Podcasts about Netcat

In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by Senior Microsoft Security Researcher Kajhon Soyini to explore the Luma Stealer cryptocurrency mining campaign targeting individual computers as part of a large-scale malvertising campaign. They discuss the sophisticated attack chain, which includes DLLs, clipboard malware, process injection via Explorer.exe, and how this impacted nearly one million devices around the globe.   Kajhon explains how attackers use registry modifications, WMI event consumers, and obfuscation techniques like non-standard ports and reverse shells to maintain persistence and evade detection. The duo also covers Microsoft's defense efforts and the challenges of tracking down the origins of these attacks.  In this episode you'll learn:       Why the attack chain incorporates legacy malware like NetSupport RAT  The overlap between the Luma Stealer and Donarium malware families  How Luma Stealer uses GitHub repositories and redirector networks to deliver malicious payloads    Some questions we ask:         Can you explain how the malware uses the “image file execution objects” registry path?  What role does Netcat play in this campaign's command and control?  Why do people still mine cryptocurrency today, with all the complexities and attack methods?    Resources:   View Kajhon Soyini on LinkedIn   View Sherrod DeGrippo on LinkedIn   Connect with Sherrod and the team at RSAC    Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider      The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

Netcat is a flexible tool that can be used in a variety of ways, and it can be combined with other tools to create powerful network applications. However, it can also be used for malicious purposes and can be a security risk if used incorrectly. Therefore, it is important to use Netcat responsibly and only for legitimate purposes. #netcattutorial #netcattutorialindepth #netcattool #whatisnetcat #sharesfilethroughnetcat #createabackdoorusingnetcat #networkscanusingnetcat #howtocreateabackdoorusingnetcat #netcatworks #infosectrain Thank you for watching this video, For more details or free demo with out expert write into us at sales@infosectrain.com ➡️ Agenda for the Webinar

Windows 11 hacking using a reverse shell // NETCAT and Hak5 OMG Cable Create your own virtual machine on Linode with $100 credit: https://davidbombal.wiki/linode * Thanks to Linode for sponsoring this video! // MENU // 0:00 ▶️ Introduction 1:05 ▶️ Network Topology 3:40 ▶️ Method 1: Easy Method 5:09 ▶️ OMG Cable 8:00 ▶️ Method 2 // STEPS and INSTRUCTIONS // Download this PDF for detailed instructions: https://davidbombal.wiki/netcatomg // SOCIAL // Discord: https://discord.com/invite/usKSyzb Twitter: https://www.twitter.com/davidbombal Instagram: https://www.instagram.com/davidbombal LinkedIn: https://www.linkedin.com/in/davidbombal Facebook: https://www.facebook.com/davidbombal.co TikTok: http://tiktok.com/@davidbombal YouTube: https://www.youtube.com/davidbombal // MY STUFF // Monitor: https://amzn.to/3yyF74Y More stuff: https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com hak5 netcat rat hak5 omg omg cable hak5 reverse shell rubber ducky windows windows 11 windows 10 real time protection windows anti virus windows real time protection Disclaimer: This video is for educational purposes only. I own all equipment used for this demonstration. No actual attack took place on any websites. Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! #hak5 #netcat #reverseshell

Minecraft hacking with PYTHON and Log4j // Netcat reverse shell exploiting CVE Create your own virtual machine on Linode with $100 credit: https://davidbombal.wiki/linode * Thanks to Linode for sponsoring this video! It's really important that you update your servers to no longer use vulnerable versions of log4j. // MENU // 0:00 ▶️ Introduction 1:45 ▶️ Topology and overview of problem 3:10 ▶️ Demo of rickroll attack 5:48 ▶️ Netcat reverse shell attack demo 9:17 ▶️ Entire process on a new cloud server // SCRIPTS // Get the code here: https://github.com/davidbombal/log4jm... // MINECRAFT SETUP // https://davidbombal.wiki/minecraftw11... // JOHN's VIDEO // John Hammond: https://youtu.be/7qoPDq41xhQ // SOCIAL // Discord: https://discord.com/invite/usKSyzb Twitter: https://www.twitter.com/davidbombal Instagram: https://www.instagram.com/davidbombal LinkedIn: https://www.linkedin.com/in/davidbombal Facebook: https://www.facebook.com/davidbombal.co TikTok: http://tiktok.com/@davidbombal YouTube: https://www.youtube.com/davidbombal // MY STUFF // Monitor: https://amzn.to/3yyF74Y More stuff: https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com minecraft python log4j cve-2021-44228 java java log4j Log4jRCE.java RCE Log4Shell minecraft log4j minecraft windows 11 minecraft windows minecraft server reverse shell windows windows 11 windows 10 real time protection windows anti virus windows real time protection python windows windows python Disclaimer: This video is for educational purposes only. I own all equipment used for this demonstration. No actual attack took place on any websites. Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! #log4j #minecraft #python

OpenZFS snapshots, OpenSUSE on Bastille, printing with netcat, new opnsense 21.1.8 released, new pfsense plus software available, and more. NOTES This episode of BSDNow is brought to you by Tarsnap (https://www.tarsnap.com/bsdnow) Headlines Lets talk OpenZFS snapshots (https://klarasystems.com/articles/lets-talk-openzfs-snapshots/) OpenSUSE in Bastille (https://peter.czanik.hu/posts/opensuse_in_bastille/) News Roundup CUPS printing with netcat (https://retrohacker.substack.com/p/bye-cups-printing-with-netcat) Opnsense-21.1.8 (https://opnsense.org/opnsense-21-1-8-released/) pfSense® Plus Software Version 21.05.1 is Now Available (https://www.netgate.com/blog/pfsense-plus-software-version-21.05.1-is-now-available-for-upgrades) Beastie Bits • [MAC Inspired FreeBSD release](https://github.com/mszoek/airyx) • [Implement unprivileged chroot](https://cgit.freebsd.org/src/commit/?id=a40cf4175c90142442d0c6515f6c83956336699b) • [InitWare: A systemd fork that runs on BSD](https://github.com/InitWare/InitWare) • [multics gets a new release](https://multics-wiki.swenson.org/index.php/Main_Page) • [Open Source Voices interview with Tom Jones](https://www.opensourcevoices.org/17) • [PDP 11/03 Engineering Drawings](https://twitter.com/q5sys/status/1423092689084551171) Tarsnap This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups. Feedback/Questions Oliver - zfs (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/416/feedback/Olvier%20-%20zfs.md) anders - vms (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/416/feedback/anders%20-%20vms.md) jeff - byhve guests (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/416/feedback/jeff%20-%20byhve%20guests.md) Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv) ***

EP 67 The Senior Care Industry Netcat: Sonja Gunter, RN, Executive Director, Heritage of MariettaI'm Sonja Gunter. I'm the executive director at an assisted living here in the great state of Georgia, city of Marietta.Valerie VanBooven RN BSN:Awesome. And tell us the name of your assisted living facility.Sonja Gunter:It is the Heritage of Marietta, and I want to add, I'm also a nurse for 17 years. So, I'm a nurse and an executive director. Yes.https://www.asnmarketingplan.com/ep-67-the-senior-care-industry-netcat-sonja-gunter-rn-executive-director-heritage-of-marietta/

Today we get to discuss the future of TikTok and some cool new features in IOS 14. Will Apple buy TikTok? Then we have an interview with Wilson Bautista. If you know someone who is... The post Ep. 22 – TikTok, iOS 14, Wilson Bautista, Cheesy Shrimp & Grits, Yubikey, KotOR Bundle, The Social Dilemma, and Netcat appeared first on Back From The Future.

WISP.org donation page: https://wisporg.z2systems.com/np/clients/wisporg/donation.jsp Mick Douglas (@bettersafetynet on Twitter) Powercat: https://github.com/besimorhino/powercat Netcat in a powershell environment https://blog.rapid7.com/2018/09/27/the-powershell-boogeyman-how-to-defend-against-malicious-powershell-attacks/ https://www.hackingarticles.in/powercat-a-powershell-netcat/ Defenses against powercat?  LolBins: https://www.cynet.com/blog/what-are-lolbins-and-how-do-attackers-use-them-in-fileless-attacks/ Sigma ruleset: https://www.nextron-systems.com/2018/02/10/write-sigma-rules/#:~:text=Sigma%20is%20an%20open%20standard,grep%20on%20the%20command%20line. ElasticSearch bought Endgame; https://www.elastic.co/about/press/elastic-announces-intent-to-acquire-endgame https://krebsonsecurity.com/2020/07/thinking-of-a-cybersecurity-career-read-this/ Twitter DM to @bettersafetynet:Hey... I wanna talk about @hrbrmstr's tweet on the show tonight as well... https://twitter.com/hrbrmstr/status/1287442304593276929 My thinking is if Cisco and others didn't try to intentionally downplay vulnerabilities by announcing them on a Friday, would we be more likely to patch sooner? Also, greater need for testing of patches to ensure that 80% of your workforce rely on that technology now. What's worse? Patching on a Friday evening (after several hours explaining the vuln to a manager), and then having it fuck something up so you're up at crack of dawn Monday troubleshooting something missed Friday night because testing was rushed/not conducted because the CEO can't access email? I have thoughts, I've added this to the show note google doc. https://www.reddit.com/r/netsec/comments/hwaj6f/nmap_script_fot_cve20203452/  -- nmap PoC script? Embargoed vulns… Getting management buy-in to patch 

En el capítulo de hoy vamos a ver un poco NC, NetCat o como queráis llamarlo, y vamos a ponerlo en contraposición a ssh en algunas cosas y siempre vamos a poder utilizar ssh con … La entrada NC – NetCat se publicó primero en Eduardo Collado.

