Xe1phix
##\_____________________Overview____________________/##
## [+] Enabling AppArmor at boot time In the GRUB
## [+] Check if SecurityFS is mounted:
## [+] Mount the AppArmor securityfs filesystem:
## [+] apparmor_parser - loads AppArmor profiles into the kernel
## [+] aa-complain - set an AppArmor profile to complain mode
## [+] aa-enforce - set an AppArmor profile to enforce mode
## [+] Enforce the Firejail AppArmor profile:
## [+] Enforce all of the AppArmor profiles in /etc/apparmor.d/
## [+] aa-status - report the current state of AppArmor confinement
## [+] Enable debug mode:
## [+] Enable Audit mode
## ----------------------------------------------------------------------------------------------------- ##
## ---------------------------- ##
## [?] References:
## ---------------------------- ##
https://wiki.archlinux.org/title/AppArmor
https://www.parrotsec.org/docs/apparmor.html
## ------------------------------------ ##
## [?] YouTube URL:
## ------------------------------------ ##
https://www.youtube.com/watch?v=6gegHJYXOcc
## ------------------------------------ ##
## [?] Archive.org URL:
## ------------------------------------ ##
https://archive.org/details/xe-1phix-apparmor
## ------------------------------------ ##
## [?] Bitchute URL:
## ------------------------------------ ##
https://www.bitchute.com/video/tzlVYARXqALE/
## -------------------------------------- ##
## [?] Libre.video URL:
## -------------------------------------- ##
https://libre.video/videos/watch/587a6404-a945-4f14-9792-8484358eb784
## Downloading Debian ISOs - Using Jigdo + Verifying Integrity
## Part 1 - Trusting Debian GnuPG Signing Keys
## About Jigdo
https://www.debian.org/CD/faq/#why-jigdo
## Debian Jigdo Archive:
https://cdimage.debian.org/debian-cd/current/amd64/jigdo-dvd/
## Here is A Script With All The Commands Needed:
https://gitlab.com/xe1phix/ParrotSecWiki/blob/InfoSecTalk/Xe1phix-JigDo.sh
## Verifying Authenticity of Debian CDs
https://www.debian.org/CD/verify
## Debian Archive Signing Keys
https://ftp-master.debian.org/keys.html
## Simple HowTo On Using Jigdo:
http://www.tldp.org/HOWTO/Debian-Jigdo/
## Archive.org URL:
https://archive.org/details/DownloadingDebianISOsUsingJigdoVerifyingIntegrityAtEveryStep
## YouTube URL:
https://www.youtube.com/watch?v=OuX4G8qtfI8&t=78s
Open video files (mp4,avi, etc)
using MPV media player inside of a Firejail sandbox
Executing the process in a secure, Seccomp & eBPF filtered container.
The process is spawned Inside of an isolated | mount | user | PID | IPC | namespace.
The network is quarantined using network namespace isolation.
## Syntax ran to launch MPV in a Firejail sandbox:
firejail --profile=/etc/firejail/mpv.profile --seccomp --caps.drop=all --net=none --shell=none --nonewprivs --noroot --nogroups --ipc-namespace --private-tmp --private-cache --private-dev --private-bin mpv,youtube-dl,python*,env /usr/bin/mpv --player-operation-mode=pseudo-gui
## [+] Xe1phix Firejail All-In-One Template Cheatsheet
https://gitlab.com/xe1phix/ParrotLinux-Public-Kiosk-Project/-/blob/master/Xe1phix-%5BFirejail%5D/Xe1phix-Firejail-%5BCustom-Template%5D/Xe1phix-%5BFirejail%5D-Comprehensive-%5BAll-In-One%5D-Hybrid-%7B%5BTemplate%5D%7D-%5Bv29.8.84%5D-(01-05-22).profile
## Xe1phix Custom Firejail Application Menu Configurations:
https://gitlab.com/xe1phix/ParrotLinux-Public-Kiosk-Project/-/tree/master/Xe1phix-%5BFirejail%5D/Xe1phix-Firejail-%5BProfile-Menu%5D
## YouTube URL:
https://www.youtube.com/watch?v=Z7V7d-aVTJ0
## Archive.org URL:
https://archive.org/details/open-avi-video-files-in-a-firejail-sandbox-by-default-using-parrotsec-linux
## Bitchute URL:
https://www.bitchute.com/video/hIYNROR8DX6L/
Open PDF files in Atril, using Firejail to sandbox the process in a secure, isolated environment.
