strace, nethogs, sysdig, eBPF et outils d'analyse de malwares (any.run, cuckoo sandbox cuckoo.cert.ee/ )

To debug a fuzzer (or anything really), I use this magical strace command:

strace -tt -yy -y -f -e trace=open,read,write,pipe,socket,dup2,clone,close -s 10000 -o /tmp/strace.log ./tool

• -tt enables microseconds
• -yy prints additional information about each file descriptor (like, files, sockets, etc.)
• -f follows forks (get all info about subprocesses, threads, etc.)
• -e trace= traces only specific syscalls we are interested in
• -s increases the max size of logged strings
• -o writes everything to /tmp/strace.log

Then, I can look at the log in vim or vscode, both with syntax hightlighting ( in vim, you may need to :set filetype=strace )

As additional weapon, I add -k which can dump a stacktrace at every syscall. Super slow, but super useful.

#fuzzing #fuzzingTips #debugging

The Linux kernel always had kernel tracing capabilities such as kprobes (2.6.9), ftrace (2.6.27 and later), perf (2.6.31), or uprobes (3.5), but with BPF it’s finally possible to run kernel-level programs on events and consequently modify the state of the system, without needing to write a kernel module.

Parrot Security Edition is a special purpose operating system designed for Penetration Test and Red Team operations. It contains a full arsenal of ready to use pentesting tools.
screenshot-0

This tutorial describes what is Apt-offline and how to fully update and upgrade offline Debian systems with Apt-offline application.

I think it’s only fair to call me an X apologist. I get incredibly frustrated when people talk about dropping support for X11. I fight back against the notion that some day X11 will be dead and unmaintained, a curiosity of a time before. I’ve spoken to people in my circles at-length about the accessibility tools that Wayland simply hasn’t been capable of supporting that X11 has. A lot of times, I’ve ended this conversation with “Maybe 5 years from now it’ll be good”. Well it’s 5 years in since I first said those words, and you know what, I’m actually pleasantly surprised.

Fait du bruit avec le haut-parleur à chaque paquet envoyé vers google
Utilise libpcaudio-dev, et tcpdump pour la capture des paquets à destination des serveurs google

Vu ici https://twitter.com/bert_hu_bert/status/1561466204602220544

A little bit about a linux kernel. Contribute to 0xAX/linux-insides development by creating an account on GitHub.

A list of new(ish) command line tools

Distribution très légère pour Raspi, ou machines anciennes et peu puissantes.

Voir aussi cette page https://sebsauvage.net/wiki/doku.php?id=raspi3:dietpi

Faire tourner Android dans un container sur Linux
Via ce fil, voir alternative https://twitter.com/nixcraft/status/1440761467309989895

Distro Linux minimale, basée sur Devuan ASCII
32 bits, 512Mb RAM, 16Gb disque tout de même

Plus petite, PsychOS486 basée sur Slacko Puppy
32Mb (console), 64Mb (desktop) mini

Et aussi PsychDOS, desktop DOS :-)

Vu ici https://korben.info/psychos-psychdos.html

ici: https://github.com/ibraheemdev/modern-unix
via https://sebsauvage.net/links/?2ObGig
Une collection d'outils en ligne de commande pour Linux pour remplacer (de manière plus moderne, pratique et élégante) nos antiques commandes cat, ls, diff, du, find, grep, etc.