In this episode of the CyberAware Podcast, our hosts, Raj and Sherwin, discuss with special guest Mubasser Kamal focused mainly on cyberpunks. Mubassir graduated from Minnesota State University, Mankato two years ago with a masters degree in IT and he has been currently working for a penetration testing company based in Minneapolis as a security consultant. The podcast is all about cyberpunks which simply put forward means individuals into cybertheft & other malicious criminal activities in the cyberworld. The first major example of cyberpunk they discuss is phishing and how there has been an upsurge in SMS phishing and the number of victims during this COVID-19 timeline. They provide insights to cross-site request forgery and SQL injection which turn out to be some of the common exploits. They elaborate on penetration testing further and how institutions implement it effectively to test their cyber infrastructure like mobile and web applications to name some and to evade exploits like remote code execution attacks. They also talk about tools like ‘Netcat' that they use for troubleshooting the exploits while they poke around different servers. They talk more about ‘mercenary' hackers implemented and sponsored by Governments and corporations around the world to conduct cyber-attacks & espionage too. They explain how these hackers have high-end targets and many of the times bait people close to their target to hack into, essentially implementing these innocent people as passive cyberpunks. They then give some tips to stay cybersecure like always checking the links (URL), getting back to the institution involved directly to check the validity of the e-mail or SMS or call they received, securing home networks better using WPA passwords, performing regular firmware updates on devices like routers, etc. Finally they take you through a typical day in life of an Information security analyst and the tasks they perform on a daily basis.

In this episode of the Collective Defense Podcast we are jumping into honeypots, honeynets, and how emerging threats can be proactively detected with Peter Rydzynski. On the new front we analyzed a number of stories including the most recent Marriott breach, zoombombs and WarDialz, and of course more insecure Wordpress plugins. Software Mentioned in this episode: SELKS https://www.stamus-networks.com/scirius-open-source (https://www.stamus-networks.com/scirius-open-source) Both live and installable Network Security Management ISO based on Debian Complete Suricata IDS/IPS ecosystem with its own graphic rule manager From start to analysis of IDS/IPS and NSM events in 30 sec Major components: Suricata Elasticsearch Logstash Kibana Moloch Scirius Community Edition EveBox Cowrie https://github.com/cowrie/cowrie (https://github.com/cowrie/cowrie) Cowrie is a medium to high interaction SSH and Telnet honeypot designed to log brute force attacks and the shell interaction performed by the attacker. In medium interaction mode (shell) it emulates a UNIX system in Python, in high interaction mode (proxy) it functions as an SSH and telnet proxy to observe attacker behavior to another system. Cowrie is maintained by Michel Oosterhof. Dionaea https://github.com/DinoTools/dionaea (https://github.com/DinoTools/dionaea) This low-interaction honeypot written in C and Python uses the Libemu library to emulate the execution of Intel x86 instructions and detect shellcodes. In addition, we can say it’s a multi-protocol honeypot that offers support for protocols such as FTP, HTTP, Memcache, MSSQL, MySQL, SMB, TFTP, etc. Protocols blackhole epmap ftp http memcache mirror mqtt mssql mysql pptp sip smb tftp upnp Logging fail2ban hpfeeds log_json log_sqlit Netcat http://netcat.sourceforge.net/ (http://netcat.sourceforge.net/) Netcat is a featured networking utility which reads and writes data across network connections, using the TCP/IP protocol. It is designed to be a reliable "back-end" tool that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need and has several interesting built-in capabilities. It provides access to the following main features: Outbound and inbound connections, TCP or UDP, to or from any ports. Featured tunneling mode which allows also special tunneling such as UDP to TCP, with the possibility of specifying all network parameters (source port/interface, listening port/interface, and the remote host allowed to connect to the tunnel. Built-in port-scanning capabilities, with randomizer. Advanced usage options, such as buffered send-mode (one line every N seconds), and hexdump (to stderr or to a specified file) of trasmitted and received data. Optional RFC854 telnet codes parser and responder. Modern Honey Network https://github.com/pwnlandia/mhn (https://github.com/pwnlandia/mhn) MHN is a centralized server for management and data collection of honeypots. MHN allows you to deploy sensors quickly and to collect data immediately, viewable from a neat web interface. Honeypot deploy scripts include several common honeypot technologies, including Snort, Cowrie, Dionaea, and glastopf, among others. Features MHN is a Flask application that exposes an HTTP API that honeypots can use to: Download a deploy script Connect and register Download snort rules Send intrusion detection logs It also allows system administrators to: View a list of new attacks Manage snort rules: enable, disable, download

Another interview with an anonymous Server Engineer. We discuss Intel’s (lack of) security, the future of server tech, and more! [NOTE: This was an anonymous phone call, some audio issues] 1) 4:42 How important is the cost to run a server vs Start-up costs? 2) 11:00 Software Maturity & Intel’s Security Problems 3) 12:58 Spectre and Foreshadow 4) 21:03 NetCat broke the camel’s back… 5) 39:29 Does Optane or the “Intel Package” matter? 6) 41:57 AMD’s past failures, and their future success… 7) 49:20 Are Intel’s Security problems over? 8) 59:55 AMD vs Intel Branch Prediction & Threads 9) 1:07:20 How should we approach Hardware Security? 10) 1:11:55 Is Intel better positioned for the future? 11) 1:20:50 Do Intel’s Professional GPU’s sound interesting? 12) 1:26:05 2700X and 9900K as server chips… 13) 1:39:00 Remember how great Broadwell was… 14) 1:48:00 Best Wishes for UFD Tech

Mai menü:-beszélgetünk a botokról és a telegram csatornáról-NetCat újra side channel attack-World of Warcraft és wikipedia DDoS-JPMorgan Python droidokat vár-SIMJacker - vagyis egy jól megírt SMS-el mi mindent lehet elérni-Miért kerül többe az Andoridos exploit mint az iOS-es?-Telnet backdoor-Facebookra került fel néhány alkalmazás egészségügyi adata-FBI és a business mail compromise-DeepFake, amikor a hangod se a tiéd márElérhetőségeink:TelegramTwitterInstagramMail: info@hackeslangos.show 

As iOS 13 is out, Josh and Kirk discuss its new features and what you can look forward to. They also discuss how smart TVs spy on you and send data about everything you watch, as well as a new SIM card flaw and an iOS 13 lock screen bypass. One note: we mentioned that iOS 13.1 was due to be released on September 30. After we recorded the podcast, Apple announced that iOS 13.1 would be released early, on September 24. Show Notes: Should You Back Up Your iOS Device to iCloud or iTunes? Google Warns LastPass Users Were Exposed To ‘Last Password’ Credential Leak You watch TV. Your TV watches back. New SIM card flaw lets hackers hijack any phone just by sending SMS NetCAT: new attack lets hackers remotely steal data from (specific) Intel (Xeon) CPUs iOS 13 lockscreen bypass What's New in iOS 13 and iPadOS 13 Get 40% off Mac Premium Bundle X9, fully compatible with macOS Mojave, with the code PODCAST19. Download Intego Mac Premium Bundle X9 now at intego.com.

This week, Producer Alice Duckett steps in to host the show with Paul Ducklin, Mark Stockley and Greg Iddon. Greg discusses the most disruptive Distributed Denial of Service (DDoS) attack in recent memory affecting Wikipedia, Mark shares another privacy boost for Firefox users and Duck explains why SSH-stealing NetCAT is not really a problem. Related articles Wikipedia DDos: https://nakedsecurity.sophos.com/2019/09/11/wikipedia-fights-off-huge-ddos-attack/ Firefox Private Network: https://nakedsecurity.sophos.com/2019/09/13/mozilla-private-network-vpn-gives-firefox-another-privacy-boost/ NetCat: https://nakedsecurity.sophos.com/2019/09/13/intel-ssh-stealing-netcat-bug-not-really-a-problem/

Evan's back state-side for episode 45 of the UNSECURITY podcast. He and Brad add to last week's conversation about vCISOs by discussing what someone would have to do to become one. The guys also chat about Evan's recent trip to Bulgaria and make an exciting announcement. You won't want to miss this one! Give it a listen and let us know what you think at unsecurity@protonmail.com.

