute for your prevailing operating system, utilize both in a dual-boot scenario or in combination with one of the best practical tools out there. 

Well, if you want a Linux distro similar to Windows? Or do you like to apply commands rather than click? Or do you want something special on privacy? These and several other determinants will help you decide which would be the most suitable Linux distro for you.

Usually, the top Linux distros list is customized to meet users’ requirements. For example, Kali Linux is specifically created for digital forensics and penetration testing.

Hence, here in this article, we have selected the top 10 best Linux distros list, and we have updated this list from Popular Linux distro 2022.

What is Linux Distro?

As we have said before that Linux is flexible and customizable, which includes a bunch of unique features for different uses.

Moreover, we can also say that Linux is a house to nearly each programming language, and it is a Unix-like operating system

Hence, this open-source operating system is basically designed as per the Linux kernel and is usually collected in multiple Linux distributions.

Thus the Linux distributions, traditionally known as a distro, are operating systems that progressed from a software compilation based on the Linux kernel.

Various users use Linux by downloading one of the various Linux distros. Linux operating systems are most common to coders, programmers, and gamers. 

Thus, we can say that Linux is a worldly gift that has shaped our modern lives. In today’s world, we can’t imagine a particular moment outwardly technology.

DistroKey Features
UbuntuCompiz performance improvements.
Kernel 3.11
LibreOffice 4.12
CentOSExcellent documentation and support community.
Based on Debian.
Open stack interface.
DebianMorden branch of GnuPG
UEFI support improved
MariaDB is default
Linux MintSoftware manager
Automatic updates
Better file search in Nemo
Arch LinuxEasy installation
Great learning tool
TailsStream isolation
Onion circuit’s graphical frontend
Network manager
FedoraDynamic firewall
Better end-user software
Virtual desktop support
Elementary OSEasy image resizing
Keyboard shortcut cheat sheet
Bold use of color
Kali LinuxFull customization
Full disk encryption
Metapackages
MX LinuxOne-click enabling event sound.
Hibernation is now enabled by default.
Easy and flexible installation.

Therefore, Linux has produced the most significant innovations in the creation of modern technology. 

At first, Linux was not like the form it is; it has evolved a long way through varied crafting and drafting from an open-source friendly association.

Thus, without a doubt, we can say that Linux does not only appear with a delicate-looking desktop manager, but it also contributes a wide range of beneficial and productive sets of free and open-source software for performing all the basic and necessary needs of the users.

Now, without wasting much time, let’s explore the list below.

Best Linux Distros 2023

  • Ubuntu
  • CentOS
  • Debian
  • Linux Mint
  • Arch Linux
  • Tails
  • Fedora
  • Elementary OS
  • Kali Linux
  • MX Linux

Ubuntu 22.04 – 64Bit Linux Operating System – That Powers Millions of PCs and laptops Around The World

CISSP training course

InfoSec tools | InfoSec services | InfoSec books | Follow our blog

Tags: Linux Distributions


Jul 28 2023

VERSIONS OF UBUNTU PRIOR TO 23.04 CAN BE HACKED THANKS TO THESE 2 SEVERE SECURITY FLAWS

Category: Hacking,Linux Securitydisc7 @ 9:43 am

Two vulnerabilities in the Linux operating system Ubuntu have been found by researchers. Both of these vulnerabilities have the ability to offer attackers elevated privileges.There have been indications that a vulnerability that allows for an increase in privilege may be detected in the OverlayFS module of Ubuntu operating systems.

A Linux filesystem known as OverlayFS has seen significant adoption in the container industry. OverlayFS makes it possible to deploy dynamic filesystems while maintaining compatibility with pre-built images.

CVE-2023-23629

When invoking the ovl_do_setxattr function on Ubuntu kernels, the ovl_copy_up_meta_inode_data module has the potential to bypass permission checks. This vulnerability occurs as a result. This vulnerability has been assigned a CVSS score of 7.8, which is considered to be High.

CVE-2023-2640

There is a flaw in Ubuntu known as SAUCE: overlayfs bypass permission checks for trusted that leads to this vulnerability.overlayfs. * xattrs. * xattrs.

This vulnerability may be exploited by an attacker who does not have rights by establishing privileged extended attributes on the mounted files and then setting them on the other files without necessary checks being performed. This vulnerability has been assigned a CVSS score of 7.8, which is considered to be High.

The Ubuntu Patch from 2018 is in Conflict with the Linux Kernel Project from 2019 and 2022.

Since the OverlayFS module may be used by non-privileged users via user namespaces, it is a perfect candidate for local privilege escalation. In 2018, Ubuntu released patches that addressed these security flaws.

Despite this, researchers working for Wix discovered that the Linux Kernel Project released many new versions in the years 2019 and 2022.

There was a problem between the older patches and the most recent version as a direct consequence of the changes that were made to the OverlayFS module.

These exploits are already accessible to the public in their exploitable forms. It is strongly advised that anyone using Ubuntu versions earlier than 23.04 update to the most recent release in order to prevent these vulnerabilities from being exploited. On the other hand, the majority of cloud security providers (CSPs) have been using insecure versions of the Ubuntu Operating System as their default system.

Researchers believe that around forty percent of computers running Ubuntu might have been affected by the issue, making the anticipated scope a large one. According to Canonical, the business that is responsible for Ubuntu and also operates for profit, the desktop version of the software was installed more than 20 million times in 2017. Ubuntu has issued a security alert that addresses many vulnerabilities and gives credit to the researchers who discovered them.

Mastering Linux Security and Hardening: Protect your Linux systems from intruders, malware attacks, and other cyber threats

InfoSec books | InfoSec tools | InfoSec services

Tags: Mastering Linux Security and Hardening, UBUNTU


May 11 2023

EASILY GET ROOT USER PRIVILEGES IN LINUX 6.3.1 USING THIS VULNERABILITY VIA EXPLOIT CODE

Category: Linux Securitydisc7 @ 8:33 am

The Linux kernel is the most important part of the Linux operating system. It is in charge of managing system resources, delivering necessary services, and guaranteeing the general stability of the system. As a result, any vulnerability inside the kernel has the potential to have major implications, which might put the system’s overall security and integrity at risk. The Linux kernel has been found to include a major security flaw, which has been given the identifier CVE-2023-32233. This flaw makes it possible for locally authenticated users to gain additional rights while using the system. A locally authenticated attacker is able to get elevated privileges as root by submitting a specifically constructed request thanks to the vulnerability, which is caused by a use-after-free hole in Netfilter nf_tables while processing batch requests. The bug was caused by a use-after-free flaw. Linux has a subsystem known as netfilter nf_tables that is responsible for managing the setup of firewall rules. The problem is that Netfilter nf_tables is accepting some improper modifications to its configuration, which is causing the issue.

Security researchers Piotr Krysiuk and Piotr Krysiuk found the vulnerability and built an attack for it. The exploit makes it possible for local users without administrative privileges to launch a root shell by exploiting the problem. This attack was discussed in confidence with the Linux kernel security developers so that they may get assistance in developing a solution.

