Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

X Display Manager Control Protocol (XDMCP) Explained

X Display Manager Control Protocol (XDMCP) is a remote desktop protocol using X11 environments for managing remote graphical login sessions in Linux and Unix systems. Specifically, it allows X display managers to interface with X terminals or other X server-based systems, by facilitating the remote display management process. It operates by sending a query packet from a client to a server, signaling the request to start a session.

23 NYCRR Part 500 Amendment Compliance Checklist

Banks and Insurance companies in New York are grappling with the complexities of 23 NYCRR Part 500, a challenging cybersecurity regulation that demands comprehensive and nuanced security measures. The primary hurdle for these organizations is translating the regulatory language into actionable, practical steps that meaningfully enhance their cybersecurity posture.

Disable Core Dump Backtraces and Why

A core dump is a snapshot capturing the state of a program at the moment it crashes. This memory dump includes the processors state and the program's memory, including variables, program data, and processor registers. The data stored in core dump files, also records the contents of the system memory and CPU registers. Backtraces are generated during a program crash. They show the sequence of function calls leading to the crash called the call stack.

Windows Zero-Day Threat: Protect Your NTLM Credentials

A newly discovered zero-day vulnerability in Windows potentially exposes users across multiple Windows versions to credential theft. Discovered by 0patch researchers, this critical security flaw allows attackers to steal NTLM credentials through a deceptively simple method. The vulnerability affects a wide range of Windows systems, including: Technical details of the vulnerability are withheld to minimize exploitation risk until Microsoft issues a fix to minimize any further risk of exploitation.

Understanding Cryptographic Mechanisms

Cryptographic mechanisms protect the integrity of audit tools by ensuring that the data they collect is trustworthy. Most systems constantly run audit tools in the background, system activity such as user logins, file changes and network activity is monitored and recorded. These records are vital to system administrators for compliance, forensic analysis and security monitoring. Using cryptographic mechanisms is vital to the integrity of this data.

Kernel DMA Protection Hardening to Secure Your Systems

Kernel Direct Memory Access (DMA) Protection is a security feature in Windows designed to prevent unauthorized access to memory by external peripherals. Kernel DMA Protection requires UEFI firmware support, and Virtualization-based Security (VBS) isn’t required. Kernel DMA Protection offers enhanced security measures for the system compared to the countermeasures against BitLocker DMA attacks, all while preserving the usability of external peripherals.

Leaving TLS 1.2 and moving to TLS 1.3

Transport Layer Security (TLS) is a cryptographic protocol designed to provide secure communication between web browsers and servers. Many IP-based protocols such as HTTPS, SMTP, POP3, and FTP support TLS. Secure Sockets Layer (SSL), on the other hand, is a protocol used to establish an encrypted link between web browsers and servers. It uses symmetric cryptography to encrypt the data transmitted. Encryption keys are based on shared secret negotiation at the beginning of any communication session.

Quick Guide to GNOME Display Manager (GDM)

The GNOME Display Manager (GDM) is a program that facilitates graphical user login for Linux systems using GNOME, running and managing the X.Org display servers for both local and remote logins. The GNOME Display Manager (GDM) is the login graphical user interface (GUI) and manager for the GNOME desktop environment within Linux. GDM runs in the background and is a replacement for X Display Manager (XDM), handling user authentication, and initiating desktop sessions.

Understanding Repo_GPGcheck

Repo_GPGcheck ensures linux verifies the authenticity of software packages downloaded from repositories, reinforcing overall system security and safeguarding against unauthorized software sources. A repository in Linux is a storage location where software packages are managed and organized. When installing or updating software, Redhat based Linux systems pull the required packages from these repositories using the YUM (Yellowdog Updater, Modified) package manager.

Disable SELinux Security Configuration

Linux distributions come with Discretionary Access Control (DAC) preinstalled in them. A sudo user is usually created in a Linux system to work at root-level privileges. DAC system provides the sudo user with all the administrator rights which may be a security threat if the sudo user is not trustworthy. SELinux is a Mandatory Access Control (MAC) system that replaced traditional DAC systems in modern Linux OS. SELinux allows the system admins to have more control over who can access the system.