/tags/security/Recent content in Security on Linux SecurityHugoenTue, 28 Jan 2025 00:00:00 +0000/post/pentest/Tue, 28 Jan 2025 00:00:00 +0000/post/pentest/Penetration testing (pentesting) is an essential process for identifying and addressing vulnerabilities within web applications. It involves simulating cyberattacks to assess the security of systems, networks, and applications, ultimately revealing areas of weakness that could be exploited by malicious actors. Web applications, being a major point of interaction for many businesses, are a prime target for cyberattacks. Therefore, ensuring that these applications are robust against common threats is critical. There are a variety of tools available to pentesters to help automate and streamline the process of identifying vulnerabilities in web applications./post/kali/Thu, 23 Jan 2025 00:00:00 +0000/post/kali/Kali Linux is a specialized Linux distribution designed for penetration testing, security research, computer forensics, and reverse engineering. Developed and maintained by Offensive Security, Kali Linux has become a go-to platform for ethical hackers and security professionals worldwide. It comes preloaded with a vast array of tools tailored to meet the diverse needs of the cybersecurity domain. Features and Highlights Kali Linux stands out from other distributions due to its unique features:/post/wireshark/Thu, 23 Jan 2025 00:00:00 +0000/post/wireshark/Wireshark is a powerful open-source network protocol analyzer widely used for network troubleshooting, analysis, software development, and education. As one of the most trusted tools in the networking world, Wireshark provides unparalleled visibility into live and recorded network traffic, making it a cornerstone for IT professionals and cybersecurity experts. Key Features of Wireshark Deep Packet Inspection Wireshark captures and inspects packets in real time, offering detailed insights into network traffic. With support for hundreds of protocols, it decodes and displays protocol-specific data in an easy-to-read format./post/firewalls/Wed, 22 Jan 2025 00:00:00 +0000/post/firewalls/In the world of network security, firewalls play a critical role in protecting systems from unauthorized access and malicious traffic. They are a fundamental component of any secure network infrastructure. However, not all firewalls are created equal, and understanding the differences between application-level firewalls and IP-level firewalls is crucial for building an effective defense strategy. In this post, we’ll explore the key distinctions between these two types of firewalls, with a particular focus on the advantages of application-level firewalls./post/apparmor/Sat, 18 Jan 2025 00:00:00 +0000/post/apparmor/AppArmor (Application Armor) is a Linux Security Module (LSM) that provides a practical, easy-to-use Mandatory Access Control (MAC) framework for restricting the capabilities of applications. Unlike SELinux, which relies on complex policies, AppArmor simplifies security by using profile-based access control. Key Features Profile-Based Access Control: AppArmor restricts application behavior based on predefined profiles. Path-Based Security Policies: Unlike SELinux, which uses labels, AppArmor policies are based on file paths. Learning Mode: Allows administrators to create security profiles by observing application behavior./post/landlock/Tue, 14 Jan 2025 00:00:00 +0000/post/landlock/Landlock is a Linux Security Module (LSM) that provides a flexible, unprivileged sandboxing mechanism for applications. Unlike traditional LSMs such as SELinux and AppArmor, which enforce mandatory access control policies set by system administrators, Landlock allows applications to define their own security restrictions. This makes it a powerful tool for developers seeking to add additional security layers without requiring elevated privileges. Key Features Unprivileged Sandboxing: Landlock enables applications to apply security restrictions without requiring root access or administrative intervention./post/wpscan/Sun, 12 Jan 2025 00:00:00 +0000/post/wpscan/WordPress is the backbone of nearly half the websites on the internet, making it a high-value target for attackers. WPScan is a specialized tool designed to help secure WordPress installations by identifying vulnerabilities, misconfigurations, and weak points in their setup. Developed for ethical hackers, administrators, and security professionals, WPScan is an essential tool for maintaining a secure WordPress environment. Learn more about WPScan on its official website, including its latest features and comprehensive documentation./post/lsm/Sat, 04 Jan 2025 00:00:00 +0000/post/lsm/Linux Security Modules (LSM) Linux Security Modules (LSM) is a framework that allows different security models to be implemented as kernel modules. It provides the necessary hooks within the Linux kernel for implementing access control mechanisms beyond the traditional Unix permissions model. Several LSMs are available, each with different use cases and security policies. SELinux Security-Enhanced Linux (SELinux) is one of the most well-known Linux Security Modules. Developed by the NSA, SELinux enforces Mandatory Access Control (MAC) policies, restricting processes and users based on predefined security policies./post/tor/Mon, 23 Dec 2024 00:00:00 +0000/post/tor/Tor, short for The Onion Router, is a free and open-source software designed to provide anonymous communication and protect users’ online privacy. By encrypting internet traffic and routing it through a global network of volunteer-operated servers, Tor conceals users’ identities and prevents tracking. This makes it a critical tool for privacy-conscious individuals, journalists, and human rights advocates. Learn more about Tor on the official website. How Does Tor Work? Tor leverages a unique technique known as onion routing to anonymize internet traffic./post/cowrie/Wed, 23 Oct 2024 00:00:00 +0000/post/cowrie/Cowrie is an open-source SSH and Telnet honeypot designed to mimic a vulnerable system and log attacker activities. Originally based on Kippo, Cowrie has