An adversary might take advantage of this vulnerability in a particular situation by constructing an erroneous batch request that includes actions that lead to a corruption of the internal state of Netfilter nf_tables. Because of this, the attacker is granted the ability to obtain root access to the system and further elevate their privileges.

The mainline kernel git repository now provides a patch that may be used to resolve the vulnerability that was discovered. Administrators and users of the system are strongly encouraged to deploy the patch as quickly as they can in order to prevent their systems from the possibility of being exploited.

Multiple versions of the Linux kernel, including the most recent stable release, Linux 6.3.1, have been used to successfully replicate the issue. If this vulnerability is not fixed, it may be used by hostile actors to obtain unauthorized access to the system with elevated privileges. As a result, sensitive data may be compromised, and serious disruption may occur.

Mastering Linux Security and Hardening: A practical guide to protecting your Linux system from cyber attacks

 InfoSec tools | InfoSec services | InfoSec books

Tags: LINUX 6.3.1, Mastering Linux Security, ROOT USER PRIVILEGES


Mar 11 2023

Linux 101 Hacks

Category: Hacking,Linux Security,Security ToolsDISC @ 12:09 pm

Looking to enhance your Linux skills? Practical examples to build a strong foundation in Linux – credit: Ramesh Nararajan
*******************************************

Mastering Linux Security and Hardening: A practical guide to protecting your Linux system from cyber attacks

InfoSec Threats | InfoSec books | InfoSec tools | InfoSec services

Tags: Hacking, Hacking tool, Linux, OSINT


Feb 15 2023

10 Best Linux Distributions In 2023

Category: Linux SecurityDISC @ 9:28 am

The Linux Distros is generally acknowledged as the third of the holy triplet of PC programs, simultaneously with Windows and macOS. Here we have provided you with a top 10 best Linux distros list 2023 for all professionals.

Hence Linux can be defined as the most rebellious among the three, as it’s flexible and customization, including a bunch of various Best Linux distros designed by unique associations for various values.

Moreover, the Linux “core” (kernel) and most distros are free, which is a significant trading point for the OS when it is compared to Windows and macOS.

As there are several Linux distros are available for various situations. Even if you are behind an OS that is customized for desktops, workstations, laptops, servers, gaming, or A/V editing, there is a distro over there for everyone.

Hence, we are trying to give you a summary of the most reliable and popular Linux distros accessible, each of which is customized for desktop use.

Therefore, you can install those Linux distros on a Chromebook, PC, or Mac as a substitute for your prevailing operating system, utilize both in a dual-boot scenario, or utilize them in combination with one of the best practical tools out there. 

Well, if you want a Linux distro similar to windows? Or do you like to apply commands rather than click? Or do you want something special on privacy? Each of these and several other determinants will conclude which would be the most suitable Linux Distros for you.

Usually, the top Linux distros list is customized to meet the requirements of users. For example, Kali Linux is specifically created for digital forensics and penetration testing. Hence, here in this article, we have selected the top 10 best Linux distros list and we have updated this list from Popular Linux distro 2022.

What is Linux Distro?

As we have said before that Linux is flexible and customizable, which includes a bunch of unique features for different uses.

Moreover, we can also say that Linux is a house to nearly each programming language, and it is a Unix-like operating system

Hence, this open-source operating system is basically designed as per the Linux kernel and is usually collected in multiple Linux distributions.

Thus the Linux distributions, traditionally known as a distro, are operating systems that progressed from a software compilation based on the Linux kernel.

Various users use Linux by downloading one of the various Linux distros. Linux operating systems are most common to coders, programmers, and gamers. 

Thus, we can say that Linux is a worldly gift that has formed our modern life. Well, in today’s world, we can’t imagine a particular moment outwardly technology.

DistroKey Features
UbuntuCompiz performance improvements.
Kernel 3.11
LibreOffice 4.12
CentOSExcellent documentation and support community.
Based on Debian.
Open stack interface.
DebianMorden branch of GnuPG
UEFI support improved
MariaDB is default
Linux MintSoftware manager
Automatic updates
Better file search file in Nemo
Arch LinuxEasy installation
Great learning tool
TailsStream isolation
Onion circuit’s graphical frontend
Network manager
FedoraDynamic firewall
Better end-user software
Virtual desktop support
Elementary OSEasy image resizing
Keyboard shortcuts cheat sheet
Bold use of color
Kali LinuxFull customization
Full disk encryption
Metapackages
MX LinuxOne-click enabling event sound.
Hibernation is now enabled by default.
Easy and flexible installation.

Therefore, Linux has produced the most significant and meaningful innovations in the creation of modern technology. 

At first, Linux was not like the form as now it is, it has evolved a long way through varied crafting and drafting from an open-source friendly association.

Thus, with no doubt, we can say that Linux does not only appear with a delicate-looking desktop manager, but it also contributes a wide range of beneficial and productive sets of free and open-source software for performing all the basic and necessary needs of the users.

Now without wasting much time, let’s get started and simply explore the whole list that we have mentioned below.

Best Linux Distros 2023

  • Ubuntu
  • CentOS
  • Debian
  • Linux Mint
  • Arch Linux
  • Tails
  • Fedora
  • Elementary OS
  • Kali Linux
  • MX Linux
Linux Distros

Linux for Beginners: A Practical and Comprehensive Guide to Learn Linux Operating System and Master Linux Command Line. Contains Self-Evaluation Tests to Verify Your Learning Level

Introduction to Linux

Previous posts on Linux Security

InfoSec Threats | InfoSec books | InfoSec tools | InfoSec services

Tags: Best Linux Distributions


Jan 20 2023

SUDO HAS A HIGH-SEVERITY VULNERABILITY THAT LOW-PRIVILEGE ATTACKERS MIGHT EXPLOIT TO GET ROOT ACCESS

Category: Linux Security,Security vulnerabilitiesDISC @ 9:47 am

Sudo is one of the most essential, powerful, and often used tools that comes as a core command pre-installed on macOS and practically every other UNIX or Linux-based operating system. It is also one of the programs that comes pre-installed as a core command. A system administrator has the ability to delegate authority to certain users or groups of users through the use of the sudo (su “do”) command, which provides an audit trail of the commands that were executed and the arguments that were passed to those commands. This allows the administrator to give certain users or groups of users the ability to run some or all commands as root or another user.

A new sudo vulnerability was found. It was on sudoedit (sudo -e) flaw. With it, attackers can edit arbitrary files, and therefore machines were at the risk of the pwned and having information steeled.

Researchers Matthieu Barjole and Victor Cutillas of Synacktiv uncovered the weakness, which was given the identifier CVE-2023-22809, in the sudoedit function for Linux. This vulnerability might enable a malicious user with sudoedit access to edit arbitrary files on a system running Linux.

In order to give its users with the ability to pick the editor of their choosing, Sudo makes use of environment variables that are supplied by the user. The contents of these variables provide additional information to the command that is ultimately sent to the sudo edit() function. The latter, on the other hand, is dependent on the existence of the — argument in order to establish the list of files that need to be edited. This list may be changed by the insertion of an additional — argument into one of the approved environment variables, which can then lead to a privilege escalation through the modification of any other file with the rights of the RunAs user. This problem appears after the sudoers policy validation has been completed.
Versions of sudo that came out before 1.8.0 built the argument vector in a different way and are not impacted by this issue. It is strongly suggested that users get their systems up to date with the most recent version.

