hardenedvault Profile
hardenedvault

@hardenedvault

Followers
189
Following
20
Media
20
Statuses
139

Web3 infrastructure security of infrastructures. Below-OS, Trusted/confidential computing, Zero-knowledge proof, runtime protection, machine's privacy, etc

Joined July 2019
Don't wanna be here? Send us removal request.
@hardenedvault
hardenedvault
@hardenedvault
3 months
Github/M$ has disabled access to the legacy LKM rootkit Reptile repository used by Vault Range. We’re migrating the code repo to @codeberg_org Sorry for any inconvenience. Happy hacking!.
Tweet card summary image
codeberg.org
LKM rootkit for testing/educational purposes on Vault Range
0
2
5
@hardenedvault
hardenedvault
@hardenedvault
4 months
Our mitigation proposal about measurement of MRC cache against BadRAM has been merged in coreboot:
Tweet card summary image
github.com
MRC cache used to be measured as runtime data when it was resided in CBFS before commit 82aa8338c74 ("drivers/mrc_cache: Always generate an FMAP region"). This patch will restore ...
0
1
1
@hardenedvault
hardenedvault
@hardenedvault
4 months
Vaultboot is soon to be adapted for embedded devices featuring boot firmware that includes BSP blobs for BL2 and BL31. The latest version:
Tweet card summary image
github.com
* Add an option to measure kernel, modules, and cmdline into tpm * Make verification of boot config signature optional, with an exemplar target * Use openssl(1) to deal with password in tpm2_seal...
0
0
0
@hardenedvault
hardenedvault
@hardenedvault
5 months
Self-protection.
Tweet media one
0
0
4
@hardenedvault
hardenedvault
@hardenedvault
6 months
HOWTO: build ATF (Trusted Firmware ARM) and OPTEE for RK3588 #atf #optee.
hardenedvault.net
HOWTO: build ATF (Trusted Firmware ARM) and OPTEE for RK3588 To better implement the protection of digital assets in embedded systems, we have chosen the RK3588 as the prototype platform.
0
3
5
@hardenedvault
hardenedvault
@hardenedvault
9 months
Our mitigation proposal for coreboot: measurement of MRC cache against SPD metadata tampering. #coreboot #spd #badram.
0
2
5
@hardenedvault
hardenedvault
@hardenedvault
10 months
OpenBMC Remote OS Deployment: A Simplified Approach
hardenedvault.net
OpenBMC Remote OS Deployment: A Simplified Approach Many BMC implementations can accept a disk image and present it as a read-only USB mass storage device inserted into the host machine, allowing the...
0
3
1
@hardenedvault
hardenedvault
@hardenedvault
10 months
SimpleX low-level protocol analysis.
hardenedvault.net
Background The SimpleX Chat Protocol is utilized by SimpleX Chat clients for message exchange.
0
0
0
@hardenedvault
hardenedvault
@hardenedvault
11 months
#rfc6979 #dsa.
hardenedvault.net
Background The original implementation of DSA-type signature algorithms (including ECDSA) requires a random number that belongs to the same type of mathematical object as the private key (an element...
0
0
0
@hardenedvault
hardenedvault
@hardenedvault
11 months
Tweet card summary image
github.com
Project Vault Range PoC: Know your enemy and yourself to build better defense-in-depth solution! - hardenedvault/vault_range_poc
0
0
1
@hardenedvault
hardenedvault
@hardenedvault
11 months
Tweet card summary image
github.com
Project Vault Range PoC: Know your enemy and yourself to build better defense-in-depth solution! - hardenedvault/vault_range_poc
0
0
0
@hardenedvault
hardenedvault
@hardenedvault
11 months
We dropped off a new Vault-Range Image V with Reptile Linux rootkit:
hardenedvault.net
Disclaimer VED (Vault Exploit Defense) test image contains only the VED kernel module, and does not contain any security baselines, access control policies and situational hardening solution.
0
0
0
@hardenedvault
hardenedvault
@hardenedvault
1 year
SLUBStick risk assessment for embedded systems.#slubstick #embedded #linux #mitigation.
hardenedvault.net
SLUBStick risk assessment for embedded systems The Linux kernel is susceptible to memory safety vulnerabilities due to its size and complexity.
0
1
0
@hardenedvault
hardenedvault
@hardenedvault
1 year
Unfortunately, VED can only sabotage the PoC with SLUBStick partially when it's targeting the specific data structure like msg_msg. #slubstick #kernel
Tweet media one
0
0
1
@hardenedvault
hardenedvault
@hardenedvault
1 year
Demystifying SFTP
hardenedvault.net
Introduction SFTP is an auxiliary protocol of SSH that allows file transfer between two hosts over the SSH protocol.
0
0
0
@hardenedvault
hardenedvault
@hardenedvault
1 year
hardenedvault.net
Hardened Linux Canonical released Ubuntu 24.04 LTS, bringing comprehensive upgrades to the free and open-source software components recently.
1
1
2
@hardenedvault
hardenedvault
@hardenedvault
1 year
Vault-Range Image IV with Reptile Linux rootkit has been uploaded.
hardenedvault.net
Disclaimer VED (Vault Exploit Defense) test image contains only the VED kernel module, and does not contain any security baselines, access control policies and situational hardening solution.
0
0
1
@hardenedvault
hardenedvault
@hardenedvault
1 year
xz/liblzma Backdoor: Open Source Nuke? Maybe Not That Bad! #xz #liblzma #backdoor #mitigation.
hardenedvault.net
xz/liblzma Backdoor: Open Source Nuke? Maybe Not That Bad! Story Background On March 29, 2024, a report exposing a backdoor in the upstream source code of the controversial open-source project, the...
0
1
2
@hardenedvault
hardenedvault
@hardenedvault
1 year
Supermicro x11ssh-F OpenBMC Porting (WIP) #openbmc.
hardenedvault.net
Supermicro x11ssh-F OpenBMC Porting (WIP) Introduction to BMC and OpenBMC BMC, short for Baseboard Management Controller, is a specialized microcontroller embedded in certain computers, typically...
0
1
2
@hardenedvault
hardenedvault
@hardenedvault
2 years
The VED-LTS for arm64 has recently added support for Linux kernel v6.2. This update is now available on the latest Ubuntu 22.04 LTS for AWS user.
0
1
1