Unanswered Questions

The general idea here is the feasibility of adding Windows UAC-like "consent prompts" to a Linux system, designed in such a way that cannot be bypassed in software. Giving consent should ...

I recently tested the NTP Time Synchronization Attack as described and demonstrated by Jose Selvi in 2015. Basically, the attack was mostly used to send the victim's clock in the future, so the ...

I am Testing a Payload linux/x86/meterpreter/reverse_tcp in my Test Linux network to Exploit, I got a Meterpreter Session by Metasploit using it, I tried several commands like getuid, cat and all ...

For this question assume a file with 604 perms in a directory with 700 permissions. Assume this file exists: /test/file A non-root user can techincally read that file but in practice to read it the ...

I use Linux on my laptop and I do Full Disk Encryption with the LUKS keys enrolled into TPM2 against proper PCRs to make sure firmware, UEFI and Secure Boot setup are in a known-good state. ...

How can I securely delete/shred a file after I accidentally deleted the file insecurely? Let's say I have Debian Linux installed on a laptop with a 1000T spinning hard disk (so putting aside wear ...

Is it possible to visit a website with Chrome on Ubuntu and have that site execute shell code on my machine without explicitly downloading anything nor click on some Chrome execute question/popup? If ...

I am trying to find out if I can uniquely identify smartphones (I would like to find constant identifiers such as IMEI) by passively sniffing the cellular data frequencies. I know that sensitive data ...

I am trying to reproduce a return-to-libc for a simple vulnerable program. The tutorial is taken from https://sploitfun.wordpress.com/2015/05/08/bypassing-nx-bit-using-chained-return-to-libc/ I made ...

I'm writing a return-to-libc attack for a school project. My script retrieves the system(), exit() and shell addresses as follows (it's a sh script that calls some c programs): Create the environment ...

I wish to scan files that are bigger than 4GB, such as video files. I noticed many antivirus programs are limited to a maximum of 4GB (ClamAV for example). So: Is there an antivirus software that ...

I am looking into the protection provided by IOMMU against DMA attacks. I noticed that the Linux kernel provides a feature called bounce buffers for untrusted PCI devices (https://lwn.net/Articles/...

I'm redoing my laptop installation from scratch, and this time I want a full secure boot chain. Here's what I did so far : Enroll my own keys in the UEFI firmware Sign my grub bootloader Full disk ...

VirtualBox has an option to encrypt the drive of a VM. When I installed Debian or Ubuntu, I have the option to say that I want the full disk encrypted. I'm thinking that both do pretty much the same ...

First some definitions and common understanding. The premise of secure boot is that each binary get's verified before it is loaded. This starts with the firmware in ROM verifying the EFI application. ...