binaries that can be abused to break out restricted shells
Tmux Tutorial
lsof tutorial
Essentials of Linux system administration
Linux programs
dtrace scripts
How /proc works
How Git works
How Htop works
book-in-progress about the linux kernel and its insides.
Cloning a laptop over NVME TCP
Diagnose Down Servers with mtr:
root@localhost:~# mtr --report www.google.com
HOST: localhost Loss% Snt Last Avg Best Wrst StDev
1. 63.247.74.43 0.0% 10 0.3 0.6 0.3 1.2 0.3
2. 63.247.64.157 0.0% 10 0.4 1.0 0.4 6.1 1.8
3. 209.51.130.213 0.0% 10 0.8 2.7 0.8 19.0 5.7
4. aix.pr1.atl.google.com 0.0% 10 6.7 6.8 6.7 6.9 0.1
5. 72.14.233.56 0.0% 10 7.2 8.3 7.1 16.4 2.9
6. 209.85.254.247 0.0% 10 39.1 39.4 39.1 39.7 0.2
7. 64.233.174.46 0.0% 10 39.6 40.4 39.4 46.9 2.3
8. gw-in-f147.1e100.net 100.0 10 0.0 0.0 0.0 0.0 0.0
Other Info about hops
Looking for Remote Code Execution bugs in the Linux kernel
Trace Network Calls:
>>> strace -e trace=network,read,write ./test_app
[...]]
socket(PF_INET, SOCK_STREAM, IPPROTO_TCP) = 3
connect(3, {sa_family=AF_INET, sin_port=htons(5555), sin_addr=inet_addr("192.168.10.1")}, 16) = 0
write(3, "Hello World!\n", 13) = 13
read(3, "Boo!\n", 2048) = 5
Using dtrace:
>>> cat traceconnect.d
/* traceconnect.d - A simple DTrace script to monitor a connect system call */
struct sockaddr_in {
short sin_family;
unsigned short sin_port;
in_addr_t sin_addr;
char sin_zero[8];
};
syscall::connect:entry
/arg2 == sizeof(struct sockaddr_in)/
{
addr = (struct sockaddr_in*)copyin(arg1, arg2);
printf("process:'%s' %s:%d", execname, inet_ntop(2, &addr->sin_addr),
ntohs(addr->sin_port));
}
>>> dtrace -s traceconnect.d
process:'Google Chrome' 173.194.78.125:5222
process:'Google Chrome' 173.194.66.95:443
process:'Google Chrome' 217.32.28.199:80
process:'ntpd' 17.72.148.53:123
process:'Mail' 173.194.67.109:993
Environment variable to be removed for SUID programs
Source
Using the /proc/self/mem you are able to write to memory even if it is write protected
The Linux audio stack demystified