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+September+2019+Patch+Tuesday/25310/ Adobe Patches https://helpx.adobe.com/security.html Intel SSH Side Channel Vulnerability https://www.vusec.net/projects/netcat/ https://www.cs.vu.nl/~herbertb/download/papers/netcat_sp20.pdf

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+September+2019+Patch+Tuesday/25310/ Adobe Patches https://helpx.adobe.com/security.html Intel SSH Side Channel Vulnerability https://www.vusec.net/projects/netcat/ https://www.cs.vu.nl/~herbertb/download/papers/netcat_sp20.pdf

Byproducts of reading OpenBSD’s netcat code, learnings from porting your own projects to FreeBSD, OpenBSD’s unveil(), NetBSD’s Virtual Machine Monitor, what 'dependency' means in Unix init systems, jailing bhyve, and more. ##Headlines ###The byproducts of reading OpenBSD netcat code When I took part in a training last year, I heard about netcat for the first time. During that class, the tutor showed some hacks and tricks of using netcat which appealed to me and motivated me to learn the guts of it. Fortunately, in the past 2 months, I was not so busy that I can spend my spare time to dive into OpenBSD‘s netcat source code, and got abundant byproducts during this process. (1) Brush up socket programming. I wrote my first network application more than 10 years ago, and always think the socket APIs are marvelous. Just ~10 functions (socket, bind, listen, accept…) with some IO multiplexing buddies (select, poll, epoll…) connect the whole world, wonderful! From that time, I developed a habit that is when touching a new programming language, network programming is an essential exercise. Even though I don’t write socket related code now, reading netcat socket code indeed refresh my knowledge and teach me new stuff. (2) Write a tutorial about netcat. I am mediocre programmer and will forget things when I don’t use it for a long time. So I just take notes of what I think is useful. IMHO, this “tutorial” doesn’t really mean teach others something, but just a journal which I can refer when I need in the future. (3) Submit patches to netcat. During reading code, I also found bugs and some enhancements. Though trivial contributions to OpenBSD, I am still happy and enjoy it. (4) Implement a C++ encapsulation of libtls. OpenBSD‘s netcat supports tls/ssl connection, but it needs you take full care of resource management (memory, socket, etc), otherwise a small mistake can lead to resource leak which is fatal for long-live applications (In fact, the two bugs I reported to OpenBSD are all related resource leak). Therefore I develop a simple C++ library which wraps the libtls and hope it can free developer from this troublesome problem and put more energy in application logic part. Long story to short, reading classical source code is a rewarding process, and you can consider to try it yourself. ###What I learned from porting my projects to FreeBSD Introduction I set up a local FreeBSD VirtualBox VM to test something, and it seems to work very well. Due to the novelty factor, I decided to get my software projects to build and pass the tests there. The Projects https://github.com/shlomif/shlomif-computer-settings/ (my dotfiles). https://web-cpan.shlomifish.org/latemp/ https://fc-solve.shlomifish.org/ https://www.shlomifish.org/open-source/projects/black-hole-solitaire-solver/ https://better-scm.shlomifish.org/source/ http://perl-begin.org/source/ https://www.shlomifish.org/meta/site-source/ Written using a mix of C, Perl 5, Python, Ruby, GNU Bash, XML, CMake, XSLT, XHTML5, XHTML1.1, Website META Language, JavaScript and more. Work fine on several Linux distributions and have https://en.wikipedia.org/wiki/TravisCI using Ubuntu 14.04 hosts Some pass builds and tests on AppVeyor/Win64 What I Learned: FreeBSD on VBox has become very reliable Some executables on FreeBSD are in /usr/local/bin instead of /usr/bin make on FreeBSD is not GNU make m4 on FreeBSD is not compatible with GNU m4 Some CPAN Modules fail to install using local-lib there DocBook/XSL Does Not Live Under /usr/share/sgml FreeBSD’s grep does not have a “-P” flag by default FreeBSD has no “nproc” command Conclusion: It is easier to port a shell than a shell script. — Larry Wall I ran into some cases where my scriptology was lacking and suboptimal, even for my own personal use, and fixed them. ##News Roundup ###OpenBSD’s unveil() One of the key aspects of hardening the user-space side of an operating system is to provide mechanisms for restricting which parts of the filesystem hierarchy a given process can access. Linux has a number of mechanisms of varying capability and complexity for this purpose, but other kernels have taken a different approach. Over the last few months, OpenBSD has inaugurated a new system call named unveil() for this type of hardening that differs significantly from the mechanisms found in Linux. The value of restricting access to the filesystem, from a security point of view, is fairly obvious. A compromised process cannot exfiltrate data that it cannot read, and it cannot corrupt files that it cannot write. Preventing unwanted access is, of course, the purpose of the permissions bits attached to every file, but permissions fall short in an important way: just because a particular user has access to a given file does not necessarily imply that every program run by that user should also have access to that file. There is no reason why your PDF viewer should be able to read your SSH keys, for example. Relying on just the permission bits makes it easy for a compromised process to access files that have nothing to do with that process’s actual job. In a Linux system, there are many ways of trying to restrict that access; that is one of the purposes behind the Linux security module (LSM) architecture, for example. The SELinux LSM uses a complex matrix of labels and roles to make access-control decisions. The AppArmor LSM, instead, uses a relatively simple table of permissible pathnames associated with each application; that approach was highly controversial when AppArmor was first merged, and is still looked down upon by some security developers. Mount namespaces can be used to create a special view of the filesystem hierarchy for a set of processes, rendering much of that hierarchy invisible and, thus, inaccessible. The seccomp mechanism can be used to make decisions on attempts by a process to access files, but that approach is complex and error-prone. Yet another approach can be seen in the Qubes OS distribution, which runs applications in virtual machines to strictly control what they can access. Compared to many of the options found in Linux, unveil() is an exercise in simplicity. This system call, introduced in July, has this prototype: int unveil(const char *path, const char *permissions); A process that has never called unveil() has full access to the filesystem hierarchy, modulo the usual file permissions and any restrictions that may have been applied by calling pledge(). Calling unveil() for the first time will “drop a veil” across the entire filesystem, rendering the whole thing invisible to the process, with one exception: the file or directory hierarchy starting at path will be accessible with the given permissions. The permissions string can contain any of “r” for read access, “w” for write, “x” for execute, and “c” for the ability to create or remove the path. Subsequent calls to unveil() will make other parts of the filesystem hierarchy accessible; the unveil() system call itself still has access to the entire hierarchy, so there is no problem with unveiling distinct subtrees that are, until the call is made, invisible to the process. If one unveil() call applies to a subtree of a hierarchy unveiled by another call, the permissions associated with the more specific call apply. Calling unveil() with both arguments as null will block any further calls, setting the current view of the filesystem in stone. Calls to unveil() can also be blocked using pledge(). Either way, once the view of the filesystem has been set up appropriately, it is possible to lock it so that the process cannot expand its access in the future should it be taken over and turn hostile. unveil() thus looks a bit like AppArmor, in that it is a path-based mechanism for restricting access to files. In either case, one must first study the program in question to gain a solid understanding of which files it needs to access before closing things down, or the program is likely to break. One significant difference (beyond the other sorts of behavior that AppArmor can control) is that AppArmor’s permissions are stored in an external policy file, while unveil() calls are made by the application itself. That approach keeps the access rules tightly tied to the application and easy for the developers to modify, but it also makes it harder for system administrators to change them without having to rebuild the application from source. One can certainly aim a number of criticisms at unveil() — all of the complaints that have been leveled at path-based access control and more. But the simplicity of unveil() brings a certain kind of utility, as can be seen in the large number of OpenBSD applications that are being modified to use it. OpenBSD is gaining a base level of protection against unintended program behavior; while it is arguably possible to protect a Linux system to a much greater extent, the complexity of the mechanisms involved keeps that from happening in a lot of real-world deployments. There is a certain kind of virtue to simplicity in security mechanisms. ###NetBSD Virtual Machine Monitor (NVVM) NetBSD Virtual Machine Monitor The NVMM driver provides hardware-accelerated virtualization support on NetBSD. It is made of an ~MI frontend, to which MD backends can be plugged. A virtualization API is provided in libnvmm, that allows to easily create and manage virtual machines via NVMM. Two additional components are shipped as demonstrators, toyvirt and smallkern: the former is a toy virtualizer, that executes in a VM the 64bit ELF binary given as argument, the latter is an example of such binary. Download The source code of NVMM, plus the associated tools, can be downloaded here. Technical details NVMM can support up to 128 virtual machines, each having a maximum of 256 VCPUs and 4GB of RAM. Each virtual machine is granted access to most of the CPU registers: the GPRs (obviously), the Segment Registers, the Control Registers, the Debug Registers, the FPU (x87 and SSE), and several MSRs. Events can be injected in the virtual machines, to emulate device interrupts. A delay mechanism is used, and allows VMM software to schedule the interrupt right when the VCPU can receive it. NMIs can be injected as well, and use a similar mechanism. The host must always be x8664, but the guest has no constraint on the mode, so it can be x8632, PAE, real mode, and so on. The TSC of each VCPU is always re-based on the host CPU it is executing on, and is therefore guaranteed to increase regardless of the host CPU. However, it may not increase monotonically, because it is not possible to fully hide the host effects on the guest during #VMEXITs. When there are more VCPUs than the host TLB can deal with, NVMM uses a shared ASID, and flushes the shared-ASID VCPUs on each VM switch. The different intercepts are configured in such a way that they cover everything that needs to be emulated. In particular, the LAPIC can be emulated by VMM software, by intercepting reads/writes to the LAPIC page in memory, and monitoring changes to CR8 in the exit state. ###What ‘dependency’ means in Unix init systems is underspecified (utoronto.ca) I was reading Davin McCall’s On the vagaries of init systems (via) when I ran across the following, about the relationship between various daemons (services, etc): I do not see any compelling reason for having ordering relationships without actual dependency, as both Nosh and Systemd provide for. In comparison, Dinit’s dependencies also imply an ordering, which obviates the need to list a dependency twice in the service description. Well, this may be an easy one but it depends on what an init system means by ‘dependency’. Let’s consider ®syslog and the SSH daemon. I want the syslog daemon to be started before the SSH daemon is started, so that the SSH daemon can log things to it from the beginning. However, I very much do not want the SSH daemon to not be started (or to be shut down) if the syslog daemon fails to start or later fails. If syslog fails, I still want the SSH daemon to be there so that I can perhaps SSH in to the machine and fix the problem. This is generally true of almost all daemons; I want them to start after syslog, so that they can syslog things, but I almost never want them to not be running if syslog failed. (And if for some reason syslog is not configured to start, I want enabling and starting, say, SSH, to also enable and start the syslog daemon.) In general, there are three different relationships between services that I tend to encounter: a hard requirement, where service B is useless or dangerous without service A. For instance, many NFS v2 and NFS v3 daemons basically don’t function without the RPC portmapper alive and active. On any number of systems, firewall rules being in place are a hard requirement to start most network services; you would rather your network services not start at all than that they start without your defenses in place. a want, where service B wants service A to be running before B starts up, and service A should be started even if it wouldn’t otherwise be, but the failure of A still leaves B functional. Many daemons want the syslog daemon to be started before they start but will run without it, and often you want them to do so so that at least some of the system works even if there is, say, a corrupt syslog configuration file that causes the daemon to error out on start. (But some environments want to hard-fail if they can’t collect security related logging information, so they might make rsyslogd a requirement instead of a want.) an ordering, where if service A is going to be started, B wants to start after it (or before it), but B isn’t otherwise calling for A to be started. We have some of these in our systems, where we need NFS mounts done before cron starts and runs people’s @reboot jobs but neither cron nor NFS mounts exactly or explicitly want each other. (The system as a whole wants both, but that’s a different thing.) Given these different relationships and the implications for what the init system should do in different situations, talking about ‘dependency’ in it systems is kind of underspecified. What sort of dependency? What happens if one service doesn’t start or fails later? My impression is that generally people pick a want relationship as the default meaning for init system ‘dependency’. Usually this is fine; most services aren’t actively dangerous if one of their declared dependencies fails to start, and it’s generally harmless on any particular system to force a want instead of an ordering relationship because you’re going to be starting everything anyway. (In my example, you might as well say that cron on the systems in question wants NFS mounts. There is no difference in practice; we already always want to do NFS mounts and start cron.) ###Jailing The bhyve Hypervisor As FreeBSD nears the final 12.0-RELEASE release engineering cycles, I’d like to take a moment to document a cool new feature coming in 12: jailed bhyve. You may notice that I use HardenedBSD instead of FreeBSD in this article. There is no functional difference in bhyve on HardenedBSD versus bhyve on FreeBSD. The only difference between HardenedBSD and FreeBSD is the aditional security offered by HardenedBSD. The steps I outline here work for both FreeBSD and HardenedBSD. These are the bare minimum steps, no extra work needed for either FreeBSD or HardenedBSD. A Gentle History Lesson At work in my spare time, I’m helping develop a malware lab. Due to the nature of the beast, we would like to use bhyve on HardenedBSD. Starting with HardenedBSD 12, non-Cross-DSO CFI, SafeStack, Capsicum, ASLR, and strict W^X are all applied to bhyve, making it an extremely hardened hypervisor. So, the work to support jailed bhyve is sponsored by both HardenedBSD and my employer. We’ve also jointly worked on other bhyve hardening features, like protecting the VM’s address space using guard pages (mmap(…, MAPGUARD, …)). Further work is being done in a project called “malhyve.” Only those modifications to bhyve/malhyve that make sense to upstream will be upstreamed. Initial Setup We will not go through the process of creating the jail’s filesystem. That process is documented in the FreeBSD Handbook. For UEFI guests, you will need to install the uefi-edk2-bhyve package inside the jail. I network these jails with traditional jail networking. I have tested vnet jails with this setup, and that works fine, too. However, there is no real need to hook the jail up to any network so long as bhyve can access the tap device. In some cases, the VM might not need networking, in which case you can use a network-less VM in a network-less jail. By default, access to the kernel side of bhyve is disabled within jails. We need to set allow.vmm in our jail.conf entry for the bhyve jail. We will use the following in our jail, so we will need to set up devfs(8) rules for them: A ZFS volume A null-modem device (nmdm(4)) UEFI GOP (no devfs rule, but IP assigned to the jail) A tap device Conclusion The bhyve hypervisor works great within a jail. When combined with HardenedBSD, bhyve is extremely hardened: PaX ASLR is fully applied due to compilation as a Position-Independent Executable (HardenedBSD enhancement) PaX NOEXEC is fully applied (strict W^X) (HardenedBSD enhancement) Non-Cross-DSO CFI is fully applied (HardenedBSD enhancement) Full RELRO (RELRO + BINDNOW) is fully applied (HardenedBSD enhancement) SafeStack is applied to the application (HardenedBSD enhancement) Jailed (FreeBSD feature written by HardenedBSD) Virtual memory protected with guard pages (FreeBSD feature written by HardenedBSD) Capsicum is fully applied (FreeBSD feature) Bad guys are going to have a hard time breaking out of the userland components of bhyve on HardenedBSD. :) ##Beastie Bits GhostBSD 18.10 has been released Project Trident RC3 has been released The OpenBSD Foundation receives the first Silver contribution from a single individual Monitoring pf logs gource NetBSD on the RISC-V is alive The X hole Announcing the pkgsrc-2018Q3 release (2018-10-05) NAT performance on EdgeRouter X and Lite with EdgeOS, OpenBSD, and OpenWRT UNIX (as we know it) might not have existed without Mrs. Thompson Free Pizza for your dev events Portland BSD Pizza Night: Nov 29th 7pm ##Feedback/Questions Dennis - Core developers leaving illumOS? Ben - Jumping from snapshot to snapshot Ias - Question about ZFS snapshots Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

