Fri 28 Apr 2017 09:36:02 AM -03

Research and development in security:

  • Creepy - Geolocation OSINT Tool (package).
  • Qubes OS:
  • bitmask and LEAP.
  • port knocking.
  • hardened systems: apparmor, gradm2, firejail, seccomp, etc.
  • sshd:
    • https://stribika.github.io/2015/01/04/secure-secure-shell.html
    • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774711#60
    • http://security.stackexchange.com/questions/64562/how-should-i-defend-against-zero-day-attack-on-ssh
    • https://charlieharvey.org.uk/page/ssh_port_pros_and_cons
  • fuzzy testing: fusil, etc.
  • router: serial console to other boxes with dhe luks! :)
  • Mailcap, HTML and AppArmor.
  • Increased security on smtp/imaps password storage:
    • https://github.com/sup-heliotrope/sup/wiki/Securely-Store-Password
    • http://serverfault.com/questions/149452/how-can-i-use-fetchmail-or-another-email-grabber-with-osx-keychain-for-authent
    • http://mah.everybody.org/docs/mail/fetchmail_check
  • Enhanced shell:
    • Add a counter-measure to prevent SSH timing attacks: http://users.ece.cmu.edu/~dawnsong/papers/ssh-timing.pdf http://www.slideshare.net/idsecconf/countermeasure-against-timing-attack-on-ssh-using-random-delay http://www.scribd.com/doc/59628153/Timing-Analysis-of-Keystrokes-and-Timing-Attacks-on-SSH-Revisited
  • https://shodan.io
  • https://censys.io
  • https://keybase.io
  • https://github.com/shadowsocks/shadowsocks-go