Checkout our previous posts on topic of Linux Security

InfoSec books | InfoSec tools | InfoSec services

Tags: SUDO vulnerability


Jan 16 2023

A NEW PRIVILEGE ESCALATION VULNERABILITY IN THE LINUX KERNEL, ENABLES A LOCAL ATTACKER TO EXECUTE MALWARE ON VULNERABLE SYSTEMS

Category: Linux SecurityDISC @ 11:51 pm

A new privilege escalation vulnerability has been identified in the Linux kernel by researcher Davide Ornaghi. This vulnerability might enable a local attacker to execute code on vulnerable computers with elevated rights if the kernel is installed on those systems. Additionally, Davide published the proof-of-concept and the write-up. The vulnerability, which has been assigned the tracking number CVE-2023-0179, is a stack-based buffer overflow that exists in the Netfilter subsystem. An authorized attacker might exploit this issue to get elevated privileges as root if the attacker executed a program that had been carefully written for the purpose.

The Linux kernel has a framework known as netfilter that enables a variety of networking-related actions to be performed in the form of individualized handlers. This may be accomplished by filtering incoming network packets. Netfilter provides the functionality necessary for directing packets through a network and preventing packets from reaching sensitive locations within a network by offering a variety of functions and operations for packet filtering, network address translation, and port translation. [1] These features allow Netfilter to provide the functionality required for directing packets through a network.

Linux Basics: The Command Line Interface

latest Linux security Titles

Tags: PRIVILEGE ESCALATION VULNERABILITY


Jan 03 2023

Kali Linux: What’s next for the popular pentesting distro?

Category: Linux Security,Pen TestDISC @ 2:18 pm

If you’re interested in penetration testing and digital forensics, you know that Kali Linux is worth a try. And if you’re already doing it, chances are good you are already using it.

We talked to Jim O’Gorman, Chief Content and Strategy Officer at Offensive Security (OffSec), about the direction in which the development of the open-source distro is headed.

[The answers have been edited for clarity.]

Kali Linux keeps growing and improving. How much does user feedback influence where you want to go next? What do users want the most?

Two questions drive Kali’s development:

1. What needs to be done to ensure that Kali Linux is the best possible platform for professional and hobbyist information security work?
2. What needs to be done to ensure that Kali is the best possible platform for information security training?

There is a lot of overlap between those two questions, but realistically they are separate and distinct items. However, by getting them both right on a single platform, we create an environment where people can train, study, and learn, but also use the same platform for real-world efforts. In essence, it means that you train like you fight.

The answer to the first question is driven by input from the Kali and OffSec teams. As infosec professionals ourselves, what are the things we run into on a day-to-day basis and how do we make our life easier by ensuring the toolset is of the highest quality possible? We also work closely with OffSec’s pentesting team.

We also listen to input from other Kali users. Kali is a totally open-source project and anyone and everyone can pitch in and contribute. And they do! If you wish a tool to be included in Kali, package it and submit it! If you wish a configuration worked a certain way out of the box, modify the package and submit the change. It’s very direct and easy to do, and it is in our documentation. Anyone – regardless of their background – can play a part.

The second way users influence development is through bug reports, feature requests, and conversations on OffSec’s Discord and other social media. The Kali team is out there as part of the infosec community – talk to us and let us know what you are seeing. Also, when possible, we will set up private conversations with large organizations that use Kali to get a feel for their unique needs.

The answer the second question – How to make Kali the best possible platform for training? – we work very closely with the OffSec content development team to find out what tools they are using for training, what sort of default environment works best for learners, and what we can do in Kali to support general education efforts.

Surprisingly, even though Kali is built for advanced information security work, it is often the first Linux many users ever use. So we are careful with the design of Kali to ensure that it is approachable. We want to ensure that you don’t have to be a Linux professional to utilize Kali successfully in OffSec courses.

What’s your vision for Kali Linux in the next 12 months? What areas need polishing?

The changing of attack techniques over time does not impact Kali as much as you might think, as techniques are more often than not implemented in tools and scripts. While the tools and scripts change, Kali Linux as a platform to launch them does not have to change much. The closest item to this is expanding Kali to run everywhere. Our goal is to put the Kali toolset as close as possible to you no matter where you are.

Kali installed on bare metal, Kali in a VM, Kali in containers (Docker & LXC), Kali on WSL, Kali on various ARM devices such as Raspberry Pi, Kali in a cloud instance such as AWS and Azure, Kali on your Android phone or tablet – we even have Kali running on a watch! No matter where you are or what your needs are, we want Kali to be easy to access and run.

Kali is primarily gered towards pentesting and red teaming, but we are looking at expanding into other areas of information security as well.

Kali Linux comes with a myriad of tools. What’s the process for including or removing a piece of software? What tools are used the most?

What tools run in Kali is really a matter of input from the team, community, and OffSec. Our goal is to have the most frequently used and important tools installed and working out of the box. Other common tools are installed quickly and easily with a single command.

We add new tools based on the answers to a number of questions: What functionality does the tool provide and is it unique or different enough from functionalities of other tools? Is the tool going to be maintained and updated over a reasonable period of time? How functional is the tool? It is a wrapper for another tool? Does the developer have a positive reputation?

If a tool stops being updated and stops working, we’ll try to work with the author. If they are unresponsive and the effort of maintaining the tool becomes too complex, we document this and then often remove it.

We get a lot of input from the OffSec pentesting team on what tools they are using in the field today, as well as the OffSec content developers on what tools are being used as part of the courseware. The idea is to have all the tools used in OffSec coursework out of the box to keep things easy for students.

Do major software development trends influence your approach to enhancing Kali Linux? How do you prioritize features?

When prioritizing features, we look at what is needed at the current time. We release Kali in quarterly updates so that dictates our development cycle. Each cycle we look at what is happening in the industry, where the gaps are, and determine what to prioritize.

On this front, there is a lot to balance. Everything from the distribution of Kali, installation, user experience, tools, stability, so on and so forth. It’s a full operating system and a small team so we have to pick and choose what goes into it, we can’t do everything each cycle. Again, input from the community and OffSec sets the priorities.

There’s been a lot of buzz around AI lately. Do you expect AI to play a role in future Kali Linux versions?

As Kali is a base OS, not right now. For tools that run in Kali, perhaps in time. As soon as the tools are there we will add them into Kali if they are any good. But there are also always fad trends so we tend not to get over-excited about them until they start to actually deliver results.

We have seen demonstrations of tools being developed with some of the PoC which have been creating some buzz, but as they are not ready to be released we are a ways off from this yet.

Kali Linux 2022.4 released | OpenSourceFeed


5 Kali Linux tools you should learn how to use

5 Kali Linux books you should read this year

New Book: Advanced Security Testing with Kali Linux!

Infosec books | InfoSec tools | InfoSec services

Tags: Kali Linux


Dec 27 2022

Critical “10-out-of-10” Linux kernel SMB hole – should you worry?