6 metrics for zpool performance, 2FA with ssh on OpenBSD, ZFS maintaining file type information in dirs, everything old is new again, netcat demystified, and more.

6 metrics for zpool performance, 2FA with ssh on OpenBSD, ZFS maintaining file type information in dirs, everything old is new again, netcat demystified, and more.

6 metrics for zpool performance, 2FA with ssh on OpenBSD, ZFS maintaining file type information in dirs, everything old is new again, netcat demystified, and more. ##Headlines Six Metrics for Measuring ZFS Pool Performance Part 1 The layout of a ZFS storage pool has a significant impact on system performance under various workloads. Given the importance of picking the right configuration for your workload and the fact that making changes to an in-use ZFS pool is far from trivial, it is important for an administrator to understand the mechanics of pool performance when designing a storage system. To quantify pool performance, we will consider six primary metrics: Read I/O operations per second (IOPS) Write IOPS Streaming read speed Streaming write speed Storage space efficiency (usable capacity after parity versus total raw capacity) Fault tolerance (maximum number of drives that can fail before data loss) For the sake of comparison, we’ll use an example system with 12 drives, each one sized at 6TB, and say that each drive does 100MB/s streaming reads and writes and can do 250 read and write IOPS. We will visualize how the data is spread across the drives by writing 12 multi-colored blocks, shown below. The blocks are written to the pool starting with the brown block on the left (number one), and working our way to the pink block on the right (number 12). Note that when we calculate data rates and IOPS values for the example system, they are only approximations. Many other factors can impact pool access speeds for better (compression, caching) or worse (poor CPU performance, not enough memory). There is no single configuration that maximizes all six metrics. Like so many things in life, our objective is to find an appropriate balance of the metrics to match a target workload. For example, a cold-storage backup system will likely want a pool configuration that emphasizes usable storage space and fault tolerance over the other data-rate focused metrics. Let’s start with a quick review of ZFS storage pools before diving into specific configuration options. ZFS storage pools are comprised of one or more virtual devices, or vdevs. Each vdev is comprised of one or more storage providers, typically physical hard disks. All disk-level redundancy is configured at the vdev level. That is, the RAID layout is set on each vdev as opposed to on the storage pool. Data written to the storage pool is then striped across all the vdevs. Because pool data is striped across the vdevs, the loss of any one vdev means total pool failure. This is perhaps the single most important fact to keep in mind when designing a ZFS storage system. We will circle back to this point in the next post, but keep it in mind as we go through the vdev configuration options. Because storage pools are made up of one or more vdevs with the pool data striped over the top, we’ll take a look at pool configuration in terms of various vdev configurations. There are three basic vdev configurations: striping, mirroring, and RAIDZ (which itself has three different varieties). The first section will cover striped and mirrored vdevs in this post; the second post will cover RAIDZ and some example scenarios. A striped vdev is the simplest configuration. Each vdev consists of a single disk with no redundancy. When several of these single-disk, striped vdevs are combined into a single storage pool, the total usable storage space would be the sum of all the drives. When you write data to a pool made of striped vdevs, the data is broken into small chunks called “blocks” and distributed across all the disks in the pool. The blocks are written in “round-robin” sequence, meaning after all the disks receive one row of blocks, called a stripe, it loops back around and writes another stripe under the first. A striped pool has excellent performance and storage space efficiency, but absolutely zero fault tolerance. If even a single drive in the pool fails, the entire pool will fail and all data stored on that pool will be lost. The excellent performance of a striped pool comes from the fact that all of the disks can work independently for all read and write operations. If you have a bunch of small read or write operations (IOPS), each disk can work independently to fetch the next block. For streaming reads and writes, each disk can fetch the next block in line synchronized with its neighbors. For example, if a given disk is fetching block n, its neighbor to the left can be fetching block n-1, and its neighbor to the right can be fetching block n+1. Therefore, the speed of all read and write operations as well as the quantity of read and write operations (IOPS) on a striped pool will scale with the number of vdevs. Note here that I said the speeds and IOPS scale with the number of vdevs rather than the number of drives; there’s a reason for this and we’ll cover it in the next post when we discuss RAID-Z. Here’s a summary of the total pool performance (where N is the number of disks in the pool): N-wide striped: Read IOPS: N * Read IOPS of a single drive Write IOPS: N * Write IOPS of a single drive Streaming read speed: N * Streaming read speed of a single drive Streaming write speed: N * Streaming write speed of a single drive Storage space efficiency: 100% Fault tolerance: None! Let’s apply this to our example system, configured with a 12-wide striped pool: 12-wide striped: Read IOPS: 3000 Write IOPS: 3000 Streaming read speed: 1200 MB/s Streaming write speed: 1200 MB/s Storage space efficiency: 72 TB Fault tolerance: None! Below is a visual depiction of our 12 rainbow blocks written to this pool configuration: The blocks are simply striped across the 12 disks in the pool. The LBA column on the left stands for “Logical Block Address”. If we treat each disk as a column in an array, each LBA would be a row. It’s also easy to see that if any single disk fails, we would be missing a color in the rainbow and our data would be incomplete. While this configuration has fantastic read and write speeds and can handle a ton of IOPS, the data stored on the pool is very vulnerable. This configuration is not recommended unless you’re comfortable losing all of your pool’s data whenever any single drive fails. A mirrored vdev consists of two or more disks. A mirrored vdev stores an exact copy of all the data written to it on each one of its drives. Traditional RAID-1 mirrors usually only support two drive mirrors, but ZFS allows for more drives per mirror to increase redundancy and fault tolerance. All disks in a mirrored vdev have to fail for the vdev, and thus the whole pool, to fail. Total storage space will be equal to the size of a single drive in the vdev. If you’re using mismatched drive sizes in your mirrors, the total size will be that of the smallest drive in the mirror. Streaming read speeds and read IOPS on a mirrored vdev will be faster than write speeds and IOPS. When reading from a mirrored vdev, the drives can “divide and conquer” the operations, similar to what we saw above in the striped pool. This is because each drive in the mirror has an identical copy of the data. For write operations, all of the drives need to write a copy of the data, so the mirrored vdev will be limited to the streaming write speed and IOPS of a single disk. Here’s a summary: N-way mirror: Read IOPS: N * Read IOPS of a single drive Write IOPS: Write IOPS of a single drive Streaming read speed: N * Streaming read speed of a single drive Streaming write speed: Streaming write speed of a single drive Storage space efficiency: 50% for 2-way, 33% for 3-way, 25% for 4-way, etc. [(N-1)/N] Fault tolerance: 1 disk per vdev for 2-way, 2 for 3-way, 3 for 4-way, etc. [N-1] For our first example configuration, let’s do something ridiculous and create a 12-way mirror. ZFS supports this kind of thing, but your management probably will not. 1x 12-way mirror: Read IOPS: 3000 Write IOPS: 250 Streaming read speed: 1200 MB/s Streaming write speed: 100 MB/s Storage space efficiency: 8.3% (6 TB) Fault tolerance: 11 As we can clearly see from the diagram, every single disk in the vdev gets a full copy of our rainbow data. The chainlink icons between the disk labels in the column headers indicate the disks are part of a single vdev. We can lose up to 11 disks in this vdev and still have a complete rainbow. Of course, the data takes up far too much room on the pool, occupying a full 12 LBAs in the data array. Obviously, this is far from the best use of 12 drives. Let’s do something a little more practical and configure the pool with the ZFS equivalent of RAID-10. We’ll configure six 2-way mirror vdevs. ZFS will stripe the data across all 6 of the vdevs. We can use the work we did in the striped vdev section to determine how the pool as a whole will behave. Let’s first calculate the performance per vdev, then we can work on the full pool: 1x 2-way mirror: Read IOPS: 500 Write IOPS: 250 Streaming read speed: 200 MB/s Streaming write speed: 100 MB/s Storage space efficiency: 50% (6 TB) Fault tolerance: 1 Now we can pretend we have 6 drives with the performance statistics listed above and run them through our striped vdev performance calculator to get the total pool’s performance: 6x 2-way mirror: Read IOPS: 3000 Write IOPS: 1500 Streaming read speed: 3000 MB/s Streaming write speed: 1500 MB/s Storage space efficiency: 50% (36 TB) Fault tolerance: 1 per vdev, 6 total Again, we will examine the configuration from a visual perspective: Each vdev gets a block of data and ZFS writes that data to all of (or in this case, both of) the disks in the mirror. As long as we have at least one functional disk in each vdev, we can retrieve our rainbow. As before, the chain link icons denote the disks are part of a single vdev. This configuration emphasizes performance over raw capacity but doesn’t totally disregard fault tolerance as our striped pool did. It’s a very popular configuration for systems that need a lot of fast I/O. Let’s look at one more example configuration using four 3-way mirrors. We’ll skip the individual vdev performance calculation and go straight to the full pool: 4x 3-way mirror: Read IOPS: 3000 Write IOPS: 1000 Streaming read speed: 3000 MB/s Streaming write speed: 400 MB/s Storage space efficiency: 33% (24 TB) Fault tolerance: 2 per vdev, 8 total While we have sacrificed some write performance and capacity, the pool is now extremely fault tolerant. This configuration is probably not practical for most applications and it would make more sense to use lower fault tolerance and set up an offsite backup system. Striped and mirrored vdevs are fantastic for access speed performance, but they either leave you with no redundancy whatsoever or impose at least a 50% penalty on the total usable space of your pool. In the next post, we will cover RAIDZ, which lets you keep data redundancy without sacrificing as much storage space efficiency. We’ll also look at some example workload scenarios and decide which layout would be the best fit for each. ###2FA with ssh on OpenBSD Five years ago I wrote about using a yubikey on OpenBSD. The only problem with doing this is that there’s no