Ahmad Mahfouz

Random notes

Category: Security

IDA Debugger: you don’t have the necessary privileges.

during reverse engineering session, I encountered error from IDA saying “The debugger could not attach to the selected process. This can perhaps indicate the process was just terminated, or that you don’t have the necessary privileges.” I was debugging a 64-bit console application under WinDBG, and I did start IDA as Administrator, but it still

GDB hook .gdbinit

GDB hook that helps without third-party apps

audit keystrokes with pam

The pam_tty_audit PAM module is used to enable or disable TTY auditing. By default, the kernel does not audit input on any TTY this module is part of auditd and it takes  3 parameters 1 – disable  is a pattern to disable the module in specified users u can use =* to disable it globally

Protect Boot & Single user mode

as a physical security is the main factor in our security perspective we all need to protect unauthorised access to our Linux box after we protect bios and we all know that anyone can rest the root password via accessing the single mode so we have 3 ways 1st thing to disable single user mode entirely

Secure/Lock accounts with PAM tally2

pam_tally2 is a PAM module to allow interaction in users interfaces on numbers of failed login attempt it can reset count on success, can deny access if too many attempts fail. this module is unique because it  not just reflect remote connection but also reflect the ttys and any system login method as it uses PAM example

password policy with pam_cracklib

cracklib pam module is a method to check the password against dictionary list and gives you availability to check the strength of the password and set rules to identify the poor passwords   here is the most important parameters for this module  minlen minimal password length dcredit maximum number of digits ucredit maximum uppercase letters

Pluggable Authentication Modules

Linux comes with Pam Modules to help you to interact with the running services in hardening way and custom the security of the service as you need. PAM is extra Rules to Control user interfaces ( Auth, Account, Session)  layers for the applications the applications/services should be compiled with libpam.so here is an example for

AIDE : Intrusion Detection Environment

this article about Intrusion Detection for file system changes like modification changing owner extra, for critical files or directories in our environment we using a software called AIDE Advanced Intrusion Detections Environment this software base on a library called mhash this lib used to calculate file hashes and AIDE save the file info inside DB

Google Drive Information Leak

Google Drive & Gmail attachments Leak This part of Google bounty program [IDOR] exploit to allow the attacker to leak your Google Drive files and this mean attacker could leak Gmail attachments that uploaded to Google Drive, Photos you shared with Gmail or any other third party

removable disk could lead to privilege escalation

privilege escalation Linux with flash disk removable media with setUID, setGID files could give privilege escalation example copy nice command to ur flash storage and ask ur friend to print files in his system then run the command nice like

it will say root the problem occurs from a mounted partition without noexec,nosuid parameter