Category: Linux SecurityDISC @ 11:17 am

Just before the Christmas weekend – in fact, at about the same time that beleaguered password management service LastPass was admitting that, yes, your password vaults were stolen by criminals after all – we noticed a serious-sounding Linux kernel vulnerability that hit the news.

The alerts came from Trend Micro’s Zero Day Initiative (ZDI), probably best known for buying up zero-day security bugs via the popular Pwn2Own competitions, where bug-bounty hunting teams compete live on stage for potentially large cash prizes.

In return for sponsoring the prize money, the vendors of products ranging from operating systems and browsers to networked printers and internet routers hope to buy up brand new security flaws, so they can fix the holes responsibly. (To collect their prizes, participants have to provide a proper write-up, and agree not to share any information about the flaw until the vendor has had a fair chance to fix it.)

But ZDI doesn’t just deal in competitive bug hunting in its twice-a-year contests, so it also regularly puts out vulnerability notices for zero-days that were disclosed in more conventional ways, like this one, entitled Linux Kernel ksmbd Use-After-Free Remote Code Execution Vulnerability.

Serving Windows computers via Linux

SMB is short for server message block, and it’s the protocol that underpins Windows networking, so almost any Linux server that provides network services to Windows computers will be running software to support SMB.

As you can therefore imagine, SMB-related security bugs, especially ones that can be exploited over the network without the attacker needing to logon first, as is the case here, are potentially serious issues for most large corporate networks.

SMB support is also generally needed in home and small-business NAS (network attached storage) devices, which generally run Linux internally, and provide easy-to-use, plug-it-in-and-go file server features for small networks.

No need to learn Linux yourself, or to set up a full-blown server, or to learn how to configure Linux networking – just plug-and-play with the NAS device, which has SMB support built-in and ready to go for you.

Why the holiday timing?

In this case, the bug wasn’t deliberately disclosed on the night before the night before the night before Christmas in a not-so-ho-ho-ho bid to spoil your festive season by freaking you out.

And it wasn’t reported just before the weekend in a bid to bury bad PR by hoping you’d be vacation-minded enough either to miss the story completely or to shrug it off until the New Year.

The good news is that, as usually happens under the umbrella of responsible disclosure, the date for ZDI’s report was agreeed in advance, presumably when the flaw was disclosed, thus giving the Linux kernel team sufficient time to fix the problem properly, while nevertheless not allowing them to put the issue off indefinitely.

In this case, the bug report is listed as having happened on 2022-07-26, and what ZDI refers to as the “co-ordinated public release of [the] advisory” was set for 2022-12-22, which turns out to be exactly 150 days, if you count old-school style and include the full day at each end.

So, even though this bug has had some dramatic coverage over the holiday weekend, given that it was a remote code execution (RCE) hole in the Linux kernel itself, and came with a so-called CVSS score of 10/10, considered Critical

…it was patched in the Linux source code within just two days of disclosure, and the fix was accepted and packaged into the official Linux kernel source code in time for the release of Linux 5.15.61, back on 2022-08-17, just 23 days after the report first came in.

In other words, if you’ve updated your Linux kernel any time since then, you’re already safe, no matter what kernel compilation settings you or your distro used. (This includes 24 subsequent updates to the kernel 5.15 series, now at 5.15.85, along with any versions of kernel 6.0, kernel 6.1 and the still-in-candidate-stage kernel 6.2, all of which had their first releases after August 2022.)

Probably not the SMB software you suspect

Also, although it sounds at first glance as though this bug will inevitably affect any Linux server or device supporting Windows networking, that’s not true either.

Most sysadmins, and in our experience most NAS programmers, provide Windows SMB supprt via a long-running and well-respected open source toolkit called Samba, where the name Samba is simply the closest pronounceable word that the original developer, open-source luminary Andrew “Tridge” Tridgell OAM, could find to represent the abbreviation SMB.

Anyone who has used Samba will know that the software runs as a regular application, in what’s known as user space, in other words, without needing its own code running inside the kernel, where even modest bugs could have dangerous repercussions.

Indeed, the main Samba program file is called smbd, where the trailing -D is a typical Unixism standing for daemon, or background process – what Windows admins would call a service.

This bug, as you can see from the ZDI report, is in a kernel module called ksmbd, where the -D denotes a background service, the -SMB- denotes Windows networking support, and the K- means runs in kernel space, i.e. right inside the kernel itself.

At this point, you’re probably asking yourself, “Why bury the complexity of supporting SMB right into the kernel, given that we’ve already got a reliable and well-respected user-space product in the form of Samba, and given that the risks are much greater?”

Why, indeed?

As so often, there seem to be two main reasons: [A] because we can! and [B] because performance.

By pushing what are typically high-level software features down into the kernel, you can often improve performance, though you almost always pay the price of a corresponding, and possibly considerable, decrease in safety and security.

What to do?

  • Check if you have a Linux kernel based on any release on or after 5.15.61 (dated 2022-08-17). If so, this bug is fixed in the source code. No matter what kernel compilation options you (or your distro maker) choose, the bug can’t and won’t exist on your system.
  • Check if your Linux kernel build even includes ksmbd. Most popular distros neither compile it in, nor build it as a module, so you can’t load it or activate it, even by mistake.
  • Check with your vendor if you are using an applicance such as a NAS box or other device that supports connections from Windows computers. Chances are that your NAS device won’t be using ksmbd, even if it still has a kernel version that is vulnerable in theory.
  • If you’re using ksmbd out of choice, consider re-evaluating your risk. Make sure you measure the true increase in performance you’ve achieved, and decide whether the payoff is really worth it.

COMMANDS YOU CAN USE TO CHECK YOUR EXPOSURE

Any Linux from 5.15.61 on, or any 6.x, is already patched. 
To check your Linux version:

  $ uname -o -r
  6.1.1 GNU/Linux     
To see if this kernel feature is compiled in, you can dump the 
compile-time configuration of the running kernel:

  $ zcat /proc/config.gz | grep SMB_SERVER
  # CONFIG_SMB_SERVER is not set

If this compile-time configuration setting is unset, or set to 
"n" for no, the feature wasn't built at all.

If it says "y" for yes, then the kernel SMB server is compiled 
right into your kernel, so ensure you have a patched version.

If it says "m" for module, then the kernel build probably 
includes a run-time module that can be loaded on demand.
To see if your kernel has a loadable module available:

  $ /sbin/modprobe --show ksmbd
  modprobe: FATAL: Module ksmbd not found in directory /lib/modules/6.1.1

Note that "--show" means "do not actually do it, just show 
if loading it would actually work or not".
To see if your system has the ksmbd module already active:

  $ lsmod | grep ksmbd

If you see no output, the module wasn’t matched in the list.

To stop the module loading in case it ever shows up, add a 
file with a name such as ksmbd.conf to the directory 
/lib/modules.d or /etc/modules.d with this line in it:

  blacklist ksmbd

Mastering Linux Security and Hardening: Protect your Linux systems from intruders, malware attacks, and other cyber threats

Infosec books | InfoSec tools | InfoSec services

Tags: Linux Security, Mastering Linux Security and Hardening


Dec 05 2022

A New Linux Flaw Lets Attackers Gain Full Root Privilege

Category: Linux SecurityDISC @ 10:41 am

The Threat Research Unit at Qualys’ has revealed how a new Linux flaw tracked as (CVE-2022-3328),  may be combined with two other, seemingly insignificant flaws to gain full root rights on a compromised system.