validation server available on OpenBSD, so you need to use a different OTP slot for each machine. (You don’t want to risk a replay attack if someone succeeds in capturing an OTP on one machine, right?) Yubikey has two OTP slots per device, so you would need a yubikey for every two machines with which you’d like to use it. You could use a bastion—and use only one yubikey—but I don’t like the SPOF aspect of a bastion. YMMV. After I played with TOTP, I wanted to use them as a 2FA for ssh. At the time of writing, we can’t do that using only the tools in base. This article focuses on OpenBSD; if you use another operating system, here are two handy links. SEED CONFIGURATION The first thing we need to do is to install the software which will be used to verify the OTPs we submit. # pkgadd loginoath We need to create a secret - aka, the seed - that will be used to calculate the Time-based One-Time Passwords. We should make sure no one can read or change it. $ openssl rand -hex 20 > ~/.totp-key $ chmod 400 ~/.totp-key Now we have a hexadecimal key, but apps usually want a base32 secret. I initially wrote a small script to do the conversion. While writing this article, I took the opportunity to improve it. When I initially wrote this utility for my use, python-qrcode hadn’t yet been imported to the OpenBSD ports/packages system. It’s easy to install now, so let’s use it. Here’s the improved version. It will ask for the hex key and output the secret as a base32-encoded string, both with and without spacing so you can copy-paste it into your password manager or easily retype it. It will then ask for the information needed to generate a QR code. Adding our new OTP secret to any mobile app using the QR code will be super easy! SYSTEM CONFIGURATION We can now move to the configuration of the system to put our new TOTP to use. As you might guess, it’s going to be quite close to what we did with the yubikey. We need to tweak login.conf. Be careful and keep a root shell open at all times. The few times I broke my OpenBSD were because I messed with login.conf without showing enough care. SSHD CONFIGURATION Again, keeping a root shell around decreases the risk of losing access to the system and being locked outside. A good standard is to use PasswordAuthentication no and to use public key only. Except… have a guess what the P stands for in TOTP. Yes, congrats, you guessed it! We need to switch to PasswordAuthentication yes. However, if we made this change alone, sshd would then accept a public key OR a password (which are TOTP because of our login.conf). 2FA uses both at the same time. To inform sshd we intend to use both, we need to set AuthenticationMethods publickey,password. This way, the user trying to login will first need to perform the traditional publickey authentication. Once that’s done, ssh will prompt for a password and the user will need to submit a valid TOTP for the system. We could do this the other way around, but I think bots could try passwords, wasting resources. Evaluated in this order, failing to provide a public key leads to sshd immediately declining your attempt. IMPROVING SECURITY WITHOUT IMPACTING UX My phone has a long enough password that most of the time, I fail to type it correctly on the first try. Of course, if I had to unlock my phone, launch my TOTP app and use my keyboard to enter what I see on my phone’s screen, I would quickly disable 2FA. To find a balance, I have whitelisted certain IP addresses and users. If I connect from a particular IP address or as a specific user, I don’t want to go through 2FA. For some users, I might not even enable 2FA. To sum up, we covered how to create a seed, how to perform a hexadecimal to base32 conversion and how to create a QR code for mobile applications. We configured the login system with login.conf so that ssh authentication uses the TOTP login system, and we told sshd to ask for both the public key and the Time-based One-Time Password. Now you should be all set to use two-factor ssh authentication on OpenBSD! ##News Roundup How ZFS maintains file type information in directories As an aside in yesterday’s history of file type information being available in Unix directories, I mentioned that it was possible for a filesystem to support this even though its Unix didn’t. By supporting it, I mean that the filesystem maintains this information in its on disk format for directories, even though the rest of the kernel will never ask for it. This is what ZFS does. The easiest way to see that ZFS does this is to use zdb to dump a directory. I’m going to do this on an OmniOS machine, to make it more convincing, and it turns out that this has some interesting results. Since this is OmniOS, we don’t have the convenience of just naming a directory in zdb, so let’s find the root directory of a filesystem, starting from dnode 1 (as seen before). # zdb -dddd fs3-corestaff-01/h/281 1 Dataset [....] [...] microzap: 512 bytes, 4 entries [...] ROOT = 3 # zdb -dddd fs3-corestaff-01/h/281 3 Object lvl iblk dblk dsize lsize %full type 3 1 16K 1K 8K 1K 100.00 ZFS directory [...] microzap: 1024 bytes, 8 entries RESTORED = 4396504 (type: Directory) ckstst = 12017 (type: not specified) ckstst3 = 25069 (type: Directory) .demo-file = 5832188 (type: Regular File) .peergroup = 12590 (type: not specified) cks = 5 (type: not specified) cksimap1 = 5247832 (type: Directory) .diskuse = 12016 (type: not specified) ckstst2 = 12535 (type: not specified) This is actually an old filesystem (it dates from Solaris 10 and has been transferred around with ‘zfs send | zfs recv’ since then), but various home directories for real and test users have been created in it over time (you can probably guess which one is the oldest one). Sufficiently old directories and files have no file type information, but more recent ones have this information, including .demo-file, which I made just now so this would have an entry that was a regular file with type information. Once I dug into it, this turned out to be a change introduced (or activated) in ZFS filesystem version 2, which is described in ‘zfs upgrade -v’ as ‘enhanced directory entries’. As an actual change in (Open)Solaris, it dates from mid 2007, although I’m not sure what Solaris release it made it into. The upshot is that if you made your ZFS filesystem any time in the last decade, you’ll have this file type information in your directories. How ZFS stores this file type information is interesting and clever, especially when it comes to backwards compatibility. I’ll start by quoting the comment from zfs_znode.h: /* * The directory entry has the type (currently unused on * Solaris) in the top 4 bits, and the object number in * the low 48 bits. The "middle" 12 bits are unused. */ In yesterday’s entry I said that Unix directory entries need to store at least the filename and the inode number of the file. What ZFS is doing here is reusing the 64 bit field used for the ‘inode’ (the ZFS dnode number) to also store the file type, because it knows that object numbers have only a limited range. This also makes old directory entries compatible, by making type 0 (all 4 bits 0) mean ‘not specified’. Since old directory entries only stored the object number and the object number is 48 bits or less, the higher bits are guaranteed to be all zero. The reason this needed a new ZFS filesystem version is now clear. If you tried to read directory entries with file type information on a version of ZFS that didn’t know about them, the old version would likely see crazy (and non-existent) object numbers and nothing would work. In order to even read a ‘file type in directory entries’ filesystem, you need to know to only look at the low 48 bits of the object number field in directory entries. ###Everything old is new again Just because KDE4-era software has been deprecated by the KDE-FreeBSD team in the official ports-repository, doesn’t mean we don’t care for it while we still need to. KDE4 was released on January 11th, 2008 — I still have the T-shirt — which was a very different C++ world than what we now live in. Much of the code pre-dates the availability of C11 — certainly the availability of compilers with C11 support. The language has changed a great deal in those ten years since the original release. The platforms we run KDE code on have, too — FreeBSD 12 is a long way from the FreeBSD 6 or 7 that were current at release (although at the time, I was more into OpenSolaris). In particular, since then the FreeBSD world has switched over to Clang, and FreeBSD current is experimenting with Clang 7. So we’re seeing KDE4-era code being built, and running, on FreeBSD 12 with Clang 7. That’s a platform with a very different idea of what constitutes correct code, than what the code was originally written for. (Not quite as big a difference as Helio’s KDE1 efforts, though) So, while we’re counting down to removing KDE4 from the FreeBSD ports tree, we’re also going through and fixing it to work with Clang 7, which defaults to a newer C++ standard and which is quite picky about some things. Some time in the distant past, when pointers were integers and NULL was zero, there was some confusion about booleans. So there’s lots of code that does list.contains(element) > 0 … this must have been a trick before booleans were a supported type in all our compilers. In any case it breaks with Clang 7, since contains() returns a QBool which converts to a nullptr (when false) which isn’t comparable to the integer 0. Suffice to say I’ve spent more time reading KDE4-era code this month, than in the past two years. However, work is proceeding apace, so if you really really want to, you can still get your old-school kicks on a new platform. Because we care about packaging things right, even when we want to get rid of it. ###OpenBSD netcat demystified Owing to its versatile functionalities, netcat earns the reputation as “TCP/IP Swiss army knife”. For example, you can create a simple chat app using netcat: (1) Open a terminal and input following command: # nc -l 3003 This means a netcat process will listen on 3003 port in this machine (the IP address of current machine is 192.168.35.176). (2) Connect aforemontioned netcat process in another machine, and send a greeting: # nc 192.168.35.176 3003 hello Then in the first machine’s terminal, you will see the “hello” text: # nc -l 3003 hello A primitive chatroom is built successfully. Very cool! Isn’t it? I think many people can’t wait to explore more features of netcatnow. If you are among them, congratulations! This tutorial may be the correct place for you. In the following parts, I will delve into OpenBSD’s netcatcode to give a detailed anatomy of it. The reason of picking OpenBSD’s netcat rather than others’ is because its code repository is small (~2000 lines of code) and neat. Furthermore, I also hope this little book can assist you learn more socket programming knowledge not just grasping usage of netcat. We’re all set. Let’s go! ##Beastie Bits What’s in store for NetBSD 9.0 NetBSD machines at Open Source Conference 2018 Hiroshima nmctl adapted with limited privileges: nmctl-0.6.0 Submit Your Work: Check out SCALE 17x and FOSDEM ’19 CFPs OpenBSD 6.4 site is up! (with a partial list of new features) Using Alpine to Read Your Email on OpenBSD ##Feedback/Questions Morgan - Send/Receive to Manage Fragmentation? Ryan - ZFS and mmap Marcus - Linux Compat Ben - Multiple Pools Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

