HackerTrans
TopNewTrendsCommentsPastAskShowJobs

anthonyryan1

no profile record

comments

anthonyryan1
·hace 7 meses·discuss
One approach I started using a could of years ago was storing SSH private keys in the TPM, and using it via PKCS11 in SSH agent.

One benefit of Microsoft requiring them for Windows 11 support is that nearly every recent computer has a TPM, either hardware or emulated by the CPU firmware.

It guarantees that the private key can never be exfiltrated or copied. But it doesn't stop malicious software on your machine from doing bad things from your machine.

So I'm not certain how much protection it really offers on this scenario.

Linux example: https://wiki.gentoo.org/wiki/Trusted_Platform_Module/SSH

macOS example (I haven't tested personally): https://gist.github.com/arianvp/5f59f1783e3eaf1a2d4cd8e952bb...
anthonyryan1
·hace 7 meses·discuss
Does this board boot Linux via a device tree, or have hardware discovery?

How about UEFI vs arm-specific bootloaders?

I tried arm32 Linux a few years back, and the largest hindrance at the time was the device trees and non-UEFI boot process. Given up on exploring the platform further (except maybe for SBC like raspberry pi) until that situation improves.
anthonyryan1
·hace 12 meses·discuss
Additionally, as long as you don't set strict-order, dnsmasq will automatically use all-servers for retries.

If you were using systemd-resolved however, it retries all servers in the order they were specified, so it's important to interleave upstreams.

Using the servers in the above example, and assuming IPv4 + IPv6:

    1.1.1.1
    2001:4860:4860::8888
    9.9.9.9
    2606:4700:4700::1111
    8.8.8.8
    2620:fe::fe
    1.0.0.1
    2001:4860:4860::8844
    149.112.112.112
    2606:4700:4700::1001
    8.8.4.4
    2620:fe::9
will failover faster and more successfully on systemd-resolved, than if you specify all Cloudflare IPs together, then all Google IPs, etc.

Also note that Quad9 is default filtering on this IP while the other two or not, so you could get intermittent differences in resolution behavior. If this is a problem, don't mix filtered and unfiltered resolvers. You definitely shouldn't mix DNSSEC validatng and not DNSSEC validating resolvers if you care about that (all of the above are DNSSEC validating).
anthonyryan1
·el año pasado·discuss
As the only developer maintaining a big bounty program. I believe they are all trending downward.

I've recently cut bounties to zero for all but the most severe issues, hoping to refocus the program on rewarding interesting findings instead of the low value reports.

So far it's done nothing to improve the situation, because nobody appears to read the rewards information before emailing. I think reading scope/rewards takes too much time per company for these low value reports.

I think that speaks volumes about how much time goes into the actual discoveries.

Open to suggestions to improve the signal to noise ratio from anyone whose made notable improvements to a bug bounty program.
anthonyryan1
·el año pasado·discuss
This is by the author of the very helpful kernel-hardening-checker: https://github.com/a13xp0p0v/kernel-hardening-checker

An interesting tool for analyzing your personal kernel config file and pointing out areas for security improvement. It's more comprehensive than KSPP (https://kspp.github.io/) but sometimes goes a little too far, suggesting disabling kernel features you may actively use.

Definitely worth trying!