evolved into a robust tool for cybersecurity research and monitoring. It allows organizations to collect valuable data on malicious activities, helping them strengthen their defenses against real-world threats. You can learn more about Cowrie and contribute to its development on its GitHub page. Key Features of Cowrie Emulation of SSH and Telnet Services Cowrie emulates SSH and Telnet protocols, attracting attackers attempting to gain unauthorized access./post/honeypots/Fri, 23 Aug 2024 00:00:00 +0000/post/honeypots/Honeypots in Computer Security Honeypots are important tools in computer security that can help organizations detect and respond to attacks. A honeypot is a system or network that is designed to look like a real target, but is actually used to monitor and analyze attacks. Honeypots can be used to gain insight into attackers’ tactics, techniques, and procedures, and can help organizations improve their security posture. Detection of Attacks One of the key benefits of honeypots is that they allow organizations to detect attacks that might otherwise go unnoticed./post/nmap/Wed, 21 Aug 2024 00:00:00 +0000/post/nmap/Nmap, short for Network Mapper, is a powerful open-source tool designed for network discovery and security auditing. Originally created by Gordon Lyon (Fyodor), Nmap has become an indispensable resource for security professionals, system administrators, and network engineers. Its ability to map networks, identify hosts and services, and detect vulnerabilities has earned it a place in the toolkit of anyone concerned with cybersecurity. Key Features of Nmap Network Discovery Nmap excels at network discovery, allowing users to identify devices and services running on a network./post/nuclei/Sat, 17 Aug 2024 00:00:00 +0000/post/nuclei/Nuclei is an innovative vulnerability scanner that has rapidly gained popularity in the cybersecurity world. Designed with speed, scalability, and flexibility in mind, it enables users to scan vast numbers of targets efficiently using customizable templates. Discover more about Nuclei on its GitHub repository, which hosts detailed documentation and the latest updates. Key Features Template-Based Scanning At the heart of Nuclei is its YAML-based template system. Templates define specific vulnerability checks, making it easy to share and reuse configurations./post/opencanary/Tue, 23 Apr 2024 00:00:00 +0000/post/opencanary/OpenCanary is a versatile, open-source network honeypot designed to detect malicious activity within networks. Created by Thinkst, it emulates various services to attract potential attackers and logs their activities, helping organizations identify and respond to threats in real-time. OpenCanary is lightweight, configurable, and an essential tool for security professionals aiming to enhance their network defenses. Key Features of OpenCanary Multi-Protocol Support OpenCanary supports a wide range of protocols, including but not limited to:/post/linux-security/Sat, 25 Mar 2023 00:00:00 +0000/post/linux-security/Introduction As a widely used operating system, Linux is often targeted by hackers and malicious actors. Therefore, it is crucial to harden Linux to make it more secure. Hardening Linux involves taking a series of measures to minimize vulnerabilities, prevent attacks, and mitigate the impact of successful attacks. By implementing these measures, Linux administrators can reduce the risk of data breaches, system disruptions, and other security incidents. Securing the Linux Kernel The Linux kernel is the core of the operating system, and securing it is essential for overall system security./post/seccomp/Sat, 25 Mar 2023 00:00:00 +0000/post/seccomp/Introduction: Understanding Seccomp Seccomp is a Linux kernel feature that enables administrators to restrict the actions that a process can perform, thus providing an additional layer of security. It stands for “secure computing mode” and was first introduced in the 2.6.12 kernel. Seccomp is a powerful tool for enhancing the security of a Linux system, as it helps to mitigate the risks of exploitation from untrusted code and malware. How Seccomp Works Seccomp works by limiting the system calls that a process can make./post/libvirt-selinux/Sat, 25 Mar 2023 00:00:00 +0000/post/libvirt-selinux/Introduction Libvirt is an open-source tool used for managing virtual machines on Linux systems. One of the challenges with virtualization is ensuring that the host system and virtual machines are secure. SELinux, or Security-Enhanced Linux, is a security module that can be used to add an additional layer of security to both the host system and virtual machines. In this article, we will explore how SELinux can be used to protect the host and virtual machines./post/rootkits-linux/Thu, 23 Mar 2023 00:00:00 +0000/post/rootkits-linux/Rootkits on Linux: A Threat to System Security A rootkit is a type of malicious software that allows an attacker to gain privileged access to a computer system. This access can be used to steal sensitive information, install additional malware, or carry out other malicious activities. Rootkits on Linux can be particularly dangerous, as they can go undetected for long periods of time and allow an attacker to gain complete control over the system./post/scap/Thu, 23 Mar 2023 00:00:00 +0000/post/scap/SCAP and OpenSCAP: Enhancing Computer Security The Security Content Automation Protocol (SCAP) is a suite of standards designed to help organizations manage their computer security vulnerabilities. It provides a standardized method for identifying, measuring, and evaluating security risks across an organization’s infrastructure. OpenSCAP is an open-source implementation of SCAP that provides a set of tools and libraries for integrating SCAP into an organization’s security management framework. SCAP Standards: Identifying and Measuring Security Risks The SCAP suite includes several standards for identifying and measuring security risks, including the Common Vulnerabilities and Exposures (CVE) dictionary, the Common Configuration Enumeration (CCE) standard, and the Common Platform Enumeration (CPE) standard.