auditd: a awesome tool for auditing

Hello Debian-Users, whats going on?

Today we will talk about the Linux Auditing System or auditd, a powerful tool for auditing linux servers, i will show a fluxogram that explain how it works, and how are the working with the kernel, application, syscall and his entire behavior:

How it works behind the scenes?

the auditd/daemon scenario and how it works credits of this fluxogram: linuxfirewall.com.br

Ler mais

Vulnerability – Exim Exploit – ShellBot RK/CVE-2019-10149

Hey debian-pb users, today i will share with you guys some knowledge about the vuln of exim that happens with versions 4.87 till 4.91 (CVE-2019-10149/Remote command execution). The compromises are hapenning massively known from since day Jun 13 is that what @0xAmit, a security researcher said on twitter, and i was start my audit/investigation more deep a bit about this. So i have the idea to told here what steps i have done on my investigation. Everything happens with the vuln and the help of ShellBot Rootkit on file /lib/libgrubd.so (library bin camo) and this is are implemented by a bash/python script call with nohup  under exim vuln (remote command execution), this is an executable/bin that are executed/loaded by all binarys,  Ler mais