The Linux snap-confine function, a SUID-root program installed by default on Ubuntu, is where the vulnerability is located.

The snap-confine program is used internally by snapd to construct the execution environment for snap applications, an internal tool for confining snappy applications.

Linux Flaw Let Attackers Gain Full Root Privilege

The newly discovered flaw, tracked as CVE-2022-3328, is a race condition in Snapd, a Canonical-developed tool used for the Snap software packaging and deployment system. 

The issue specifically affects the ‘snap-confine’ tool that Snapd uses to build the environment in which Snap applications are executed.

“In February 2022, Qualys Threat Research Unit (TRU) published CVE-2021-44731 in our “Lemmings” advisory. The vulnerability (CVE-2022-3328) was introduced in February 2022 by the patch for CVE-2021-44731).” reads the post published by Qualys.

“The Qualys Threat Research Unit (TRU) exploited this bug in Ubuntu Server by combining it with two vulnerabilities in multipathd called Leeloo Multipath (an authorization bypass and a symlink attack, CVE-2022-41974, and CVE-2022-41973), to obtain full root privileges”.

The CVE-2022-3328 weakness was chained by the researchers to two other flaws in Multipathd, a daemon responsible for looking for failed paths. Particularly, in several distributions’ default installations, including Ubuntu, Multipathd runs as root.

Two Vulnerabilities Impact Multipathd

The device-mapper-multipath, when used alone or in conjunction with CVE-2022-41973, enables local users to gain root access. 

In this case, the access controls can be evaded and the multipath configuration can be changed by local users who have the ability to write to UNIX domain sockets.

This problem arises because using arithmetic ADD rather than bitwise OR causes a keyword to be incorrectly handled when repeated by an attacker. Local privilege escalation to root may result from this.

Together with CVE-2022-41974, the device-mapper-multipath enables local users to get root access. Further, due to improper symlink handling, local users with access to /dev/shm can modify symlinks in multipathd, which could result in controlled file writes outside of the /dev/shm directory. Hence, this could be used indirectly to elevate local privileges to the root.

Notably, any unprivileged user might get root access to a vulnerable device by chaining the Snapd vulnerability with the two Multipathd vulnerabilities.

“Qualys security researchers have verified the vulnerability, developed an exploit, and obtained full root privileges on default installations of Ubuntu,” Qualys said.

On Ubuntu default installations, Qualys security researchers have confirmed the vulnerability, developed an exploit and got full root access.

Although the vulnerability cannot be used remotely, the cybersecurity company issues a warning that it is unsafe because it can be used by an unprivileged user.

Linux Flaw Let Attackers Gain Full Root Privilege

Mastering Linux Security and Hardening

DISC InfoSec

#InfoSecTools and #InfoSectraining

#InfoSecLatestTitles

#InfoSecServices

Follow DISC #InfoSec blog

Ask DISC an InfoSec & compliance related question

 

Tags: Linux Flaw, Mastering Linux Security and Hardening, Root Privilege


Nov 16 2022

5 Kali Linux tools you should learn how to use

Category: Linux SecurityDISC @ 11:03 am

Kali Linux is a specialized Linux distribution developed by Offensive Security, designed for experienced Linux users who need a customized platform for penetration testing.

Kali Linux also comes with several hundred specialized tools for carrying out penetration testing, security research, computer forensics, reverse engineering, vulnerability management, and red team testing. Here are 5 you should learn how to use.

Aircrack-ng

Aircrack-ng is a complete suite of tools to assess Wi-Fi network security, focusing on:

  • Monitoring: Packet capture and export of data to text files for further processing by third-party tools
  • Attacking: Replay attacks, deauthentication, fake access points and others via packet injection
  • Testing: Checking WiFi cards and driver capabilities (capture and injection)
  • Cracking: WEP and WPA PSK (WPA 1 and 2)
Aircrack-ng

John the Ripper

John the Ripper is an open-source password security auditing and password recovery tool. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos/AFS and Windows LM hashes, as well as DES-based tripcodes, plus hundreds of additional hashes and ciphers in “-jumbo” versions.

Kali Linux tools

Lynis

Lynis performs an extensive health scan of your systems to support system hardening and compliance testing. Lynis is open-source and flexible, and used for several different purposes. Typical use cases include:

  • Security auditing
  • Compliance testing (e.g. PCI, HIPAA, SOx)
  • Penetration testing
  • Vulnerability detection
  • System hardening
Kali Linux tools

Metasploit

Metasploit is the world’s most used penetration testing framework. A collaboration between the open source community and Rapid7, Metasploit helps security teams do more than just verify vulnerabilities, manage security assessments, and improve security awareness; it empowers and arms defenders to always stay one step (or two) ahead of the game.

For more information about the past, present and future of Metasploit, watch our video with Spencer McIntyre, Lead Security Researcher at Rapid7.

Metasploit

Nmap

Nmap is a free and open-source utility for network discovery and security auditing. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics.

Kali Linux tools

More Kali Linux content to check out:

Checkout our previous posts on Linux Security

Kali Linux tools

Tags: Kali Linux


Oct 12 2022

5 Kali Linux books you should read this year

Category: Hacking,Linux SecurityDISC @ 1:36 pm

Kali Linux is a Linux distribution designed for digital forensics, penetration testing, security research, and reverse engineering.

Here is a selection of books for different experience levels, you can either start from scratch or get advanced tips – there’s something for everyone.

Advanced Security Testing with Kali Linux

Independently published / Author: Daniel Dieterle

Kali Linux books

This book covers the more intermediate and advanced uses of the Kali Linux pentesting distribution. You will learn topics like:

  • The MITRE ATT@CK Framework
  • Command & Control (C2) frameworks
  • In-depth network scanning
  • Web app pentesting
  • Advanced techniques like “Living off the Land”
  • AV bypass tools
  • Using IoT devices in security

Kali Linux Penetration Testing Bible

Wiley / Author: Gus Khawaja

Kali Linux books

This book is the hands-on and methodology guide for pentesting with Kali Linux. You’ll discover everything you need to know about the tools and techniques hackers use to gain access to systems like yours so you can erect reliable defenses for your virtual assets. Whether you’re new to the field or an established pentester, you’ll find what you need in this comprehensive guide.

  • Build a modern dockerized environment
  • Discover the fundamentals of the bash language in Linux
  • Use a variety of effective techniques to find vulnerabilities (OSINT, Network Scan, and more)
  • Analyze your findings and identify false positives and uncover advanced subjects, like buffer overflow, lateral movement, and privilege escalation
  • Apply practical and efficient pentesting workflows
  • Learn about Modern Web Application Security Secure SDLC
  • Automate your penetration testing with Python

Linux Basics for Hackers: Getting Started with Networking, Scripting, and Security in Kali

No Starch Press / Author: OccupyTheWeb

Linux Basics for Hackers: Getting Started with Networking, Scripting, and Security in Kali

If you’re getting started along the exciting path of hacking, cybersecurity, and pentesting, Linux Basics for Hackers is an excellent first step. Using Kali Linux, an advanced penetration testing distribution of Linux, you’ll learn the basics of using the Linux operating system and acquire the tools and techniques you’ll need to take control of a Linux environment.

