Running a web server on FreeBSD inside a jail Jun 27 2020

Creating a jailed web server is a fun exercise to learn how about jails. If you are reading this post, you are probably already convinced of the benefits of running your services inside jails. A jailed service provides additional security by restricting the jailed environment to access only to its perceived root directory. We can run many services in the same host, and we could isolate them to their own jailed environment. Another useful trait of jails is dependency segregation. We can run different jails that depend on different versions of the same libraries or programs, without causing problems between them. Each jail will have its own userland. In this post, we are going to explore how to run a service inside a jail. We are going to use Nginx as an example, but you can take what you learned in the post and apply it to your specific case.

WWDC20 Interesting videos list Jun 26 2020

Here is the list of the videos I’m looking forward for the 2020 WWDC. I might add notes/comments later when I have seen them all.

Swift and Objective-C

• What’s new in Swift - Watch this one first if you want to see a general overview of what to expect from Swift 5.3. Other WWDC20 sesisons expand on the topics covered in this session.

  Read More...

Notes on FreeBSD UFS partition schema Jun 1 2020

Sometimes deciding on a partition schema could be a confusing, here are my notes on partitioning a GPT disk. I hope you find them useful.

I will advice creating a virtual machine using FreeBSD and take it for a spin. It would be nice if we had lots of physical devices we could work with to gain more experience, but a virtual machine will do.

Before we begin, make sure you have a copy of FreeBSD. You can download it from here. My architecture is amd64 so that’s what I’ll use.

Using the script command to record a terminal session May 25 2020

When working on the command-line, I sometimes would like to record what I was doing to extract the exact message a script returned without having to rerun all the commands. Similarly, when I’m trying to report an error to a coworker and want to show precisely what I did. All of this can be achieved by using script(1). The script command allows us to record the terminal session, including output and input to a file for later analysis. It is handy, so in this note, I’ll show you how I usually use it.

Migrating an old JavaScript codebase to modern JavaScript May 18 2020

We get excited about starting a new project. It allows us to use new technologies, and we don’t have to worry about being compatible with any old code. In reality, most of the work we do is maintenance. And I do believe, that working with legacy code requires more skills and creativity than starting a new project from scratch with zero limitations.

Whatever the case might be, refactoring JavaScript code to modern JavaScript is challenging. In this post, we are going to visit many aspects of the process of bringing our old JavaScript code to modern JavaScript.

Compiling a custom FreeBSD kernel for Parallels VirtualMachine May 13 2020

I use Parallels on macOS to spin virtual machines for learning purposes. Lately, I’ve been interested in FreeBSD, so I wanted to create a slimmed-down version of the FreeBSD Kernel for my VM. And that is the topic of this post, how to create a custom FreeBSD Kernel for a Parallels virtual machine. It is not limited to Parallels tho. You can easily use the content of this note to build any custom Kernel.

Changing blog path in Middleman May 6 2020

I use Middleman as my Static Site Generator, I have two “blogs” in my site:

• blog - contains more lengthy and detailed articles.
• til - contains short entries that I use as a reference, and not necessarily a full well-researched article.

When I created the TIL blog I wanted it to be my repository of small notes for things I learned that day (hence the name Today I Learned).

Naming is important, and the TIL has prevented me from posting short pieces on my site because it’s not something I “learned today”. So I decided Notes would be a better name.

Extracting entitlements from process memory using LLDB Mar 30 2020

One of the first steps we take when analysing a macOS (or *OS) app is to go through the entitlements to extract useful information. Usually, we search for the entitlements embedded in the application binary using codesign(1) in our Static Analysis phase. But we could also obtain the entitlements in our Dynamic Analysis phase. As you might have noticed, I like using LLDB as my dynamic analysis tool. In this post, I’m going to share how to extract the entitlements from a binary during our dynamic analysis using LLDB.

Scanning a process' memory using LLDB Mar 23 2020

When performing dynamic analysis, a useful source of information is examining the process’ memory for specific patterns. For example, imagine we would like to obtain information about the current process’ code signature. To get this information, we could search for the specific magic ( CSMAGIC_EMBEDDED_SIGNATURE - 0xfade0cc0 you can verify it in codesign.h), and obtain where that structure is kept in memory. In this post, I’ll show you how to use the Python API provided by the lldb debugger to scan a process’ memory for patterns.

Resigning iOS apps from an IPA for mobile security research Feb 7 2020

When we are asked to perform a black-box security analysis on an iOS app, depending on the scope, we might only have access to the iOS app from the AppStore. But most of the time, the client would give us an IPA. In a black-box analysis, we won’t get access to the source code, so deploying it through Xcode to a Device for testing might be out of the question. One possible solution is to resign the app with a profile that we own and deploy it to our test device. In this post, I’ll explain how to re-sign an iOS app so we can generate an IPA that we can deploy to our test device.