Executing the process in a secure, Seccomp & eBPF filtered container.
The process is spawned Inside of an isolated | mount | user | PID | IPC | namespace.
The network is quarantined using network namespace isolation.
## [?] Syntax ran to launch Atril in a Firejail sandbox:
firejail --profile=/etc/firejail/atril.profile --net=none /usr/bin/atril %U
## [+] Xe1phix Firejail All-In-One Template Cheatsheet
https://gitlab.com/xe1phix/ParrotLinux-Public-Kiosk-Project/-/blob/master/Xe1phix-%5BFirejail%5D/Xe1phix-Firejail-%5BCustom-Template%5D/Xe1phix-%5BFirejail%5D-Comprehensive-%5BAll-In-One%5D-Hybrid-%7B%5BTemplate%5D%7D-%5Bv29.8.84%5D-(01-05-22).profile
## [+] Xe1phix Custom Firejail Application Menu Configurations:
https://gitlab.com/xe1phix/ParrotLinux-Public-Kiosk-Project/-/tree/master/Xe1phix-%5BFirejail%5D/Xe1phix-Firejail-%5BProfile-Menu%5D
## Archive.org URL:
https://archive.org/details/open-pdfs-in-a-firejail-sandbox-by-default
## Bitchute URL:
https://www.bitchute.com/video/hTUEfcnQSMp1/
## YouTube URL:
https://www.youtube.com/watch?v=ZpuMFKWIap4
##-===================================-##
[+] Intro To Linux Filesystems
##-===================================-##
## ------------------------------------------------------------------------- ##
[?] This presentation will be a live demo. (laptop recommended)
It will cover the use cases of ZFS, Btrfs, and XFS filesystems.
## ------------------------------------------------------------------------- ##
## ----------------------------------- ##
[?] In this talk I will cover:
## ----------------------------------- ##
> The ZFS Filesystem
> The Btrfs Filesystem
> The XFS Filesystem
## ----------------------------------- ##
##-=========================-##
[+] ZFS Filesystem
##-=========================-##
## ------------------------------------------------------------------------------------ ##
[?] The ZFS filesystem is an advanced fault tolarent filesystem (Self healing).
[?] Previously maintained by FreeBSD,
but recently the primary contributing project has become OpenZFS (Linux).
## ------------------------------------------------------------------------------------ ##
> ZFS ZPool - VDEVs (Virtual Block Devices)
> ZFS Copies - ZFS uses Ditto Blocks (Replicated Metadata).
It controls the number of copies of data stored for this dataset.
> ZFS Checksums - SHA256 Checksum Integrity Verification.
> ZFS Snapshots - Create, List, rolling back, delete, etc.
> ZFS Send+Receive - Replicate a filesystem or volumes between ZFS pools, or to remote locations.
> ZFS Snapshot Rollback - Reverts to a previous snapshot state.
> ZFS Clones - Clone an individual dataset.
> ZFS RAIDs - RAID-Z (4 Disks), Double-Parity RAID-Z | RAIDZ2 (5 Disks), Nested RAIDZ (8 Disks).
> ZFS ACLs - Create Access Control Entries (ACEs) for individual datasets.
> ZFS XATTR - Enable extended attribute properties for a file system.
> ZFS NoExec - Block process execution on the given dataset.
> ZFS Temporary Mount Points - Mount a directory as a temporary, throw away mount point.
