MalwareLab's avatar
MalwareLab
malwarelab@malwarelab.eu
npub1ksxp...07l5
Malware Analysis, DFIR, Computer Forensics, Incident Response, ThreatIntel, OSINT, CyberSecurity, Education. EN/SK content. Opinions are my own.
MalwareLab's avatar
MalwareLab 2 years ago
#SSH keys with #Yubikey are very convenient and secure way to login. And you can have as many SSH keys as you want (*) protected with a single Yubikey or other #FIDO2 authenticator. (*) I mean standard (non-resident) ed25519-sk and ecdsa-sk public/private keys. There is also option to generate the resident key, where the credential id file is stored in Yubikey and not on your computer. But this is kind of equivalent of storing file with your credential id file on USB flashdrive and keep it together with Yubikey. The resident keys can be extracted from Yubikey. And yes, I write credential id file instead of private key, because the generated file with private key is not the true private key. Instead, it is kind of seed/key handle and the true secret is stored in Yubikey and cannot be extracted. * Non-resident keys are ideal for systems where #privacy is important if the YubiKey is lost or stolen. * Resident keys are ideal for ease of access where the FIDO2 PIN is known. More info:
Securing SSH with FIDO2
 #cryptography #authentication #fido2 #webauthn #2FA #MFA View quoted note →
MalwareLab's avatar
MalwareLab 2 years ago
This clearly demonstrates the meaning of real ownership of our accounts and the difference bewteen #Nostr and #Mastodon. Do you have a private key for your account? Are you the only one who owns the key? Then the account is yours. Otherwise it can belongs to someone else - this is the case of Mastodon and other social media accounts. If you have only the username/password, then the service provider is the person who can publish content on behalf of you, or do whatever they want with your account. They are also responsible for protecting your identity. But do they their best for protecting you? Can you trust them? Similarities with custodial and non-custodial #wallets are not accidental. #privacy #socialmedia #ownership #crypto #keys View quoted note →
MalwareLab's avatar
MalwareLab 2 years ago
Critical #vulnerability in #Mastodon. Attackers can impersonate and take over any remote account. Users cannot do anything, this issue mast be solved by admins of Mastodon instances. And they should update their instances as soon as possible, on 2024-02-15 more details about vulnerability will be published. However, this announcement means that attackers will focus their research to origin validation in Mastodon. So, we can expect exploitation attempts soon. And in two weeks, provided with details from updated announcement, it will be very easy to come up with an exploit, as announcement said.
GitHub
Remote user impersonation and takeover
### Summary Due to a gap in validation of federated content in the affected Mastodon versions, attackers can craft payloads that impersonate rem...
MalwareLab's avatar
MalwareLab 2 years ago
Any.Run now supports #Ubuntu operating system for behavioral analysis of #Linux samples. #AnyRun is very useful #malware analysis #sandbox, you can interact with the virtual machine through your browser. It provides good visibility of processes, file and network events. Sandbox utilizes various signatures and rules for detection of suspicious activity. It can extract configs of several malware families. Thanks to built-in #ChatGPT support it produces human-readable malware analysis report of windows samples suitable for less experienced analysts.
Linux is now Available in ANY.RUN
ANY.RUN added Linux support! Now, malware analysts, SOC and DFIR team members can analyze Linux-based samples in the sandbox.
image image image
MalwareLab's avatar
MalwareLab 2 years ago
Recent privilege escalation vulnerabilities in GNU C Library #glibc widely used in many #Linux distributions such as #Debian, #Ubuntu, #Fedora and others. CVE-2023-6246 #privesc #vuln can be triggered via #syslog by using long program name or ident parameter in openlog(). Another vulnerability is in #qsort function. While real-world affected programs are currently not known, this vulnerability is pretty old - since 1992 until now. Reference:
Qualys
Qualys TRU Discovers Important Vulnerabilities in GNU C Library’s syslog() | Qualys
The Qualys Threat Research Unit (TRU) has recently unearthed four significant vulnerabilities in the GNU C Library, a cornerstone for countless app...
 This is just another reason to consider using Linux distribution without glibc, for example #Alpine Linux with #musl
MalwareLab's avatar
MalwareLab 2 years ago
Hello #nostr. Time to short #introduction of myself. I am a #cybersecurity analyst with a passion for #malwareanalysis, #dfir, #threathunting, #threatintel and other #blueteam stuff. From time to time I would like to share some ideas, thoughts, tips&tricks and participate in discussions.