PodParley PodParley
PodParley
2019-005: Security Researcher attack, disabling SPECTER, and Systemd discussion

EPISODE · Feb 11, 2019 · 55 MIN

2019-005: Security Researcher attack, disabling SPECTER, and Systemd discussion

from BrakeSec Education Podcast

SpecterOps Class:  https://www.eventbrite.com/e/adversary-tactics-red-team-operations-training-course-boston-june-2019-tickets-54970050902     https://www.secjuice.com/security-researcher-assaulted-ice-atrient/ https://www.csoonline.com/article/3338112/security/vendor-allegedly-assaults-security-researcher-who-disclosed-massive-vulnerability.html   Tweet of application teardown: https://twitter.com/duniel_pls/status/1093565709630824448   https://www.zdnet.com/article/linux-kernel-gets-another-option-to-disable-spectre-mitigations/ https://liliputing.com/2019/02/mozillas-project-fission-brings-site-isolation-to-firefox-spectre-and-meltdown-protection.html https://capsule8.com/blog/exploiting-systemd-journald-part-1/   Segue from systemd/journald into: "Super daemon for all daemons"     Replaced things like sysvinit, rc.d, and even inetd Lennart Poettering and Kay Sievers Systemd (PID1)     Configured using only text files         .service         .device         .swap         .timer (.service file of the same time must exist)             'Transient timers can be created'             https://wiki.archlinux.org/index.php/Systemd/Timers /etc/systemd/system/foo.timer [Unit]Description=Run foo weekly and on boot[Timer] OnBootSec=15minOnUnitActiveSec=1w [Install] WantedBy=timers.target Logs are in binary format Cgroups - control groups     Isolates resource usage (CPU, memory, disk I/O, network, etc) of processes     Bound by the same criteria     Used a lot of places (hadoop, k8s, docker, LXC) http://without-systemd.org/wiki/index.php/Arguments_against_systemd https://www.freedesktop.org/wiki/Software/systemd/TipsAndTricks/ https://lwn.net/SubscriberLink/777595/a71362cc65b1c271/ http://0pointer.de/blog/projects/systemd.html https://en.wikipedia.org/wiki/Systemd   Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email [email protected] #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel:  http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site:  https://brakesec.com/bdswebsite #iHeartRadio App:  https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: [email protected] Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec

NOW PLAYING

2019-005: Security Researcher attack, disabling SPECTER, and Systemd discussion

0:00 55:23

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Share this episode

Similar Episodes

No similar episodes found.

Similar Podcasts

The Odum & Andrea Podcast Odum & Andrea We talk about people that dare to dream and don't live life by the rules. Explicit Real Construction Talk Compass Leadership Real Construction Talk is a podcast for leaders in the construction industry. The truth is that "as the leader goes, so goes the company." RCT's goal is to open dialog about what really happens on the job site and in the office to help owners and leaders grow, deal with hard situations and fix leadership problems. More info on RCT can be found at http://www.realconstructiontalk.com and is powered by Compass Leadership LLC: http://www.compassleadership.coach. Explicit Eavesdrop on Us Jessica Terzakis The honest business podcast YOU NEED IN YOUR LIFE! We talk about what it's really like to be in business: the good, the frustrating, the "am I the only one going through this?!" kind of topics. You're in the right place if you're looking for less "how to's" and more real conversations about what you're going through as an entrepreneur.Come eavesdrop on our conversations-it'll be like joining us at the kitchen table after working a full day in your business. Explicit Big Old Life: Heather Blackbird interviews people on planet earth. Heather Blackbird loves asking questions. This podcast is a learning experience. Join me, Heather Blackbird, as I talk to people about their lives. Frequency of new episodes is a little all over the place and I'm learning as I go. Big Old Life is a small way of talking about the vastness of life, one person at a time. If you are reading this or found this podcast it's probably because someone you know gave you a link to it. :) Explicit
URL copied to clipboard!