Interesting Git repos of the week:
Detection:
* https://github.com/pandaadir05/ghost - patterns in the void, what is that ghostly malware
* https://github.com/openbsm/openbsm - the original UNIX auditd
Development:
* https://github.com/simonvetter/modbus - MODBUS in Go
Data:
* […]
Detection:
* https://github.com/pandaadir05/ghost - patterns in the void, what is that ghostly malware
* https://github.com/openbsm/openbsm - the original UNIX auditd
Development:
* https://github.com/simonvetter/modbus - MODBUS in Go
Data:
* […]
Original post on infosec.exchange
infosec.exchange
November 28, 2025 at 6:50 PM
Interesting Git repos of the week:
Detection:
* https://github.com/pandaadir05/ghost - patterns in the void, what is that ghostly malware
* https://github.com/openbsm/openbsm - the original UNIX auditd
Development:
* https://github.com/simonvetter/modbus - MODBUS in Go
Data:
* […]
Detection:
* https://github.com/pandaadir05/ghost - patterns in the void, what is that ghostly malware
* https://github.com/openbsm/openbsm - the original UNIX auditd
Development:
* https://github.com/simonvetter/modbus - MODBUS in Go
Data:
* […]
Tetragon: лучшие практики и нюансы разработки Tracing Policy Привет! Меня зовут Виталий Шишкин, я эксперт продукта Contain...
#tetragon #linux #cloud #native #информационная #безопасность #аудит #безопасности #kubernetes #auditd #kprobes
Origin | Interest | Match
#tetragon #linux #cloud #native #информационная #безопасность #аудит #безопасности #kubernetes #auditd #kprobes
Origin | Interest | Match
November 26, 2025 at 8:57 AM
Tetragon: лучшие практики и нюансы разработки Tracing Policy Привет! Меня зовут Виталий Шишкин, я эксперт продукта Contain...
#tetragon #linux #cloud #native #информационная #безопасность #аудит #безопасности #kubernetes #auditd #kprobes
Origin | Interest | Match
#tetragon #linux #cloud #native #информационная #безопасность #аудит #безопасности #kubernetes #auditd #kprobes
Origin | Interest | Match
Government contractors need cyber support techs at $55K–$85K. Clearance + basic security beats fancy certs here. Imaging machines, securing endpoints, logging tickets, patching.
Lab drill: practice STIG hardening + auditd logs.
Search “IT security technician (DoD)” or “Endpoint security support.”
Lab drill: practice STIG hardening + auditd logs.
Search “IT security technician (DoD)” or “Endpoint security support.”
November 19, 2025 at 12:32 PM
Government contractors need cyber support techs at $55K–$85K. Clearance + basic security beats fancy certs here. Imaging machines, securing endpoints, logging tickets, patching.
Lab drill: practice STIG hardening + auditd logs.
Search “IT security technician (DoD)” or “Endpoint security support.”
Lab drill: practice STIG hardening + auditd logs.
Search “IT security technician (DoD)” or “Endpoint security support.”
EDR on Linux are mostly useless (it's a Windows market) and a black box, anyway. Do it better, with #laurel for logevent transformation and enrichment on the host. #velociraptor is not just for response capabilities. It also gives you further enrichment of […]
[Original post on social.linux.pizza]
[Original post on social.linux.pizza]
October 25, 2025 at 3:19 AM
EDR on Linux are mostly useless (it's a Windows market) and a black box, anyway. Do it better, with #laurel for logevent transformation and enrichment on the host. #velociraptor is not just for response capabilities. It also gives you further enrichment of […]
[Original post on social.linux.pizza]
[Original post on social.linux.pizza]
Comprehensive guide to Auditd for Linux Embedded systems -S Syscall: specifies which system call (syscall) should be monitored. See this for reference: https://filippo.io/linux-syscall-table/
Interest | Match | Feed
Interest | Match | Feed
Origin
hypothes.is
October 20, 2025 at 8:33 AM
Comprehensive guide to Auditd for Linux Embedded systems exit the event to be logged should occur when a system call finishes, rather than when it starts or during its execution
Interest | Match | Feed
Interest | Match | Feed
Origin
hypothes.is
October 20, 2025 at 8:33 AM
Comprehensive guide to Auditd for Linux Embedded systems exit the event to be logged should occur when a system call finishes, rather than when it starts or during its execution
Origin | Interest | Match
Origin | Interest | Match
Annotation by [email protected] on Comprehensive guide to Auditd for Linux Embedded systems
hypothes.is
October 20, 2025 at 8:33 AM
New on ExcaliburSheath: File auditing & security tools in Linux. We cover `auditd`, `aide`, and rootkit detection with `chkrootkit` & `rkhunter`. Strengthen your homelab or server security now!
excalibursheath.com/article/2025...