First, you’ll learn how to install Kali on a virtual machine and get an introduction to basic Linux concepts. Next, you’ll tackle broader Linux topics like manipulating text, controlling file and directory permissions, and managing user environment variables. You’ll then focus in on foundational hacking concepts like security and anonymity and learn scripting skills with bash and Python. Practical tutorials and exercises throughout will reinforce and test your skills as you learn how to:

  • Cover your tracks by changing your network information and manipulating the rsyslog logging utility
  • Write a tool to scan for network connections, and connect and listen to wireless networks
  • Keep your internet activity stealthy using Tor, proxy servers, VPNs, and encrypted email
  • Write a bash script to scan open ports for potential targets
  • Use and abuse services like MySQL, Apache web server, and OpenSSH
  • Build your own hacking tools, such as a remote video spy camera and a password cracker

Mastering Kali Linux for Advanced Penetration Testing, 4th Edition

Packt Publishing / Author: Vijay Kumar Velu

Mastering Kali Linux for Advanced Penetration Testing, 4th Edition

In this book you’ll learn an offensive approach to enhance your penetration testing skills by testing the sophisticated tactics employed by real hackers. You’ll go through laboratory integration to cloud services so that you learn another dimension of exploitation that is typically forgotten during a penetration test. You’ll explore different ways of installing and running Kali Linux in a VM and containerized environment and deploying vulnerable cloud services on AWS using containers, exploiting misconfigured S3 buckets to gain access to EC2 instances.

This book delves into passive and active reconnaissance, from obtaining user information to large-scale port scanning. Building on this, different vulnerability assessments are explored, including threat modeling. See how hackers use lateral movement, privilege escalation, and command and control (C2) on compromised systems. By the end of this book, you’ll have explored many advanced pentesting approaches and hacking techniques employed on networks, IoT, embedded peripheral devices, and radio frequencies.

For more information about this book, we have a video with the author you can watch here.

The Ultimate Kali Linux Book – 2nd Edition

Packt Publishing / Author: Glen D. Singh

Kali Linux books

This is a comprehensive guide for those who are new to Kali Linux and penetration testing that will have you up to speed in no time. Using real-world scenarios, you’ll understand how to set up a lab and explore core penetration testing concepts.

Throughout this book, you’ll focus on information gathering and even discover different vulnerability assessment tools bundled in Kali Linux. You’ll learn to discover target systems on a network, identify security flaws on devices, exploit security weaknesses and gain access to networks, set up Command and Control (C2) operations, and perform web application penetration testing. In this updated second edition, you’ll be able to compromise Active Directory and exploit enterprise networks.

Finally, this book covers best practices for performing complex web penetration testing techniques in a highly secured environment.

Tags: Kali Linux books


Sep 30 2022

Parrot Security OS 5.1 Release

Category: Linux SecurityDISC @ 8:30 am

Parrot 5.1 – What’s New?

Parrot created the latest release of the operating system to ensure it was as stable and adaptable as possible. There are a number of factors that have contributed to the success of this project.

https://twitter.com/ParrotSec/status/1575519347430543360?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1575519347430543360%7Ctwgr%5Eb4ff9b14e2b445fb0b87f6f3431d3db2784b50b1%7Ctwcon%5Es1_c10&ref_url=https%3A%2F%2Fgbhackers.com%2Fparrot-5-1%2F

Here below we have mentioned all the new additions:-

  • New kernel 5.18
  • Updated docker containers
  • Updated backports
  • System updates
  • Firefox profile overhault
  • Major updates for tools
  • New AnonSurf 4.0
  • Parrot IoT improvements
  • Architect Edition improvements
  • New infrastructure powered by Parrot and Kubernetes

How to Download or Update?

The Parrot OS 5.1 can be downloaded by clicking on the following link. In order to keep users safe, ParrotSec always recommends to users that third-party sources should never be trusted.

You can also use the official torrent files for these downloads if the direct downloads are not working for you. As in most cases, the firewall and network restrictions can be circumvented by doing so.

If you are already using any older version of Parrot OS then you can update to the latest version and to do so you have to follow a few commands that we have mentioned below:-

sudo parrot-upgrade

or

sudo apt update && sudo apt full-upgrade

Parrot Security OS 5.1

EZITSOL 32GB 9-in-1 Linux Bootable USB 

Tags: Parrot Security OS 5.1


Sep 15 2022

5 Kali Linux books you should read this year

Advanced Security Testing with Kali Linux

Independently published / Author: Daniel Dieterle

Kali Linux books

This book covers the more intermediate and advanced uses of the Kali Linux pentesting distribution. You will learn topics like:

  • The MITRE ATT@CK Framework
  • Command & Control (C2) frameworks
  • In-depth network scanning
  • Web app pentesting
  • Advanced techniques like “Living off the Land”
  • AV bypass tools
  • Using IoT devices in security

Kali Linux Penetration Testing Bible

Wiley / Author: Gus Khawaja

Kali Linux books

This book is the hands-on and methodology guide for pentesting with Kali Linux. You’ll discover everything you need to know about the tools and techniques hackers use to gain access to systems like yours so you can erect reliable defenses for your virtual assets. Whether you’re new to the field or an established pentester, you’ll find what you need in this comprehensive guide.

  • Build a modern dockerized environment
  • Discover the fundamentals of the bash language in Linux
  • Use a variety of effective techniques to find vulnerabilities (OSINT, Network Scan, and more)
  • Analyze your findings and identify false positives and uncover advanced subjects, like buffer overflow, lateral movement, and privilege escalation
  • Apply practical and efficient pentesting workflows
  • Learn about Modern Web Application Security Secure SDLC
  • Automate your penetration testing with Python

Linux Basics for Hackers: Getting Started with Networking, Scripting, and Security in Kali

No Starch Press / Author: OccupyTheWeb

Linux Basics for Hackers: Getting Started with Networking, Scripting, and Security in Kali

If you’re getting started along the exciting path of hacking, cybersecurity, and pentesting, Linux Basics for Hackers is an excellent first step. Using Kali Linux, an advanced penetration testing distribution of Linux, you’ll learn the basics of using the Linux operating system and acquire the tools and techniques you’ll need to take control of a Linux environment.

First, you’ll learn how to install Kali on a virtual machine and get an introduction to basic Linux concepts. Next, you’ll tackle broader Linux topics like manipulating text, controlling file and directory permissions, and managing user environment variables. You’ll then focus in on foundational hacking concepts like security and anonymity and learn scripting skills with bash and Python. Practical tutorials and exercises throughout will reinforce and test your skills as you learn how to:

  • Cover your tracks by changing your network information and manipulating the rsyslog logging utility
  • Write a tool to scan for network connections, and connect and listen to wireless networks
  • Keep your internet activity stealthy using Tor, proxy servers, VPNs, and encrypted email
  • Write a bash script to scan open ports for potential targets
  • Use and abuse services like MySQL, Apache web server, and OpenSSH
  • Build your own hacking tools, such as a remote video spy camera and a password cracker

Mastering Kali Linux for Advanced Penetration Testing, 4th Edition

Packt Publishing / Author: Vijay Kumar Velu

Mastering Kali Linux for Advanced Penetration Testing, 4th Edition

In this book you’ll learn an offensive approach to enhance your penetration testing skills by testing the sophisticated tactics employed by real hackers. You’ll go through laboratory integration to cloud services so that you learn another dimension of exploitation that is typically forgotten during a penetration test. You’ll explore different ways of installing and running Kali Linux in a VM and containerized environment and deploying vulnerable cloud services on AWS using containers, exploiting misconfigured S3 buckets to gain access to EC2 instances.

