Media is too big
VIEW IN TELEGRAM
Know Thy Enemy: The Taxonomies That Meta Uses to Map the Offensive Privacy Space
This talk introduces and examines privacy-inclusive taxonomies Meta has developed and uses to track privacy weaknesses, enumerate privacy adversarial TTPs, deconflict privacy and security efforts, and scale detection and remediation efforts. Taxonomies, such as #MITRE's #CVE, #CAPEC, and #ATT&CK® #frameworks, have long been used to track and understand cybersecurity weaknesses and the tactics of cyber adversaries. These taxonomies help #organizations stay abreast of trends, guide software development best practices, and pinpoint the most effective remediation and detection strategies to common #cybersecurity issues. As the field of offensive privacy matures, organizations require similar taxonomies to understand #privacy threats and align efforts across #security and privacy teams....
By: Zach Miller , David Renardy
Full Abstract and Presentation Materials
This talk introduces and examines privacy-inclusive taxonomies Meta has developed and uses to track privacy weaknesses, enumerate privacy adversarial TTPs, deconflict privacy and security efforts, and scale detection and remediation efforts. Taxonomies, such as #MITRE's #CVE, #CAPEC, and #ATT&CK® #frameworks, have long been used to track and understand cybersecurity weaknesses and the tactics of cyber adversaries. These taxonomies help #organizations stay abreast of trends, guide software development best practices, and pinpoint the most effective remediation and detection strategies to common #cybersecurity issues. As the field of offensive privacy matures, organizations require similar taxonomies to understand #privacy threats and align efforts across #security and privacy teams....
By: Zach Miller , David Renardy
Full Abstract and Presentation Materials
Forwarded from Pegasus NSO & other spyware
Bypassing the “run-as” debuggability check on Android via newline injection | Meta Red Team X –
#Infosec #Vulnerabilities #CVE #Android #ADB
An attacker with ADB access to an Android device can trick the “run-as” tool into believing any app is debuggable. By doing so, they can read and write private data and invoke system APIs as if they were most apps on the system—including many privileged apps, but not ones that run as the system user. Furthermore, they can achieve persistent code execution as Google Mobile Services (GMS) or as apps that use its SDKs by altering executable code that GMS caches in its data directory.
Google assigned the issue CVE-2024-0044 and fixed it in the March 2024 Android Security Bulletin, which becomes public today. Most device manufacturers received an advance copy of the Bulletin a month ago and have already prepared updates that include its fixes.#Infosec #Vulnerabilities #CVE #Android #ADB
cKure
■■■■■ Zero-Day: CVE-2024-11477: 7-Zip Vulnerability Allows Remote Code Execution. https://securityonline.info/cve-2024-11477-7-zip-vulnerability-allows-remote-code-execution-update-now/
YouTube
i dove down the 7z rabbit hole (it goes deep)
The rabbit hole I went down to make this video was amazing. I learned a ton about the 7z code base, software fuzzing, and maybe even myself.
Go checkout docker scout~ https://dockr.ly/4g4UdDJ
🏫 COURSES 🏫 Learn to code in C at https://lowlevel.academy
🔥…
Go checkout docker scout~ https://dockr.ly/4g4UdDJ
🏫 COURSES 🏫 Learn to code in C at https://lowlevel.academy
🔥…
Forwarded from 0•Bytes•1
Welcome to my Alice tea party! 🫖🎀
I decided to write a series of short posts about secure operating systems 🖥🐧
Today, we'll take a look at Whonix and find out if it's as good and anonymous as people say.Spoiler alert: no, it's not.
Let me clarify right away: Whonix is not a full-fledged operating system, but a tool for anonymity that can work independently or as a router in Qubes OS. In this article, I will focus on analyzing how it works as a standalone system
How does Whonix work?🧩
Whonix is built on two virtual machines: Whonix-Gateway and Whonix-Workstation. Gateway configures and routes all your traffic through the Tor network. Workstation is your workplace. If you want to dig deeper, check out their documentation.
Problems with Whonix 🔓
Now to the point: why Whonix isn't really necessary. Let's start with Gateway. It's just Debian with Tor pre-installed and a bunch of scripts that redirect traffic through Tor. Everything is tied to the configuration in the settings file and iptables rules. Cool? Not really. Plus, Whonix drags along old Debian, where packages are updated once in a blue moon.
Whonix positions itself as super protection against leaks, but if you don't understand what you're doing, no virtual machine will save you. For example, if you run a browser with JavaScript or download files and then open them outside of Workstation, your anonymity is gone.
By the way, Whonix can only be run without problems on VirtualBox. You may argue that there are versions for KVM/QEMU on their website. But that's where the problems begin. If you take Whonix for KVM, you won't be able to install it just like that — you need to edit the configuration, and there are no detailed instructions on how to do this anywhere. With VirtualBox, however, there are no such problems — everything works out of the box.
But what's wrong with VirtualBox?🪤
Besides the fact that it is significantly slower than KVM. In March 2025, a vulnerability CVE-2025-30712 with a rating of 8.1 appeared in Virtualbox. It allows an attacker with access to the host system to perform a VM escape, i.e., to get out of the virtual machine onto your main computer🫠. Proof-of-concept is already circulating on the network, and exploitation is easier than it seems. If the host is compromised, all your anonymity goes down the drain, and your real IP or other data may leak.
