Changes with .dev
domains in
mind.
Create /etc/pf.anchors/dev
, containing:
rdr pass inet proto tcp from any to any port 80 -> 127.0.0.1 port 8080
rdr pass inet proto tcp from any to any port 443 -> 127.0.0.1 port 8443
function Get-InjectedThread | |
{ | |
<# | |
.SYNOPSIS | |
Looks for threads that were created as a result of code injection. | |
.DESCRIPTION | |
curl -s https://api.github.com/orgs/twitter/repos?per_page=200 | ruby -rubygems -e 'require "json"; JSON.load(STDIN.read).each { |repo| %x[git clone #{repo["ssh_url"]} ]}' |
Changes with .dev
domains in
mind.
Create /etc/pf.anchors/dev
, containing:
rdr pass inet proto tcp from any to any port 80 -> 127.0.0.1 port 8080
rdr pass inet proto tcp from any to any port 443 -> 127.0.0.1 port 8443
/* http://redd.it/2z68di */ | |
#define _BSD_SOURCE // MAP_ANONYMOUS | |
#include <stdio.h> | |
#include <stdlib.h> | |
#include <stdint.h> | |
#include <string.h> | |
#include <sys/mman.h> | |
#define PAGE_SIZE 4096 |
/* | |
-------- dllinjshim.cpp -------- | |
> cl /Fe:dllinjshim.exe dllinjshim.cpp | |
> dllinjshim.exe | |
> sdbinst moo.sdb | |
/!\ On Windows 10 there is a new function `SdbIsKnownShimDll` called | |
in `SdbGetDllPath` which will check the DLL name against the following list: |
var ffi = require('ffi'), | |
ref = require('ref'), | |
Struct = require('ref-struct'), | |
Library = require('./Library'), | |
Type = ref.Type, | |
NULL = ref.NULL, | |
isNull = ref.isNull; | |
var groups = ['libs', 'types', 'structs', 'callbacks', 'enums']; |
This is an overview of the usefulness of PaX/grsecurity features for CopperheadOS especially when taking into account the overlap of the access control features with SELinux and that the Nexus line will be entirely 64-bit ARM. Note that it's missing most of the unnamed features without configuration options tied to them. A grsecurity kernel also comes with lots of security bug fixes backported from master, adapted from lkml submissions that were ignored, etc.
Previously, CopperheadOS used ports of PaX to the 3.4 Android kernels used by the Nexus 5 and Galaxy S4. The plan was to start from there, backporting from the PaX stable patches as needed along with reimplementing the relevant pieces of grsecurity without actually applying an old patch and backporting to it.
This is no longer the case for the published releases now that devices have moved to 64-bit ARM (which is not supported by PaX / grsecurity yet) and both the PaX and grsecurity stable patches have become private. There are still PaX ports for test