This book delves into passive and active reconnaissance, from obtaining user information to large-scale port scanning. Building on this, different vulnerability assessments are explored, including threat modeling. See how hackers use lateral movement, privilege escalation, and command and control (C2) on compromised systems. By the end of this book, you’ll have explored many advanced pentesting approaches and hacking techniques employed on networks, IoT, embedded peripheral devices, and radio frequencies.

For more information about this book, we have a video with the author you can watch here.

The Ultimate Kali Linux Book – 2nd Edition

Packt Publishing / Author: Glen D. Singh

Kali Linux books

This is a comprehensive guide for those who are new to Kali Linux and penetration testing that will have you up to speed in no time. Using real-world scenarios, you’ll understand how to set up a lab and explore core penetration testing concepts.

Throughout this book, you’ll focus on information gathering and even discover different vulnerability assessment tools bundled in Kali Linux. You’ll learn to discover target systems on a network, identify security flaws on devices, exploit security weaknesses and gain access to networks, set up Command and Control (C2) operations, and perform web application penetration testing. In this updated second edition, you’ll be able to compromise Active Directory and exploit enterprise networks.

Finally, this book covers best practices for performing complex web penetration testing techniques in a highly secured environment.

Hacking Handbooks

DISC InfoSec

#InfoSecTools and #InfoSectraining

#InfoSecLatestTitles

#InfoSecServices

Follow DISC #InfoSec blog

Ask DISC an InfoSec & compliance related question

Tags: Kali Linux, Kali Linux books


Jun 28 2022

Latest OpenSSL version is affected by a remote memory corruption flaw

Category: Information Security,Linux Security,Open NetworkDISC @ 7:50 am

Expert discovered a remote memory-corruption vulnerability affecting the latest version of the OpenSSL library.

Security expert Guido Vranken discovered a remote memory-corruption vulnerability in the recently released OpenSSL version 3.0.4. The library was released on June 21, 2022, and affects x64 systems with the AVX-512 instruction set.

“OpenSSL version 3.0.4, released on June 21th 2022, is susceptible to remote memory corruption which can be triggered trivially by an attacker. BoringSSL, LibreSSL and the OpenSSL 1.1.1 branch are not affected. Furthermore, only x64 systems with AVX512 support are affected. The bug is fixed in the repository but a new release is still pending.” reads the post published by Vranken.

The issue can be easily exploited by threat actors and it will be addressed with the next release.

Google researcher David Benjamin that has analyzed the vulnerability argues that the bug does not constitute a security risk. Benjamin also found an apparent bug in the paper by Shay Gueron upon which the RSAZ code is based.

OpenSSL CVE-2021-3711

A Concise Guide to SSL/TLS for DevOps

Tags: OpenSSL


Jun 10 2022

Symbiote, a nearly-impossible-to-detect Linux malware

Category: Linux SecurityDISC @ 8:37 am

Researchers uncovered a high stealth Linux malware, dubbed Symbiote, that could be used to backdoor infected systems.

Joint research conducted by security firms Intezer and BlackBerry uncovered a new Linux threat dubbed Symbiote.

The name comes from the concept of symbiote which is an organism that lives in symbiosis with another organism, exactly like this implant does with the infected systems. For this reason, security researchers defined this threat as nearly impossible to detect.

Unlike other Linux threats, Symbiote needs to infect other running processes to inflict damage on the compromised machines. It is a shared object (SO) library that is loaded into all running processes using LD_PRELOAD (T1574.006), and like a parasite infects the machine. Once the malware has infected all the running processes, it provides the threat actor with rootkit capability and supports data-stealing capabilities.

The malware was first spotted in November 2021, experts believe it was designed to target the financial sector in Latin America, such as Banco do Brasil and Caixa.

“Once the malware has infected a machine, it hides itself and any other malware used by the threat actor, making infections very hard to detect. Performing live forensics on an infected machine may not turn anything up since all the file, processes, and network artifacts are hidden by the malware. In addition to the rootkit capability, the malware provides a backdoor for the threat actor to log in as any user on the machine with a hardcoded password, and to execute commands with the highest privileges.” reads the report published by Blackberry. “Since it is extremely evasive, a Symbiote infection is likely to “fly under the radar.” In our research, we haven’t found enough evidence to determine whether Symbiote is being used in highly targeted or broad attacks.”

Experts reported that one interesting technical features implemented by Symbiote is the Berkeley Packet Filter (BPF) hooking functionality, it is the first Linux malware to use this feature to hide malicious network traffic.

“When an administrator starts any packet capture tool on the infected machine, BPF bytecode is injected into the kernel that defines which packets should be captured. In this process, Symbiote adds its bytecode first so it can filter out network traffic that it doesn’t want the packet-capturing software to see.” continues the report.

Symbiote can be loaded by the linker via the LD_PRELOAD directive before any other shared objects allowing to “hijack the imports” from the other library files loaded for the application.

Symbiote hides its presence by hooking libc and libpcap functions.

Symbiote

“Symbiote is a malware that is highly evasive. Its main objective is to capture credentials and to facilitate backdoor access to infected machines. Since the malware operates as a userland level rootkit, detecting an infection may be difficult.” concludes the report. “Network telemetry can be used to detect anomalous DNS requests, and security tools such as antivirus and endpoint detection and response (EDR) should be statically linked to ensure they are not “infected” by userland rootkits.”

Experts also shared indicators of compromise (IoCs) for this threat.

Kali Linux Penetration Testing Bible

Tags: Kali Linux Penetration Testing Bible, stealth Linux malware


Apr 27 2022

Linux Nimbuspwn flaws could allow attackers to deploy sophisticated threats

Category: Linux SecurityDISC @ 8:10 am

Microsoft disclosed two Linux privilege escalation flaws, collectively named Nimbuspwn, that could allow conducting various malicious activities.

The Microsoft 365 Defender Research Team has discovered two Linux privilege escalation flaws (tracked as CVE-2022-29799 and CVE-2022-29800) called “Nimbuspwn,” which can be exploited by attackers to conduct various malicious activities, including the deployment of malware.

“The vulnerabilities can be chained together to gain root privileges on Linux systems, allowing attackers to deploy payloads, like a root backdoor, and perform other malicious actions via arbitrary root code execution.” reads the advisory published by Microsoft.

The flaws can be exploited by attackers to achieve root access to the target systems and deploy by more sophisticated threats, such as ransomware.

The flaws reside in the systemd component called networked-dispatcher, which is dispatcher daemon for systemd-networkd connection status changes.