> ZFS Compression - Compress individual datasets (lzjb | gzip | gzip-N | zle).
> ZFS Read-Only - Mount ZFS datasets read-only.
> ZFS Deduplication - The process for removing redundant data at the block-level.
##-=========================-##
[+] Btrfs Filesystem
##-=========================-##
## ----------------------------------------------------------------------- ##
[?] Btrfs is a modern copy on write (CoW) filesystem for Linux
aimed at implementing advanced features, while also focusing
on fault tolerance, repair and easy administration.
## ----------------------------------------------------------------------- ##
> Btrfs Creation - Mkfs.btrfs partition creation.
> Btrfs Compression (zlib, LZO)
> Btrfs Checksums - Checksumming on da
## [+] SecDSM - Intro To Linux Filesystems - [ 07/10/19 ]
## [+] ZFS Cheetsheet:
https://gitlab.com/xe1phix/Xe1phix-ZFS-Notes/blob/master/Xe1phix-ZFS-v14.7.sh (edited)
## [+] Btrfs Cheatsheet:
https://gitlab.com/xe1phix/btrfs-notes/blob/master/Btrfs-Skillz-v7.7.sh
## ------------------------------------ ##
## [?] YouTube URL:
## ------------------------------------ ##
https://youtu.be/OCncpUxFF8c
## ------------------------------------ ##
## [?] Archive.org URL:
## ------------------------------------ ##
https://archive.org/details/dfir-ewf-filesystem-forensic-integrity-checks-using-ewfinfoewfstatewfverifyopenssl
## ------------------------------------ ##
## [?] Bitchute URL:
## ------------------------------------ ##
https://www.bitchute.com/video/tOy5EtQ7qxhu/
## ------------------------------------ ##
## [?] PeerTube URL:
## ------------------------------------ ##
## ------------------------------------ ##
## [?] YouTube URL:
## ------------------------------------ ##
https://www.youtube.com/watch?v=NCBxSfk420I
## ------------------------------------ ##
## [?] Archive.org URL:
## ------------------------------------ ##
https://archive.org/details/ewf-filesystem-forensics-using-ewfaquire-for-forensic-filesystem-aquistion
## ------------------------------------ ##
## [?] Bitchute URL:
## ------------------------------------ ##
https://www.bitchute.com/video/1eVcUmKAhbfG/
## ------------------------------------ ##
## [?] PeerTube URL:
## ------------------------------------ ##
[?] In this video I will encrypt a Btrfs filesystem
during a forensic filesystem aquision.
[?] The tools used are: Dcfldd + OpenSSL.
[?] Then I will decrypt the OpenSSL encrypted file.
## ------------------------------------ ##
## [?] YouTube URL:
## ------------------------------------ ##
https://youtu.be/WmPQaihIqK0
## ------------------------------------ ##
## [?] Archive.org URL:
## ------------------------------------ ##
## ------------------------------------ ##
## [?] Bitchute URL:
## ------------------------------------ ##
## ------------------------------------ ##
## [?] PeerTube URL:
## ------------------------------------ ##
Perform a forensic image acquisition on an external hard drive.
Use Dc3dd for the forensic acquisition tool (Filetype:.raw.gz).
Commands used:
dc3dd if=/dev/sde verb=on | gzip > sde.raw.gz
zcat $Image.raw.gz | sha256sum
## ------------------------------------ ##
## [?] YouTube URL:
## ------------------------------------ ##
https://youtu.be/64u3xaheH7Q
## ------------------------------------ ##
## [?] Archive.org URL:
## ------------------------------------ ##
## ------------------------------------ ##
## [?] Bitchute URL:
## ------------------------------------ ##
https://www.bitchute.com/video/ozbcImrBfDvW/
## ------------------------------------ ##
## [?] PeerTube URL:
## ------------------------------------ ##
## -------------------------------------------------- ##
[+] Incremental Backup - Makes A Copy of Only Data
That Has Been Modified Since The Last Backup Operation.
