I'm a big fan of Patrick Wardle's free mac utilities but I noticed something odd
about LuLu recently. It seems that it only filters egress traffic when LuLu.app
is running. Since it normally runs as the local user rather than root, this
makes it somewhat trivial for malware to defeat as it can simply kill the
process and then connect to whatever it wants.
For some time I've been using a hand-rolled solution for touchID over ssh which
I previously blogged about. Up until recently it's been a somewhat
loosely-compiled scattering of config that wasn't really in a releasable form
but with a pending security talk on the horizon I thought it would be worth
tidying it up and making it releasable so I could mention it in my talk.
Egress filtering is an immensely powerful security control but it's not so
straightforward to do it well. If any malware manages to execute on your system
one of the first things it's likely going to try to do is call home and
establish a C2 channel. With effective egress filtering you can break this link
in the attack chain and stop it dead in its tracks.
10 Feb 2022 05:48 | security
It's been a while since I've blogged so I thought I'd get back into it with some
security stuff. My dayjob has had a very heavy security focus for the last 3
years and it's infected my personal life too such that I'm now even more
obsessed with security than I was before.
I recently wrote a first draft of a Linux server hardening guide: