this post was submitted on 20 Jan 2025
20 points (95.5% liked)
Cybersecurity
5995 readers
108 users here now
c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.
THE RULES
Instance Rules
- Be respectful. Everyone should feel welcome here.
- No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
- No Ads / Spamming.
- No pornography.
Community Rules
- Idk, keep it semi-professional?
- Nothing illegal. We're all ethical here.
- Rules will be added/redefined as necessary.
If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.
Learn about hacking
Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected]
Notable mention to [email protected]
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
If im to noob to unterstand how to actually
"employ robust application control to block malicious libraries and payloads used in Dynamic Linker. Implement behavior-based endpoint detection to identify and prevent process injection activities." And "also implement strict access controls, limiting administrative access,"
Because I don't really know what this means, what should I do?
Is there a step by step guide somewhere?
Firstly, this blog is mostly SEO spam and is probably one of the worst written articles I've ever seen. The article itself is more keywords than content. Even the headline is garbage, persisting after reboots is a normal feature of almost all most malware types, including rootkits. In fact, I'd say a lot of cybersecurity blogs are like this, hyping up mundane malware that presents no special threat for the clicks.
But I'll break this down anyways.
The first bit about the dynamic linker, means doing things like restricting the files an app has access to, in order to prevent manipulation of how code libraries and modules are loaded, in order to prevent the injection of a malicious library. This can be done within the system, and often is by default, like how sudo refuses to load libraries it doesn't like.
The second bit is literally just recommending you require a password to do admin things. Of course, there's a lot more nuance to it. Access controls, controlling what user on a system has access to what can become a lot more fine grained, but for the kinds of malware that these articles report on, an admin password will stop them.
Thanks for the breakdown. I ofc use a root pwd different from my user PW (with sudo privileges) and often use appimages, as they don't require privileges at all to my understanding. I do run a few binaries though, as for example for team speak or corectl they are the only ones that work for me.
How would I go about restricting the files a program can access? Make a whole new user just for that program, put "run as this user" in the .desktop file an manually set read/write permissions for every single file on the system?
This seems unpractical. Is there a best practise guide? Do I need to get into apparmor and stuff?