#Linux #SysAdmin
excalibursheath.com/article/2025...
#Linux #SysAdmin
File Auditing and Security Tools
Linux system administration requires more than just user permissions and firewall configurations to ensure true security. Even with strong setups, a compromi...
excalibursheath.com
October 7, 2025 at 1:40 AM
New on ExcaliburSheath: File auditing & security tools in Linux. We cover `auditd`, `aide`, and rootkit detection with `chkrootkit` & `rkhunter`. Strengthen your homelab or server security now!
excalibursheath.com/article/2025...
#Linux #SysAdmin
excalibursheath.com/article/2025...
#Linux #SysAdmin
Linux Logging for SOC: TryHackMe Walkthrough + Auditd, Authentication & Runtime Analysis Common places to look in Debian-based OS: /var/log — our hub for authentication, system, and audit...
#cybersecurity #tryhackme #questions-answers #linux-logging-for-soc #tryhackme-walkthrough
Origin | […]
#cybersecurity #tryhackme #questions-answers #linux-logging-for-soc #tryhackme-walkthrough
Origin | […]
Original post on systemweakness.com
systemweakness.com
September 19, 2025 at 2:28 PM
Linux Logging for SOC: TryHackMe Walkthrough + Auditd, Authentication & Runtime Analysis Common places to look in Debian-based OS: /var/log — our hub for authentication, system, and audit...
#cybersecurity #tryhackme #questions-answers #linux-logging-for-soc #tryhackme-walkthrough
Origin | […]
#cybersecurity #tryhackme #questions-answers #linux-logging-for-soc #tryhackme-walkthrough
Origin | […]
FreeBPX RCE (@chudyPB), badpie (@dtmsecurity), macOS auditd malloc woes (@jfmeee), Spotlight TCC leak (@patrickwardle), WSUS relaying (@Coontzy1), pyLDAPGui (@ZephrFish), and more!
blog.badsectorlabs.com/last-week-in...
blog.badsectorlabs.com/last-week-in...
Last Week in Security (LWiS) - 2025-09-15
FreeBPX RCE (@chudyPB), badpie (@dtmsecurity), macOS auditd malloc woes (@jfmeee), Spotlight TCC leak (@patrickwardle), WSUS relaying (@Coontzy1), pyLDAPGui (@ZephrFish), and more!
blog.badsectorlabs.com
September 16, 2025 at 2:31 PM
FreeBPX RCE (@chudyPB), badpie (@dtmsecurity), macOS auditd malloc woes (@jfmeee), Spotlight TCC leak (@patrickwardle), WSUS relaying (@Coontzy1), pyLDAPGui (@ZephrFish), and more!
blog.badsectorlabs.com/last-week-in...
blog.badsectorlabs.com/last-week-in...
Weaponizing macOS auditd
Some weaponization nuances for macOS auditd persistence
blog.offensive.af
September 13, 2025 at 7:55 AM
📣 Heap corruption in #Debian’s TLS handshake (CVE-2025-27613).
• Root cause: Missing bounds check in process_client_hello()
• Exploit primitives: Arbitrary write + ASLR bypass via mmap grooming
• Detection: auditd rules for memfd_create syscalls Read more: 👉 tinyurl.com/3dp8x6ys
• Root cause: Missing bounds check in process_client_hello()
• Exploit primitives: Arbitrary write + ASLR bypass via mmap grooming
• Detection: auditd rules for memfd_create syscalls Read more: 👉 tinyurl.com/3dp8x6ys
Critical Analysis: Debian Linux Vulnerability CVE-2025-27613 – Exploit Mitigation & Enterprise Security Implications
Blog com notícias sobre, Linux, Android, Segurança , etc
tinyurl.com
August 2, 2025 at 2:36 PM
📣 Heap corruption in #Debian’s TLS handshake (CVE-2025-27613).
• Root cause: Missing bounds check in process_client_hello()
• Exploit primitives: Arbitrary write + ASLR bypass via mmap grooming
• Detection: auditd rules for memfd_create syscalls Read more: 👉 tinyurl.com/3dp8x6ys
• Root cause: Missing bounds check in process_client_hello()
• Exploit primitives: Arbitrary write + ASLR bypass via mmap grooming
• Detection: auditd rules for memfd_create syscalls Read more: 👉 tinyurl.com/3dp8x6ys
Настройка кастомного декодера для PostgreSQL и редактирование декодера auditd в Wazuh https:// habr.com/ru/articles/931524/?u tm_source=habrahabr&utm_medium=rss&utm_campaign=931524
Interest | Match | Feed
Interest | Match | Feed
Origin
pravda.me
July 27, 2025 at 7:00 PM
Настройка кастомного декодера для PostgreSQL и редактирование декодера auditd в Wazuh Wazuh — мощная платформа для мони...