We have a long interview with fiction and non-fiction author Michael W. Lucas for you this week as well as questions from the audience. ##Headlines Interview - Michael W. Lucas - mwlucas@michaelwlucas.com / @mwlauthor BR: [Welcome Back] AJ: What have you been doing since last we talked to you [ed, ssh, and af3e] BR: Tell us more about AF3e AJ: How did the first Absolute FreeBSD come about? BR: Do you have anything special planned for MeetBSD? AJ: What are you working on now? [FM:Jails, Git sync Murder] BR: What are your plans for next year? AJ: How has SEMIBug been going? Auction at https://mwl.io Patreon Link: ##Feedback/Questions Paul - Recent bhyve related videos (daemon) Michael - freebsd-update question Sigflup - pkg file search Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Does infrastructure as code pave the way for repeatable, reliable, consistent and testable infrastructure? Join us as we found out. Kenneth, Kevin & Len are joined by Charlene Tshitoka from ThoughtWorks for a talk about infrastructure as code. Charlene has often gravitated towards the infrastructure of software projects, and after having worked on a distributed devops project she was propelled head first into thinking about infrastructure as code and how that can be leveraged to build more reliable infrastructure. "Infrastructure as code" is the combination of devops (automation, scaling, consistency) and software development best practices (versioning, modeling, testing, decoupling). Charlene shares from her broad experience of automating and controlling a diverse set of infrastructure with different teams and gives us a lot of good advice on how to think of infrastructure as code, and what the common pitfalls are the teams experience. This show is light on resources, and packed with fantastic insights and lessons! (Apologies for the varying audio quality, we experienced various technical difficulties whilst recording) Follow Charlene Tshitoka online: - https://twitter.com/charlymul Here are some resources mentioned during the show: * Domain Specific Languages (DSL) - https://en.wikipedia.org/wiki/Domain-specific_language * Chef - https://www.chef.io/ * Introduction to Chef Audit Mode - http://jtimberman.housepub.org/blog/2015/04/03/chef-audit-mode-introduction/ * Chef audit mode docs - https://docs.chef.io/analytics.html#audit-mode * Chef Test Kitchen - https://docs.chef.io/kitchen.html * Learn Chef - https://learn.chef.io/ * Netcat - http://nc110.sourceforge.net/ * Ansible - https://www.ansible.com/ * Jenkins - https://jenkins.io/ * Jenkins Delivery Pipelines - https://wiki.jenkins-ci.org/display/JENKINS/Delivery+Pipeline+Plugin * Jenkins Job Builder - http://docs.openstack.org/infra/jenkins-job-builder/ * Continuous Delivery - https://en.wikipedia.org/wiki/Continuous_delivery * Packer - https://www.packer.io/ * Serverspec - http://serverspec.org/ * Snow flake servers - http://martinfowler.com/bliki/SnowflakeServer.html * Vagrant - https://www.vagrantup.com/ * Blue-green deployments - http://martinfowler.com/bliki/BlueGreenDeployment.html * Docker - https://www.docker.com/ * Puppet - https://puppet.com/product/open-source-projects * GO.CD - https://www.go.cd/ * Bamboo - https://www.atlassian.com/software/bamboo And finally our picks Kevin: * Unit testing - http://martinfowler.com/bliki/UnitTest.html * Test first - http://www.extremeprogramming.org/rules/testfirst.html Kenneth: * AfrikaBurn - http://www.afrikaburn.com/ Charlene: "Look at your infrastructure as code and give it the same tender love & care as your normal production code." Thanks for listening! Stay in touch: * Socialize - https://twitter.com/zadevchat & http://facebook.com/ZADevChat/ * Suggestions and feedback - https://github.com/zadevchat/ping * Subscribe and rate in iTunes - http://bit.ly/zadevchat-itunes