How to make an analogue of Whunix Gateway? ⚙️
But there is another way. The Gateway model itself is not bad. But you can create a machine with it yourself without Whunix, using a minimalist Linux (such as Gentoo or even FreeBSD instead of Linux). Then configure Tor directly. After all, Gateway is just a wrapper around the standard Tor and iptables settings, which can be found on Google in five minutes. Now add the iptables you found and DNSPort to the Tor config so that DNS requests also go through Tor, and that's it. This takes up less space and reduces the attack surface.
Conclusion
To be fair, Whonix isn't always bad. But it can be useful in conjunction with Qubes OS (where it runs in KVM, by the way), which has additional security mechanisms, such as domain isolation, that enhance security. But apart from Qubes, Whonix is pretty pointless. You might think it's suitable for those who don't want to bother with configuring Tor, but that's not the case. To run Whonix on a decent VM, such as KVM, you'll have to go through just as much trouble.
The bottom line is simple: Whonix is not a super-anonymous OS, but a tool that complicates life more than it protects it💊
I hope you found this useful.❤️✨ If you wish, you can explore the topic yourself by reading research and testing the system.
Here are some good articles about Whonix:
THESIS.pdf — here is an overview of anonymous operating systems, including Whonix.
Whonix and Tor Limitations — about the shortcomings of Whonix and Tor.
JOSH Article — analysis of Whonix limitations.
#anonymity #linux #whunix #cve #anonymity_os #tor #security
I decided to write a series of short posts about secure operating systems 🖥
Today, we'll take a look at Whonix and find out if it's as good and anonymous as people say.
Let me clarify right away: Whonix is not a full-fledged operating system, but a tool for anonymity that can work independently or as a router in Qubes OS. In this article, I will focus on analyzing how it works as a standalone system
How does Whonix work?🧩
Whonix is built on two virtual machines: Whonix-Gateway and Whonix-Workstation. Gateway configures and routes all your traffic through the Tor network. Workstation is your workplace. If you want to dig deeper, check out their documentation.
Problems with Whonix 🔓
Now to the point: why Whonix isn't really necessary. Let's start with Gateway. It's just Debian with Tor pre-installed and a bunch of scripts that redirect traffic through Tor. Everything is tied to the configuration in the settings file and iptables rules. Cool? Not really. Plus, Whonix drags along old Debian, where packages are updated once in a blue moon.
Whonix positions itself as super protection against leaks, but if you don't understand what you're doing, no virtual machine will save you. For example, if you run a browser with JavaScript or download files and then open them outside of Workstation, your anonymity is gone.
By the way, Whonix can only be run without problems on VirtualBox. You may argue that there are versions for KVM/QEMU on their website. But that's where the problems begin. If you take Whonix for KVM, you won't be able to install it just like that — you need to edit the configuration, and there are no detailed instructions on how to do this anywhere. With VirtualBox, however, there are no such problems — everything works out of the box.
But what's wrong with VirtualBox?🪤
Besides the fact that it is significantly slower than KVM. In March 2025, a vulnerability CVE-2025-30712 with a rating of 8.1 appeared in Virtualbox. It allows an attacker with access to the host system to perform a VM escape, i.e., to get out of the virtual machine onto your main computer🫠. Proof-of-concept is already circulating on the network, and exploitation is easier than it seems. If the host is compromised, all your anonymity goes down the drain, and your real IP or other data may leak.
How to make an analogue of Whunix Gateway? ⚙️
But there is another way. The Gateway model itself is not bad. But you can create a machine with it yourself without Whunix, using a minimalist Linux (such as Gentoo or even FreeBSD instead of Linux). Then configure Tor directly. After all, Gateway is just a wrapper around the standard Tor and iptables settings, which can be found on Google in five minutes. Now add the iptables you found and DNSPort to the Tor config so that DNS requests also go through Tor, and that's it. This takes up less space and reduces the attack surface.
Conclusion
To be fair, Whonix isn't always bad. But it can be useful in conjunction with Qubes OS (where it runs in KVM, by the way), which has additional security mechanisms, such as domain isolation, that enhance security. But apart from Qubes, Whonix is pretty pointless. You might think it's suitable for those who don't want to bother with configuring Tor, but that's not the case. To run Whonix on a decent VM, such as KVM, you'll have to go through just as much trouble.
The bottom line is simple: Whonix is not a super-anonymous OS, but a tool that complicates life more than it protects it
I hope you found this useful.❤️✨ If you wish, you can explore the topic yourself by reading research and testing the system.
Here are some good articles about Whonix:
THESIS.pdf — here is an overview of anonymous operating systems, including Whonix.
Whonix and Tor Limitations — about the shortcomings of Whonix and Tor.
JOSH Article — analysis of Whonix limitations.
#anonymity #linux #whunix #cve #anonymity_os #tor #security
Please open Telegram to view this post
VIEW IN TELEGRAM
Whonix
Whonix Documentation
A Crash Course in Anonymity and Security on the Internet.