#wazuh #siem #open #source #cybersecurity #безопасность
Origin | Interest | Match
#wazuh #siem #open #source #cybersecurity #безопасность
Origin | Interest | Match
July 27, 2025 at 7:54 PM
Настройка кастомного декодера для PostgreSQL и редактирование декодера auditd в Wazuh Wazuh — мощная платформа для мони...
#wazuh #siem #open #source #cybersecurity #безопасность
Origin | Interest | Match
#wazuh #siem #open #source #cybersecurity #безопасность
Origin | Interest | Match
Detailed System Monitoring and Event Management with Linux Auditd ️ Modern cyber threats require not only network-level defense mechanisms but also deep visibility at the operating system level. On Linux… Continue reading on Medium »
Interest | Match | Feed
Interest | Match | Feed
Origin
medium.com
July 23, 2025 at 12:40 PM
Detailed System Monitoring and Event Management with Linux Auditd ️ Modern cyber threats require not only network-level defense mechanisms but also deep visibility at the operating system level. ...
#linux-security #technology #linux #audit #blue-team
Origin | Interest | Match
#linux-security #technology #linux #audit #blue-team
Origin | Interest | Match
Detailed System Monitoring and Event Management with Linux Auditd 🛡️🐧
Modern cyber threats require not only network-level defense mechanisms but also deep visibility at the operating system level. On Linux…
medium.com
July 23, 2025 at 12:40 PM
Detailed System Monitoring and Event Management with Linux Auditd ️ Modern cyber threats require not only network-level defense mechanisms but also deep visibility at the operating system level. ...
#linux-security #technology #linux #audit #blue-team
Origin | Interest | Match
#linux-security #technology #linux #audit #blue-team
Origin | Interest | Match
This method can be utilized to perform process masquerading..
Here an implant appears to be running from /usr/sbin/auditd but it's actually 'fileless'.
No '(deleted)', no ':memfd', no '/dev/shm', no ptrace, no LD_PRELOAD. Just stealth.
(6/7)
Here an implant appears to be running from /usr/sbin/auditd but it's actually 'fileless'.
No '(deleted)', no ':memfd', no '/dev/shm', no ptrace, no LD_PRELOAD. Just stealth.
(6/7)
July 13, 2025 at 7:39 AM
This method can be utilized to perform process masquerading..
Here an implant appears to be running from /usr/sbin/auditd but it's actually 'fileless'.
No '(deleted)', no ':memfd', no '/dev/shm', no ptrace, no LD_PRELOAD. Just stealth.
(6/7)
Here an implant appears to be running from /usr/sbin/auditd but it's actually 'fileless'.
No '(deleted)', no ':memfd', no '/dev/shm', no ptrace, no LD_PRELOAD. Just stealth.
(6/7)
Скрипт, который следит за тобой: автоматический аудит действий в Linux Привет, Хабр! В данной статье хочу разоб...
#auditd #linux #безопасность #логирование #алерты
Origin | Interest | Match
#auditd #linux #безопасность #логирование #алерты
Origin | Interest | Match
July 8, 2025 at 1:36 PM
Скрипт, который следит за тобой: автоматический аудит действий в Linux Привет, Хабр! В данной статье хочу разоб...
#auditd #linux #безопасность #логирование #алерты
Origin | Interest | Match
#auditd #linux #безопасность #логирование #алерты
Origin | Interest | Match
Origin
medium.com
July 7, 2025 at 6:37 AM
Automation of Auditd Rule Design Introduction Continue reading on Medium »
#open-source #tech #automation #linux #technology
Origin | Interest | Match
#open-source #tech #automation #linux #technology
Origin | Interest | Match
Automation of Auditd Rule Design
Introduction
medium.com
July 7, 2025 at 6:37 AM
Automation of Auditd Rule Design Introduction Continue reading on Medium »
#open-source #tech #automation #linux #technology
Origin | Interest | Match
#open-source #tech #automation #linux #technology
Origin | Interest | Match
Block Device Tuning of Auditd Rule Design Overview Continue reading on Medium »
Interest | Match | Feed
Interest | Match | Feed
Origin
medium.com
June 18, 2025 at 4:51 AM
Block Device Tuning of Auditd Rule Design Overview Continue reading on Medium »
#tech #technology #linux #automation #open-source
Origin | Interest | Match
#tech #technology #linux #automation #open-source
Origin | Interest | Match
Block Device Tuning of Auditd Rule Design
Overview
medium.com
June 18, 2025 at 4:51 AM
Block Device Tuning of Auditd Rule Design Overview Continue reading on Medium »
#tech #technology #linux #automation #open-source
Origin | Interest | Match
#tech #technology #linux #automation #open-source
Origin | Interest | Match
Origin
medium.com
June 17, 2025 at 9:06 PM