Slides Here: https://defcon.org/images/defcon-22/dc-22-presentations/Balazs/DEFCON-22-Zoltan-Balazs-Bypass-firewalls-application-whitelists-in-20-seconds-UPDATED.pdf Bypass firewalls, application white lists, secure remote desktops under 20 seconds Zoltán Balázs CHIEF TECHNOLOGY OFFICER AT MRG EFFITAS In theory, post-exploitation after having remote access is easy. Also in theory, there is no difference between theory and practice. In practice, there is. Imagine a scenario, where you have deployed a malware on a user’s workstation, but the target information is on a secure server accessed via two-factor authentication, with screen access only (e.g. RDP, Citrix, etc.). On top of that, the server runs application white-listing, and only the inbound port to the screen server (e.g. 3389) is allowed through the hardware firewall. But you also need persistent interactive C&C communication (e.g. Netcat, Meterpreter, RAT) to this server through the user’s workstation. I developed (and will publish) two tools that help you in these situations. The first tool can drop malware to the server through the screen while the user is logged in. The second tool can help you to circumvent the hardware firewall after we can execute code on the server with admin privileges (using a signed kernel driver). My tools are generic meaning that they work against Windows server 2012 and Windows 8, and they work with RDP or other remote desktops. The number of problems you can solve with them are endless, e.g., communicating with bind-shell on webserver behind restricted DMZ. Beware, live demo and fun included! Zoltan (@zh4ck) is the Chief Technology Officer at MRG Effitas, a company focusing on AV testing. Before MRG Effitas, he worked for 5 years in the financial industry as an IT Security expert, and for 2 years as a senior IT security consultant at one of the Big Four companies. His main expertise areas are penetration testing, malware analysis, computer forensics and security monitoring. He released the Zombie browser tool, consisting of POC malicious browser extensions for Firefox, Chrome and Safari. He has been invited to present at information security conferences worldwide including Hacker Halted USA, OHM, Hacktivity, Ethical Hacking, Defcamp. He is a proud member of the gula.sh team, 2nd runner up at global Cyberlympics 2012 hacking competition.

Use this link and code JAVAJAB to get 20% off your registration for FluentConf 2013! Panel AJ O’Neal (twitter github blog) Merrick Christensen (twitter github) Joe Eames (twitter github blog) Jamison Dance (twitter github blog) Discussion 00:57 - What does it mean to be a “web developer” “T-shaped skills” 11:01 - Minumum level entry skills you need to become a web developer HTML CSS JSHint Jade less.js jquery 19:39 - CSS Jade 24:24 - Mid-Senior level skills you need to become a web developer Networking HTTP Wireshark Build systems node.js NoSQL Netcat MVC frameworks Preprocessers REST Picks Prime Workers (AJ) Adobe Illustrator (AJ) Vagrant (Merrick) Puppet (Merrick) Mountain West Ruby Conference (Jamison) TXJS (Jamison) Breeze.js (Joe) edge.js (Joe) 'Arrested Development' Comes Back On Netflix On May 26, So Get Extra Sleep Now: Linda Holmes (Joe) Intro to Networking with Netcat and NodeJS (AJ) Intro to HTTP with Netcat, Node, Connect (AJ) Next Week Marionette.js with Derick Bailey Transcript [Hosting and bandwidth provided by the Blue Box Group. Check them out at Bluebox.net.] [This episode is sponsored by Component One, makers of Wijmo. If you need stunning UI elements or awesome graphs and charts, then go to Wijmo.com and check them out.] JAMISON:  Hey guys and welcome to JavaScript Jabber. I’m your guest host today, Jamison Dance. Chuck is at Mount West Ruby Conference today and we have a bunch of panelists today. The first one is AJ O’Neal. AJ:  Yo! Yo! Yo! Coming at you as live as I can from Provo, Utah. JAMISON:  We’ve got Merrick Christensen. MERRICK:  What’s up? JAMISON:  And we’ve got Joe Eames. JOE:  Hey, how’s it going? JAMISON:  Today, we’re talking about just general web development skill sets, like what do you need to know to be a web developer? We should probably start off and define what a web developer is first because I think that it’s a really overloaded term. What do you guys think it means to be a ‘web developer’? I’m doing air quotes right now. JOE:  Merrick and I have had some conversations about this and it’s like I feel like his opinion of what a web developer is, is slightly different than mine. And maybe I’m coming more in line with what his definition is. So, I want to hear his first. MERRICK:  My definition? JOE:  Yeah, go. MERRICK:  So, one of the things that I see a lot of people saying as a web developer is people who come from traditional software engineering backgrounds and they come thinking that they can avoid HTML and CSS altogether. I think that’s a really dangerous approach because then you end up moving too much into JavaScript. And then, you have the opposite problem where people just don’t understand programming well and they end up with sort of jQuery spaghetti code. Which I think is okay for a lot of the brochure style sites, a lot of the maybe WordPress or content driven sites you can get by with just being really solid at HTML/CSS and then below average with JavaScript. But I think if you want to be a web application developer, you’re going to have to be solid on all three of those technologies, CSS, HTML, JavaScript and depending on the app that may include CSS preprocessors et cetera. JOE:  You said web application developer, right? MERRICK:  Yeah. I think there’s a difference. JOE:  Yeah, okay. For mine, one of the things that I feel like is I’m weak with CSS, right? And so, I kind of have this disdain about people that are like, “Oh, you don’t know CSS, huh? Well, that’s a problem.” And I want to say, “Well, yeah I’m not great with CSS.” I can tread water. But I can’t take a screen shot that some designer puts together in Illustrator and then turn it into a web page and feel like I’m doing it right. I always want to turn to an expert and say, “Hey, what do you think of this layout?

