All Questions
18 questions
1vote
2answers
129views
Detecting if application connects remotely in linux
Consider me the average Linux user. I know the basics of shell scripting and intermediate Python. However, I have very limited knowledge of system admin or security related matters. Background: Say ...
0votes
0answers
398views
Encoding shellcode to hide in filename / directory
Working on a CTF challenge and the coordinators hint suggests that one of the vectors to inject shellcode is via pathing. Looking at debugging prints does show the cwd and filename are passed onto the ...
- 1
1vote
4answers
161views
Authenticating a request from a valid application (unshadowed)
I am working on an application which has an architectural description as below, There is a docker container, lets say Microservice-A, in which multiple processes are running. Each process is ...
1vote
2answers
1kviews
How to secure containerized python source code deployed at client side cloud
How can we secure a source code which is deployed at client side cloud and is difficult to reverse engineer just like a licensed product The major difference is that I have a service to protect and do ...
- 23
2votes
3answers
494views
Would services or whole operating systems written in pure Python/Java be safer?
Many Windows and Linux services are written in C and/or C++. Due to that fact, they can be exploited in several ways due to the lack of memory security (buffer overflow, etc.). Are services written ...
- 127
2votes
2answers
230views
Private way to connect to my SQL Server database
I'm running on linux and I am using a SQL Server database server on some other machine. My python code has to sit in a directory that many other users have read access to. I also have a "...
- 121
3votes
1answer
1kviews
Replace forbidden characters function check python
I have "blackbox" with the following python function code (without permission to change it): def exec_ping(): forbidden = ['&', ';', '-', '`', '||', '|'] command = input('Enter an IP: ') ...
- 133
0votes
1answer
869views
Is it possible to securely run user defined python code in AWS?
I would like to create an app that accepts users python scripts and executes them as part of its functionality. What I am wondering is if its possible to block I/O, network and other attack vectors so ...
- 115
2votes
2answers
3kviews
Linux command to wipe files on an SD Card?
Are there any commands, tools or python libraries to securely wipe specific files from an SD or micro SD card (devices that use flash memory)? For example, with a regular magnetic hard drive, you can ...
0votes
1answer
382views
Best way for a beginner to become involved in cybersecurity? [closed]
So I understand cyber security is a very broad topic but all sections I presume require some base skill. I have a moderate understanding of Python and HTML but all are still very basic. For my Gold D ...
- 216
1vote
1answer
2kviews
Difference between Lynis and Nessus and yet another hardening tool
I am writing an open source python tool aimed at inventoring/auditing and hardening of a system. When I started off with the project, I did some research around it and figured out that there were not ...
- 1,522
4votes
1answer
11kviews
Security implications of using SETCAP CAP_NET_RAW
In order to get around the 'problem' of applications requiring root privileges to run, I'm using: sudo setcap CAP_NET_ADMIN+ep "$(readlink -f /usr/sbin/app)" sudo setcap CAP_NET_RAW+ep "$(readlink -f ...
- 2,607
45votes
1answer
6kviews
I have the ability to run arbitrary Python code on the 'apache' user. What damage can I do?
So, due to bad programming on the part of one of my former colleagues, one of our internal web apps allows the user to upload and run an arbitrary Python file. This recently came to light via an ...
- 481
5votes
1answer
6kviews
What are some vulnerabilities of environment variables (on any platform)?
I am writing a small cross platform Python application (a package manager to be used internally by my corp), and I'm thinking of using something similar to this answer on Stack Overflow to check for ...
- 51
1vote
0answers
2kviews
Converting Metasploit module to standalone Python script [closed]
How easy is to convert Ruby code to Python code and to change Metasploit module into standalone Python script for Linux?
- 119