## -------------------------------------------------- ##
[?] A Pointer Reference Table is Copied
And Updated Each Time A Snapshot Backup is Made
## -------------------------------------------------- ##
[?] The Tar .snar File Extension -
Contains Metadata Used To Create Full Incredmental Backups
## -------------------------------------------------- ##
[?] The Snapshot File Uses File Timestamps
Tar Can Determine if A File Has Been Modified
Since It Was Last Backed up.
## -------------------------------------------------- ##
[?] The Metadata Within $File.snar Lets The Tar Command Know
When A File is New or Modified Since The Last Snapshot Backup.
## -------------------------------------------------- ##
[?] If The File is New or Modified, It is Appended To The
Archived Snapshot Backup File ($File.tar.xz)
## -------------------------------------------------- ##
## -------------------------------------------------- ##
Tar - Hybrid snapshots cheatsheet:
## -------------------------------------------------- ##
https://gitlab.com/xe1phix/ParrotLinux-Public-Kiosk-Project/-/blob/master/Xe1phix-%5BCheatsheets%5D/Xe1phix-%5BCheatsheets%5D/Xe1phix-%5BFileSystem%5D-Cheatsheets/Xe1phix-%5BIncremental-Snapshot%5D-Backups-%5Bv7.5.2%5D.txt
## ------------------------------------ ##
## [?] YouTube URL:
## ------------------------------------ ##
https://youtu.be/hNdqBcZHWC4
## ------------------------------------ ##
## [?] Archive.org URL:
## ------------------------------------ ##
## ------------------------------------ ##
## [?] Bitchute URL:
## ------------------------------------ ##
## ------------------------------------ ##
## [?] PeerTube URL:
## ------------------------------------ ##
In this video,
I will be using qemu-img to convert an ISO file into a QCow2 file.
##-================-##
## [+] YouTube URL:
##-================-##
https://www.youtube.com/watch?v=GFJZlrSGgDA
##-===============-##
## [+] Archive.org URL:
##-===============-##
https://archive.org/details/xe1phix-qemu-img-convert-iso-qcow-2
Examine certificates using OpenSSL and Certtool.
##-================-##
## [+] YouTube URL:
##-================-##
https://www.youtube.com/watch?v=IzevQVSGkT8
##-===============-##
## [+] Archive.org URL:
##-===============-##
https://archive.org/details/using-openssl-certtool-to-examine-certificates
Setting up Wireguard SOCKS5 VPN
using Mullvad for Firefox + Telegram + qBittorrent.
##-===============-##
## [+] Archive.org URL:
##-===============-##
https://archive.org/details/wireguard-socks5-vpn-virtual-tunnel-interface-setup-for-firefoxtelegramqbittorrent
##-===============-##
## [+] YouTube URL:
##-===============-##
https://www.youtube.com/watch?v=LaeXRgIje8M
Using GnuPG to verify firejail source package GPG key.
##-==============-##
## [+] YouTube URL:
##-==============-##
https://www.youtube.com/watch?v=LmDsJzn7mjU
##-===============-##
## [+] Archive.org URL:
##-===============-##
https://archive.org/details/verifying-firejail-source-packages-using-gnupg
## Run Telegram with a SOCKS5 proxy using Mullvad OpenVPN Proxy.
##
## Steps:
##
<> Settings
<> Advanced
<> Connection Type
<> Use Custom Proxy
<> Add Proxy
<> Proxy Server change Type to SOCKS5
<> Change Host: to 10.8.0.1
<> Change Port to 1080
<> Save
## Resources:
https://mullvad.net/en/guides/socks5-proxy/
## Archive.org URL:
https://archive.org/details/UsingMullvadOpenVPNSOCKS5ProxyWithTelegram
Linux System Engineer, Studying Memory Forensics, & Intrusion Detection.
GnuPG Key: https://gitlab.com/xe1phix/Gnupg/blob/master/Xe1phix.asc