Use this link and code JAVAJAB to get 20% off your registration for FluentConf 2013! Panel AJ O’Neal (twitter github blog) Merrick Christensen (twitter github) Joe Eames (twitter github blog) Jamison Dance (twitter github blog) Discussion 00:57 - What does it mean to be a “web developer” “T-shaped skills” 11:01 - Minumum level entry skills you need to become a web developer HTML CSS JSHint Jade less.js jquery 19:39 - CSS Jade 24:24 - Mid-Senior level skills you need to become a web developer Networking HTTP Wireshark Build systems node.js NoSQL Netcat MVC frameworks Preprocessers REST Picks Prime Workers (AJ) Adobe Illustrator (AJ) Vagrant (Merrick) Puppet (Merrick) Mountain West Ruby Conference (Jamison) TXJS (Jamison) Breeze.js (Joe) edge.js (Joe) 'Arrested Development' Comes Back On Netflix On May 26, So Get Extra Sleep Now: Linda Holmes (Joe) Intro to Networking with Netcat and NodeJS (AJ) Intro to HTTP with Netcat, Node, Connect (AJ) Next Week Marionette.js with Derick Bailey Transcript [Hosting and bandwidth provided by the Blue Box Group. Check them out at Bluebox.net.] [This episode is sponsored by Component One, makers of Wijmo. If you need stunning UI elements or awesome graphs and charts, then go to Wijmo.com and check them out.] JAMISON:  Hey guys and welcome to JavaScript Jabber. I’m your guest host today, Jamison Dance. Chuck is at Mount West Ruby Conference today and we have a bunch of panelists today. The first one is AJ O’Neal. AJ:  Yo! Yo! Yo! Coming at you as live as I can from Provo, Utah. JAMISON:  We’ve got Merrick Christensen. MERRICK:  What’s up? JAMISON:  And we’ve got Joe Eames. JOE:  Hey, how’s it going? JAMISON:  Today, we’re talking about just general web development skill sets, like what do you need to know to be a web developer? We should probably start off and define what a web developer is first because I think that it’s a really overloaded term. What do you guys think it means to be a ‘web developer’? I’m doing air quotes right now. JOE:  Merrick and I have had some conversations about this and it’s like I feel like his opinion of what a web developer is, is slightly different than mine. And maybe I’m coming more in line with what his definition is. So, I want to hear his first. MERRICK:  My definition? JOE:  Yeah, go. MERRICK:  So, one of the things that I see a lot of people saying as a web developer is people who come from traditional software engineering backgrounds and they come thinking that they can avoid HTML and CSS altogether. I think that’s a really dangerous approach because then you end up moving too much into JavaScript. And then, you have the opposite problem where people just don’t understand programming well and they end up with sort of jQuery spaghetti code. Which I think is okay for a lot of the brochure style sites, a lot of the maybe WordPress or content driven sites you can get by with just being really solid at HTML/CSS and then below average with JavaScript. But I think if you want to be a web application developer, you’re going to have to be solid on all three of those technologies, CSS, HTML, JavaScript and depending on the app that may include CSS preprocessors et cetera. JOE:  You said web application developer, right? MERRICK:  Yeah. I think there’s a difference. JOE:  Yeah, okay. For mine, one of the things that I feel like is I’m weak with CSS, right? And so, I kind of have this disdain about people that are like, “Oh, you don’t know CSS, huh? Well, that’s a problem.” And I want to say, “Well, yeah I’m not great with CSS.” I can tread water. But I can’t take a screen shot that some designer puts together in Illustrator and then turn it into a web page and feel like I’m doing it right. I always want to turn to an expert and say, “Hey, what do you think of this layout?

Use this link and code JAVAJAB to get 20% off your registration for FluentConf 2013! Panel AJ O’Neal (twitter github blog) Merrick Christensen (twitter github) Joe Eames (twitter github blog) Jamison Dance (twitter github blog) Discussion 00:57 - What does it mean to be a “web developer” “T-shaped skills” 11:01 - Minumum level entry skills you need to become a web developer HTML CSS JSHint Jade less.js jquery 19:39 - CSS Jade 24:24 - Mid-Senior level skills you need to become a web developer Networking HTTP Wireshark Build systems node.js NoSQL Netcat MVC frameworks Preprocessers REST Picks Prime Workers (AJ) Adobe Illustrator (AJ) Vagrant (Merrick) Puppet (Merrick) Mountain West Ruby Conference (Jamison) TXJS (Jamison) Breeze.js (Joe) edge.js (Joe) 'Arrested Development' Comes Back On Netflix On May 26, So Get Extra Sleep Now: Linda Holmes (Joe) Intro to Networking with Netcat and NodeJS (AJ) Intro to HTTP with Netcat, Node, Connect (AJ) Next Week Marionette.js with Derick Bailey Transcript [Hosting and bandwidth provided by the Blue Box Group. Check them out at Bluebox.net.] [This episode is sponsored by Component One, makers of Wijmo. If you need stunning UI elements or awesome graphs and charts, then go to Wijmo.com and check them out.] JAMISON:  Hey guys and welcome to JavaScript Jabber. I’m your guest host today, Jamison Dance. Chuck is at Mount West Ruby Conference today and we have a bunch of panelists today. The first one is AJ O’Neal. AJ:  Yo! Yo! Yo! Coming at you as live as I can from Provo, Utah. JAMISON:  We’ve got Merrick Christensen. MERRICK:  What’s up? JAMISON:  And we’ve got Joe Eames. JOE:  Hey, how’s it going? JAMISON:  Today, we’re talking about just general web development skill sets, like what do you need to know to be a web developer? We should probably start off and define what a web developer is first because I think that it’s a really overloaded term. What do you guys think it means to be a ‘web developer’? I’m doing air quotes right now. JOE:  Merrick and I have had some conversations about this and it’s like I feel like his opinion of what a web developer is, is slightly different than mine. And maybe I’m coming more in line with what his definition is. So, I want to hear his first. MERRICK:  My definition? JOE:  Yeah, go. MERRICK:  So, one of the things that I see a lot of people saying as a web developer is people who come from traditional software engineering backgrounds and they come thinking that they can avoid HTML and CSS altogether. I think that’s a really dangerous approach because then you end up moving too much into JavaScript. And then, you have the opposite problem where people just don’t understand programming well and they end up with sort of jQuery spaghetti code. Which I think is okay for a lot of the brochure style sites, a lot of the maybe WordPress or content driven sites you can get by with just being really solid at HTML/CSS and then below average with JavaScript. But I think if you want to be a web application developer, you’re going to have to be solid on all three of those technologies, CSS, HTML, JavaScript and depending on the app that may include CSS preprocessors et cetera. JOE:  You said web application developer, right? MERRICK:  Yeah. I think there’s a difference. JOE:  Yeah, okay. For mine, one of the things that I feel like is I’m weak with CSS, right? And so, I kind of have this disdain about people that are like, “Oh, you don’t know CSS, huh? Well, that’s a problem.” And I want to say, “Well, yeah I’m not great with CSS.” I can tread water. But I can’t take a screen shot that some designer puts together in Illustrator and then turn it into a web page and feel like I’m doing it right. I always want to turn to an expert and say, “Hey, what do you think of this layout?