The review of the code flow for networkd-dispatcher revealed multiple security issues, including directory traversal, symlink race, and time-of-check-time-of-use race condition issues.

The researchers started enumerating services that run as root and listen to messages on the System Bus, performing both code reviews and dynamic analysis.

Chaining the issues, an attacker in control of a rogue D-Bus service that can send an arbitrary signal, can deploy backdoors on the compromised final touches.

Linux Nimbuspwn flaws

he researchers were able to develop their own exploit that runs an arbitrary script as root. The exploit also copies /bin/sh to the /tmp directory, sets /tmp/sh as a Set-UID (SUID) executable, and then invokes “/tmp/sh -p”. (the “-p” flag is necessary to force the shell to not drop privileges)

Researchers recommend users of networkd-dispatcher to update their installs.

“To address the specific vulnerabilities at play, Microsoft Defender for Endpoint’s endpoint detection and response (EDR) capabilities detect the directory traversal attack required to leverage Nimbuspwn.” concludes the post.

Mastering Linux Security and Hardening

👇 Please Follow our LI page…


DISC InfoSec

#InfoSecTools and #InfoSectraining

#InfoSecLatestTitles

#InfoSecServices

Tags: Linux Security, Mastering Linux Security and Hardening


Mar 17 2022

B1txor20 Linux botnet use DNS Tunnel and Log4J exploit

Category: DNS Attacks,Linux Security,Log4jDISC @ 8:50 am

Researchers uncovered a new Linux botnet, tracked as B1txor20, that exploits the Log4J vulnerability and DNS tunnel.

Researchers from Qihoo 360’s Netlab have discovered a new backdoor used to infect Linux systems and include them in a botnet tracked as B1txor20.

The malware was first spotted on February 9, 2022, when 360Netlab’s honeypot system captured an unknown ELF file that was spreading by exploiting the Log4J vulnerability.

The name B1txor20 is based on the file name “b1t” used for the propagation and the XOR encryption algorithm, and the RC4 algorithm key length of 20 bytes.

The B1txor20 Linux backdoor uses DNS Tunnel technology for C2 communications, below is the list of the main features implemented by the threat:

  • SHELL
  • Proxy
  • Execute arbitrary commands
  • Install Rootkit
  • Upload sensitive information
B1txor20

The researchers also noticed the presence of many developed features that have yet to be used, and some of them are affected by bugs. Experts believe the B1txor20 botnet is under development.

“In short, B1txor20 is a Backdoor for the Linux platform, which uses DNS Tunnel technology to build C2 communication channels. In addition to the traditional backdoor functions, B1txor20 also has functions such as opening Socket5 proxy and remotely downloading and installing Rootkit.” reads the analysis published by the experts.

Once the system has been compromised, the threat connects the C2 using the DNS tunnel and retrieves and executes commands sent by the server. The researchers noticed that the bot supports a total of 14 commands that allows it to execute arbitrary commands, upload system information, manipulate files, starting and stopping proxy services, and creating reverse shells.

“Generally speaking, the scenario of malware using DNS Tunnel is as follows: Bot sends the stolen sensitive information, command execution results, and any other information that needs to be delivered, after hiding it using specific encoding techniques, to C2 as a DNS request; After receiving the request, C2 sends the payload to the Bot side as a response to the DNS request. In this way, Bot and C2 achieve communication with the help of DNS protocol.” continues the analysis.

The post includes additional technical details along with Indicators of Compromise (IoCs) for this threat.

Indicators of Compromise Associated with BlackByte Ransomware: Joint Cybersecurity Advisory

Tags: B1txor20 Linux botnet, Indicators of Compromise, IoC


Mar 07 2022

CVE-2022-0492 flaw in Linux Kernel cgroups feature allows container escape

Category: Linux SecurityDISC @ 9:49 am

A Linux kernel flaw, tracked as CVE-2022-0492, can allow an attacker to escape a container to execute arbitrary commands on the container host.

A now-patched high-severity Linux kernel vulnerability, tracked as CVE-2022-0492 (CVSS score: 7.0), can be exploited by an attacker to escape a container to execute arbitrary commands on the container host.

The issue is a privilege escalation flaw affecting the Linux kernel feature called control groups (groups), that limits, accounts for, and isolates the resource usage (CPU, memory, disk I/O, network, etc.) of a collection of processes.

“A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.” reads the advisory published for this flaw.

Major Linux distros, including SuseUbuntu, and Redhat, also published their own advisories.

The flaw resides in the cgroups v1 release_agent functionality which is executed after the termination of any process in the group.

The root cause of the problem is the cgroups implementation in the Linux kernel that did not properly restrict access to the feature. A local attacker could exploit this vulnerability to gain administrative privileges.

The vulnerability was discovered by the security researchers Yiqi Sun and Kevin Wang.

“On Feb. 4, Linux announced 

, a new privilege escalation vulnerability in the kernel.  marks a logical bug in control groups (cgroups), a Linux feature that is a fundamental building block of containers.” reads the analysis published by Palo Alto Networks Unit 42 researcher Yuval Avrahami. “The issue stands out as one of the simplest Linux privilege escalations discovered in recent times: The Linux kernel mistakenly exposed a privileged operation to unprivileged users.”

According to Palo Alto Networks, CVE-2022-0492 is caused by the lack of check that the process setting the release_agent file has administrative privileges (i.e. the CAP_SYS_ADMIN capability).

Attackers that can write to the release_agent file, can force the kernel into invoking a binary of their choosing with elevated privileges and take over the machine. Only processes with “root” privileges can write to the file.

“Because Linux sets the owner of the release_agent file to root, only root can write to it (or processes that can bypass file permission checks via the CAP_DAC_OVERRIDE capability). As such, the vulnerability only allows root processes to escalate privileges.” continues the analysis. “At first glance, a privilege escalation vulnerability that can only be exploited by the root user may seem bizarre. Running as root doesn’t necessarily mean full control over the machine: There’s a gray area between the root user and full privileges that includes capabilities, namespaces, and containers. In these scenarios where a root process doesn’t have full control over the machine, CVE-2022-0492 becomes a serious vulnerability.”

Users are recommended to apply the security fixes as soon as possible. Containers running AppArmor or SELinux security systems are not impacted.

Linux® Hardening in Hostile Networks

Tags: container escape, CVE-2022-0492


Feb 20 2022

New Book: Advanced Security Testing with Kali Linux!

Category: Information Security,Linux SecurityDISC @ 11:40 pm

In Advanced Security Testing with Kali Linux you will learn topics like:

  • The MITRE ATT@CK Framework
  • Command & Control (C2) Frameworks
  • Indepth Network Scanning
  • Web App Pentesting
  • Advanced Techniques like “Living off the Land”
  • AV Bypass Tools
  • Using IoT Devices in Security
  • and much, much more!!

Learning attacker Tactics, Techniques and Procedures (TTPs) are imperative in defending modern networks. This hands on guide will help guide you through these with step by step tutorials using numerous pictures for clarity.

Want to step your security game up to the next level? Check out “Advanced Security Testing with Kali Linux”.

Tags: Kali Linux, Security testing


Next Page »