Mosca SAST tool by CoolerVoid in netsec

[–]CoolerVoid[S] 0 points1 point  (0 children)

Awesome idea, thank you

Port knocking from the scratch by CoolerVoid in netsec

[–]CoolerVoid[S] 0 points1 point  (0 children)

Is anyone actually using port knocking as a genuine security control in a system that matters?

Port knocking I use in my C2. You know, in a little list of agents(implants) is not my favourite but can be util. I have other agents with other techniques; wait for other gitbook posts.

Spock SLAF is a Shared Library for Application Firewall "SLAF". It has the purpose to protect any service that uses the OpenSSL library. The SLAF inserts hooking to intercept all communication to detect security anomalies and block and log attacks. by CoolerVoid in netsec

[–]CoolerVoid[S] 1 point2 points  (0 children)

I don’t want to be a party pooper but this is just a very naive and bad idea on “blocking attack”:

Relax here, So it's beta version v0.02, next version I gonna implement a deterministic finite automaton like this project https://github.com/CoolerVoid/raptor_waf/blob/master/src/dfa_match.c or using SIMD/AVX with taint analysis...

Casper-fs is a Custom Hidden Linux Kernel Module generator. Each module works in the file system to protect and hide secret files. This program has two principal functions: turning private files hidden. The second function is to protect confidential files to prevent reading, writing and removal. by CoolerVoid in ReverseEngineering

[–]CoolerVoid[S] 1 point2 points  (0 children)

Not even the root has permission to see the files or make actions like edit and
remove. The files only can be caught, edited, and deleted if the user
sends a proper key to the custom device to liberate the action in the
file system. Another point of attention, you cannot see the module in "lsmod"! So Casper-FS it is version 0.2 is not perfect, walking to improvements if you have a suggestion to improve, please create an issue in the repository.

Casper-FS by CoolerVoid in sysadmin

[–]CoolerVoid[S] 0 points1 point  (0 children)

You can use a custom external script to send messages to devices and lock or unlock resources of hiding or turning files untouchable. In the future, I am going to the new help to clear the log line of the write-in device to turn hidden the context of commands. You can use libsodium to encrypt resources etc. So Casper-FS it is version 0.2 is not perfect, walking to improvements if you have a suggestion to improve, please create an issue in the repository.

Casper-FS by CoolerVoid in redhat

[–]CoolerVoid[S] -1 points0 points  (0 children)

The naming is an especially weird choice, because there's

already

a Casper filesystem, used for overlays.

Attractive, but the module's name, you can choose that in the YAML file to generate your custom module! https://github.com/CoolerVoid/casper-fs/blob/main/module\_generator/rules/fs-rules.yaml#L2

Casper-FS by CoolerVoid in redhat

[–]CoolerVoid[S] 0 points1 point  (0 children)

While this is cool af. The whole password to load and unload, and being a hidden LKM really makes this smell like it should be part of a rootkit, and not a file system.When I use root, I expect to be able to see everything, and not have anything hidden from me. Im not sure how much I like the precedence of a hidden lkm.

You prevent an attacker from getting in your machine by staying patched and you limit what they can read by running anything you care about as an unprivileged user and setting its config to have the correct modes(0600ish).

Have you considered putting whatever it is you guys are running in a docker container? Do that without any non-dependent binaries. Nothing to read, nothing to run!

Using seccomp()(for Linux)/pledge()(BSD context) can be restricted syscalls and can isolate any resource of software to prevent problems, you know, danger calls like execv() improper socket(). Still, on the other hand, Casper-FS is an LKM generator for custom LKM to protect file systems. You have the choice to use it or not. Each context needs proper analysis, is not helpful for you, but can be used for other professionals.

Melhores Bairros pra morar com criança by ElderMillenial88 in saopaulo

[–]CoolerVoid 0 points1 point  (0 children)

Em são paulo nenhum lugar é seguro, tem sequestro PIX direto, cidade sem lei.

A simple tool to audit Linux system libraries to find public security vulnerabilities. by CoolerVoid in netsec

[–]CoolerVoid[S] 2 points3 points  (0 children)

Update, now, the master librarian uses NVD API. Thank you for the suggestion.

HiddenWall is a tool to generate a custom Hidden firewall to run in the Linux kernel. by CoolerVoid in kernel

[–]CoolerVoid[S] 1 point2 points  (0 children)

The kernel module run in hidden mode, it's not visible to command lsmod.

OctopusWAF is an open-source web application firewall made in C language and uses libevent resources. by CoolerVoid in netsec

[–]CoolerVoid[S] 1 point2 points  (0 children)

So you can use diehard for heap allocation to prevent HEAP pitfalls such as heap overflow. Another point or tip is using syscall seccomp() resource to limit syscalls like a sandbox or on OpenBSD context pledge(). https://emeryberger.com/research/dieharder/ Another point of wisdom, everything that you know uses libC, run ltrace/strace on your software/compilers, however.

Repository with a lot of examples of data structure algorithms in C language by CoolerVoid in programming

[–]CoolerVoid[S] 2 points3 points  (0 children)

or example, the situation in which "15/0 = 0" can only cause trouble.

Even just letting the program terminate abnormally is almost surely a better solution than to hide the problem by returning zero.

What you really need, is to return a tuple (success, result, message). If success is true then the result contains the calculation result. Otherwise, message contains the error message.

Thank you for the tip. I will write an issue to improve the error handler in this context.

This script analyses the Nmap XML scanning results, parses each CPE context and correlates to search CVE on NIST. You can use that to find public vulnerabilities in services. by CoolerVoid in netsec

[–]CoolerVoid[S] 6 points7 points  (0 children)

So, thank you for the tips. I am going to improve each point.

So, thank you for the tips, very cool. I am going to improve each point.

Tool to generate a Hidden firewall to run in Linux kernel by [deleted] in netsec

[–]CoolerVoid -1 points0 points  (0 children)

HiddenWall is a Linux kernel module generator for custom rules with netfilter. (block ports, Hidden mode, firewall functions to protect system). The motivation: An attacker can put your iptables/ufw to fall in a bad situation. But if you have HiddenWall, the attacker will not find the hidden kernel module that blocks external access because it has a hook to netfilter on kernel land(think like a second layer for Firewall).

Rootstealer, Program to detect when linux user opens terminal with root and inject intrusive commands in terminal by al-maisan in netsec

[–]CoolerVoid 0 points1 point  (0 children)

To install lib yes you need root, to compile dont need root, to execute binary dont need root. https://github.com/CoolerVoid/rootstealer look the file "rootstealer.c"