OpenBSD Full Disk Encryption with CoreBoot and Tianocore Payload.
https://functionallyparanoid.com/2020/03/07/openbsd-full-disk-encryption-with-coreboot-and-tianocore-payload/
#encryption #security
https://functionallyparanoid.com/2020/03/07/openbsd-full-disk-encryption-with-coreboot-and-tianocore-payload/
#encryption #security
022: RELIABILITY FIX: March 10, 2020 All architectures
Missing input validation in sysctl(2) can be used to crash the kernel.
023: RELIABILITY FIX: March 13, 2020 All architectures
Local outbound UDP broadcast or multicast packets sent by a spliced socket can crash the kernel.
#security
Missing input validation in sysctl(2) can be used to crash the kernel.
023: RELIABILITY FIX: March 13, 2020 All architectures
Local outbound UDP broadcast or multicast packets sent by a spliced socket can crash the kernel.
#security
HackTheBox released OpenKeyS - an OpenBSD machine. https://forum.hackthebox.eu/discussion/3629/official-openkeys-discussion
#security #ctf
#security #ctf
Self-host a password manager on OpenBSD
https://www.tumfatig.net/20210105/self-host-a-password-manager-on-openbsd/
#security #password
https://www.tumfatig.net/20210105/self-host-a-password-manager-on-openbsd/
#security #password
How to Compile OpenVAS on OpenBSD.
The Open Vulnerability Assessment System (OpenVAS) security tool is great! It's a free fork of the Nessus project. It is a network security scanner with a graphical front end, and it applies many thousands of vulnerability tests to machines across a network...
https://cromwell-intl.com/open-source/compiling-openvas-on-openbsd.html
#openvas #security
The Open Vulnerability Assessment System (OpenVAS) security tool is great! It's a free fork of the Nessus project. It is a network security scanner with a graphical front end, and it applies many thousands of vulnerability tests to machines across a network...
https://cromwell-intl.com/open-source/compiling-openvas-on-openbsd.html
#openvas #security
Block spammers/abusive IPs with Pf-badhost in OpenBSD. A 'must have' security tool!
Pf-badhost is a very practical, robust, stable and lightweight security script for network servers.
https://www.undeadly.org/cgi?action=article;sid=20210119113425
#network #security
Pf-badhost is a very practical, robust, stable and lightweight security script for network servers.
https://www.undeadly.org/cgi?action=article;sid=20210119113425
#network #security
OpenBSD Authentication Bypass | HTTP Header Tampering | Kernel OS Local Root Exploit
Summary. User - This machine is running an OpenBSD httpd site which has a login portal with only a sign-in feature working. Upon research, it was found to have a vulnerability that exposes the user’s private key enabling us to login using SSH. Root - A local exploit was found for openbsd; executing which gave me the root!
https://medium.com/bugbountywriteup/htb-openkeys-writeup-531264648200
#security
Summary. User - This machine is running an OpenBSD httpd site which has a login portal with only a sign-in feature working. Upon research, it was found to have a vulnerability that exposes the user’s private key enabling us to login using SSH. Root - A local exploit was found for openbsd; executing which gave me the root!
https://medium.com/bugbountywriteup/htb-openkeys-writeup-531264648200
#security
Enable multi-factor authentication on OpenBSD
In this article I will explain how to add a bit more security to your OpenBSD system by adding a requirement for user logging into the system, locally or by ssh. I will explain how to setup 2 factor authentication (2FA) using TOTP on OpenBSD.
https://dataswamp.org/~solene/2021-02-06-openbsd-2fa.html
#ssh #totp #security
In this article I will explain how to add a bit more security to your OpenBSD system by adding a requirement for user logging into the system, locally or by ssh. I will explain how to setup 2 factor authentication (2FA) using TOTP on OpenBSD.
https://dataswamp.org/~solene/2021-02-06-openbsd-2fa.html
#ssh #totp #security
What security does a default OpenBSD installation offer?
In this text I will explain what makes OpenBSD secure by default when you install it. Do not take this for a security analysis, but more like a guide to help you understand what is done by OpenBSD to have a secure environment. The purpose of this text is not to compare OpenBSD to others OS but to say what you can honestly expects from OpenBSD.
https://dataswamp.org/~solene/2021-02-14-openbsd-default-security.html
#security #system
In this text I will explain what makes OpenBSD secure by default when you install it. Do not take this for a security analysis, but more like a guide to help you understand what is done by OpenBSD to have a secure environment. The purpose of this text is not to compare OpenBSD to others OS but to say what you can honestly expects from OpenBSD.
https://dataswamp.org/~solene/2021-02-14-openbsd-default-security.html
#security #system
👍1
pftable-rs
A small Rust library for managing pf tables on OpenBSD.
https://github.com/d3npa/pftables-rs
#pf #security #network
A small Rust library for managing pf tables on OpenBSD.
https://github.com/d3npa/pftables-rs
#pf #security #network
OpenBSD TOR Bridge.
TOR and Pluggable Transport installation.
https://community.torproject.org/relay/setup/bridge/openbsd/
#tor #security
TOR and Pluggable Transport installation.
https://community.torproject.org/relay/setup/bridge/openbsd/
#tor #security
Blockor.
Protect BSD Unix computer servers from brute-force attacks. It works on top of the OpenBSD Packet Filter(PF) firewall.
https://github.com/muktadiur/blockor
#security #firewall #pf
Protect BSD Unix computer servers from brute-force attacks. It works on top of the OpenBSD Packet Filter(PF) firewall.
https://github.com/muktadiur/blockor
#security #firewall #pf
👍8🎉1
Heap Overflow in OpenBSD's slaacd via Router Advertisement
In this blog post we analyze a heap overflow vulnerability we discovered in the IPv6 stack of OpenBSD, more specifically in its slaacd daemon. This issue, whose root cause can be found in the mishandling of Router Advertisement messages containing a DNSSL option with a malformed domain label, was patched by OpenBSD on March 21, 2022. A proof-of-concept to reproduce the vulnerability is provided.
https://blog.quarkslab.com/heap-overflow-in-openbsds-slaacd-via-router-advertisement.html
#security #network #slaacd
In this blog post we analyze a heap overflow vulnerability we discovered in the IPv6 stack of OpenBSD, more specifically in its slaacd daemon. This issue, whose root cause can be found in the mishandling of Router Advertisement messages containing a DNSSL option with a malformed domain label, was patched by OpenBSD on March 21, 2022. A proof-of-concept to reproduce the vulnerability is provided.
https://blog.quarkslab.com/heap-overflow-in-openbsds-slaacd-via-router-advertisement.html
#security #network #slaacd
👍3🎉1