RegRipper is a collection of powerful perl scripts that allow to dump the content of a registry hive file into readable text. RegRipper relies on a plugin mechanism. Hence in this post I will show how to create your own plugin for RegRipper. The example will be very basic, and will extract the value of the Current ControlSet.
ReadIn a previous blog post, I presented the forensics tools written by Eric Zimmerman. Although these tools were originally developed for Windows, you can also run them on a Linux. This allows to run a full forensic investigation using a Linux computer.
ReadHave you ever wanted to enhance your favorite distribution kernel with debugging, tracing, networking, security or plenty of other features without going through a long approval/testing/integration process managed by the Linux community? The extended Berkeley Package Filter (eBPF) is a Linux kernel feature that aims at running user-space code (eBPF programs) in the kernel, safely and efficiently, via the in-kernel eBPF machine. Let's discover how to build such programs.
ReadIn a previous blog post, I evaluated the performance penalty of virtual storage. I compared different host filesystems and different hypervisors (including QEMU). The conclusion was pretty harsh: in all tested configurations, virtual disks are almost 10 times slower than host drives. In this blog post, I will test additional QEMU configuration options, to see if I can get better results...
ReadIn a previous blog post, I showed how to use sysbench to benchmark a Linux system. I ran the tool on various systems I had access to, and I was staggered by the performance penalty of virtual storage: a virtual disk (vdi) is roughly 10 times slower than the actual disk it is reading from or writing to. In this blog post, I want to show the results of some additional tests that, sadly enough, will only confirm this observation...
ReadWhen discussing desktop hypervisors, one usually think to the main commercial players: VMware Workstation, VMware Fusion (for Mac), Hyper-V (built-in Windows) and VirtualBox. Actually, on Linux QEMU/KVM is also a solution thanks to the Virtual Machine Manager.
ReadIn a previous blog post, I have shown how to create a Linux kernel module. This time I will show how the Linux kernel uses a task_struct to manage threads and processes. To illustrate, I will show how a kernel module can access and alter these, and thus also alter the inner working of the Linux kernel.
ReadIn a previous blog post, I presented how to build your own Linux kernel. This time I will show how to create, compile and load a very simple kernel module...
ReadIn this blog post I will show how to configure, compile and install a custom Linux kernel.
ReadSystemd is now the defacto standard init process on Linux systems. It is responsible for starting all required services... In this blog post we will present the basic concepts of systemd : basic usage, units and dependencies.
ReadSysadmin Network analysis and visualization Linux Monitoring SIEM
Security Onion is a free and open platform built by defenders for defenders. It includes network visibility, host visibility, intrusion detection honeypots, log management, and case management.
ReadIn a previous blog post, we have built a micro-Linux system relying on initramfs. In this blog post, we will add modules to this minimal system.
Read