MemGuard – Secure Software Enclave For Storage Of Sensitive Information In Memory

Secure software enclave for storage of sensitive information in memory.This package attempts to reduce the likelihood of sensitive data being exposed. It supports all major operating systems and is written in pure Go.FeaturesSensitive data is encrypted and authenticated in memory using xSalsa20 and Poly1305 respectively. The scheme also defends against cold-boot attacks.Memory allocation bypasses the language runtime by using system calls to query the kernel for resources directly. This avoids interference from the garbage-collector.Buffers that store plaintext data are fortified with guard pages and canary values to detect spurious accesses and overflows.Effort is taken to prevent sensitive data from touching the disk. This includes locking memory to prevent swapping and handling core dumps.Kernel-level immutability is implemented so that attempted modification of protected regions results in an access violation.Multiple endpoints provide session purging and safe termination capabilities as well as signal handling to prevent remnant data being left behind.Side-channel attacks are mitigated against by making sure that the copying and comparison of data is done in constant-time.Accidental memory leaks are mitigated against by harnessing the garbage-collector to automatically destroy containers that have become unreachable.Some features were inspired by libsodium, so credits to them.Full documentation and a complete overview of the API can be found here. Interesting and useful code samples can be found within the examples subpackage.Installation$ go get github.com/awnumar/memguardWe strongly encourage you to pin a specific version for a clean and reliable build. This can be accomplished using modules.ContributingUsing the package and identifying points of friction.Reading the source code and looking for improvements.Adding interesting and useful program samples to ./examples.Developing Proof-of-Concept attacks and mitigations.Improving compatibility with more kernels and architectures.Implementing kernel-specific and cpu-specific protections.Writing useful security and crypto libraries that utilise memguard.Submitting performance improvements or benchmarking code.Issues are for reporting bugs and for discussion on proposals. Pull requests should be made against master.Future goalsAbility to stream data to and from encrypted enclave objects.Catch segmentation faults to wipe memory before crashing.Evaluate and improve the strategies in place, particularly for Coffer objects.Formalise a threat model and evaluate our performance in regards to it.Use lessons learned to apply patches upstream to the Go language and runtime.Download Memguard

Link: http://www.kitploit.com/2019/08/memguard-secure-software-enclave-for.html

Parrot Security 4.7 – Security GNU/Linux Distribution Designed with Cloud Pentesting and IoT Security in Mind

Parrot is a GNU/Linux distribution based on Debian Testing and designed with Security, Development and Privacy in mind.It includes a full portable laboratory for security and digital forensics experts, but it also includes all you need to develop your own software or protect your privacy while surfing the net.DocumentationUser GuideGetting Started Using Parrot Troubleshooting Infrastructure ZoneCDN Speedtest Parrot’s Network Map Developer zoneDeveloper Portal Developer Documentation Side projectsAenigma Federated XMPP Server LibreFiber                 Download Parrot Security 4.7

Link: http://feedproxy.google.com/~r/PentestTools/~3/Wi8FqE6jjoM/parrot-security-47-security-gnulinux.html

Cryptr – A Simple Shell Utility For Encrypting And Decrypting Files Using OpenSSL

A simple shell utility for encrypting and decrypting files using OpenSSL.Installationgit clone https://github.com/nodesocket/cryptr.gitln -s “$PWD"/cryptr/cryptr.bash /usr/local/bin/cryptrBash tab completionAdd tools/cryptr-bash-completion.bash to your tab completion file directory.API/Commandsencryptencrypt – Encryptes file with OpenSSL AES-256 cipher block chaining. Writes an encrypted file out (ciphertext) appending .aes extension.➜ cryptr encrypt ./secret-fileenter aes-256-cbc encryption password:Verifying – enter aes-256-cbc encryption password:➜ ls -alh-rw-r–r– 1 user group 1.0G Oct 1 13:33 secret-file-rw-r–r– 1 user group 1.0G Oct 1 13:34 secret-file.aesYou may optionally define the password to use when encrypting using the CRYPTR_PASSWORD environment variable. This enables non-interactive/batch operations.➜ CRYPTR_PASSWORD=A1EO7S9SsQYcPChOr47n cryptr encrypt ./secret-filedecryptdecrypt <file.aes> – Decrypt encrypted file using OpenSSL AES-256 cipher block chaining. Writes a decrypted file out (plaintext) removing .aes extension.➜ ls -alh-rw-r–r– 1 user group 1.0G Oct 1 13:34 secret-file.aes➜ cryptr decrypt ./secret-file.aesenter aes-256-cbc decryption password:➜ ls -alh-rw-r–r– 1 user group 1.0G Oct 1 13:35 secret-file-rw-r–r– 1 user group 1.0G Oct 1 13:34 secret-file.aesYou may optionally define the password to use when decrypting using the CRYPTR_PASSWORD environment variable. This enables non-interactive/batch operations.➜ CRYPTR_PASSWORD=A1EO7S9SsQYcPChOr47n cryptr decrypt ./secret-file.aeshelphelp – Displays help➜ cryptr helpUsage: cryptr command <command-specific-options> encrypt <file> Encrypt file decrypt <file.aes> Decrypt encrypted file help Displays help version Displays the current versionversionversion – Displays the current version➜ cryptr versioncryptr 2.1.1defaultdefault – Displays the current version and help➜ cryptrcryptr 2.1.1Usage: cryptr command <command-specific-options> encrypt <file> Encrypt file decrypt <file.aes> Decrypt encrypted file help Displays help version Displays the current versionChangeloghttps://github.com/nodesocket/cryptr/blob/master/CHANGELOG.mdSupport, Bugs, And Feature RequestsCreate issues here in GitHub (https://github.com/nodesocket/cryptr/issues).VersioningFor transparency and insight into the release cycle, and for striving to maintain backward compatibility, cryptr will be maintained under the semantic versioning guidelines.Releases will be numbered with the follow format:<major>.<minor>.<patch>And constructed with the following guidelines:Breaking backward compatibility bumps the major (and resets the minor and patch)New additions without breaking backward compatibility bumps the minor (and resets the patch)Bug fixes and misc changes bumps the patchFor more information on semantic versioning, visit http://semver.org/.Download Cryptr

Link: http://feedproxy.google.com/~r/PentestTools/~3/NXXuaKDq9VY/cryptr-simple-shell-utility-for.html