User Controls
Building a Distro, that builds Distros | FULL AUTO
-
2021-04-20 at 11:48 PM UTCFull auto in the sense that you will only need to fill in some values, save it to your config file, and have the rest pretty much automated. Pretty neat huh? Guess what i am building? A Distro that does just that. Now you might be wondering to yourself: Soph, why would you want to make a Distro which builds other Distros? Well i am glad you asked.
I've been getting into Distro Dev and general OS/Kernel/System stuff both as it pertains to regular and embedded systems, Rasberry Pi Arduino, and even some of the more exotic architectures. I put OS in there because i got access to tooling that allows me to configure custom Windows builds, as well as Linux Distros and OSX.
Since i got my data center/VM-Lab up and running i've been a little annoyed with setting anything up that isn't meant to be a server, or a standard ass Win10 install, or just a simple Ubuntu or Debian box. Bootstrapping utilities are a thing, but i want to be able to have config files that set everything i need for whatever scenario i can think of, Including Special Windows Builds. I also want to have almost all of this automated for convenience and to give myself room to scale up, which is absolutely possible.
Win Builds
Some details on the tooling involved and general info.
I have a special set of Windows Kits and associated tools that i run on Win2k16, they include the SDK, ADK, EWDK, and the Windows Hardware Lab.
They do a lot of things but one thing the ADK and EWDK are used for is Enterprise Level Windows deployment. Say a company might have 100 people in the sales department that need their workstations configured in a way that is most conducive to the execution of their duties, and has pre-configured security policies. Because everyone knows, the people over at sales are the god damn people always opening MalDocs and getting ransomware all over the servers. In that scenario an Enterprise would use the same kind of setup i have access to in order to churn out those 100 workstation deploys with the better security policies.
All you need to do is set up a master server, provisioning server and build targets.
Basically with this tooling i could make Win10 Builds designed for Development, Debugging, and Kernel Debugging/Research. Or I could turn off Telemetry, Event Logging, Security Logging and Windows defender components.
Alternatively i could make a custom build that actually respects your privacy.
If you are familiar with Commando or FLARE by FireEye, those builds were made with the tooling that i have access to as well. Difference is i have a secret weapon that FireEye can't use for legal reasons that allows me to make installation media for custom build distribution, suited for VM, bare-metal, anything really. Without the need for the end user to activate the
If you are unfamiliar with FLARE and Commando and/or would like to get an idea of what i am talking about or perhaps use those VMs(They're great btw, definitely recommend) Check them out below.
FLARE: Windows Based RevEng VM
COMMANDO VM: Windows Based Complete OffSec Suite VM
Pretty neat right?
*Nix
Debootstrap, QEMU-Debootstrap, Debootstick, QEMU-KVM, Docker and LXC allow me to easily set up a rootfs, kernel and Package manager. QEMU components support exotic architectures too.
QEMU-KVM or LXC in combination with the snap application manager from the fine folks over at Canonical are useful for getting minimal Ubuntu LTS set up, customized and virtualized. These can be debootstrapped, and used to create vmdk files or images on installation media. Very handy for creating highly specialized and smol custom Distros based on Ubuntu. You can do the same with Docker and Docker Images. The beauty of which is that there are many Docker images available, even if you don't have a Docker Hub making a Dockerfile to your exact specifications is trivial.
For ARM architecture a tool-chain by the name of BuildRoot is available too. The cool thing about which is that you can build a Distro from the literal ground up.
I will be looking into Kubernetes and Packer.io as well, but i am less familiar with those solutions at present.
The distro i am building for this purpose is Debian based, is getting all the toolchains and virtualization frameworks and will ship with a custom windows build, either as an IMG, ISO, or VMDK. The Build will have all telemetry and logging disabled at the kernel level, and come pre-installed with everything you need(including a custom tool that will make our lives a lot easier while doing so.) in order to start churning out pre-activated custom builds
Besides the one you can see above i will be writing more tools mostly for automation purposes. It's going to be the one stop shop for all our OS and distro needs.
Comments?
Criticism?
Corrections? -
2021-04-27 at 9:33 AM UTCI have a prototype set up in VM, it's based off a mini.iso for Ubuntu 20 LTS, it has Packer.io, Docker, Multipass, SBuild, Vagrant, VMWare-ISO tools, QEMU-KVM, QEMU-IMG, QEMU-Debootstrap for x64, x86, ARM, and more exotic architectures. Normal Debootstrap, Debootstick, a static binary for bootstrapping apt packages, and LXC, LXD, Snap, and cloud-init, to initialize installs for VMs for local cloud and remote cloud usage. Packer, also has the ability to initialize AWS instances.
All i need to do now is check out Kubernetes and see how that might fit within the design parameters of the OS-Building Distro. I might also add Build-Root which is a toolchain specifically designed for ARM and a couple other embedded device architectures, which will allow the user to basically build a mini OS for an Arduino or Raspberry Pi.
First i will test all the tooling, write some automation implementations for it, and build a Docker Image if everything turns out to be working as intended, the Docker IMG will be made available at Docker Hub. Then i either SBuild/Debootstrap or Debootstick the Docker Image, and turn it into a rootfs, mounted to be written to a USB stick for Live Boot, or Installation.
Pretty pleased with my progress so far. If you have anythingtoadd, comments and/or criticism, please feel free to post your thoughts. -
2021-06-14 at 5:05 PM UTCCurrently building a customized system for an associate of mine, i also got one in the pipeline for my personal use that's completely geared towards low level research, development and security, and it's going to be lit.
After i am done building the former. I'll take a request if any of you niggas want a highly specialized bespoke OS. I'll do one or two depending on how elaborate the requests are. I promise not to embed a bootkit. In fact i'll provide the source files and a version you can use in VM, if you wanna check for shenanigans. -
2021-06-15 at 2:22 PM UTC
-
2021-06-15 at 6:59 PM UTCBrool story co.
But what does it have to do with this thread? -
2021-06-25 at 3:42 PM UTCdamn nigga i wish wasnt retarded
-
2021-07-04 at 4 PM UTC
-
2021-07-04 at 6 PM UTCDo something cool like erasing the worlds debt.
-
2021-07-07 at 1:03 AM UTC
-
2021-07-07 at 9:37 PM UTCSo you you could theoretically kill the federal reserve, but not the local bank?
Ok. -
2021-07-07 at 10:54 PM UTC
-
2021-07-07 at 11:14 PM UTC
Originally posted by Obbe So you you could theoretically kill the federal reserve, but not the local bank?
Ok.
The point is which i thought i had made clear by mentioning E-Corp is that there is no one central place to hit to erase the word's debt. Theoretically if you had enough skilled people and enough organizational power you might kill all the banks including the central banks. But theoretically if i had a bunch of nukes i could wipe out the banks and the cities they're in too. It's not realistic. -
2021-07-08 at 4:06 PM UTC
Originally posted by Sophie The point is which i thought i had made clear by mentioning E-Corp is that there is no one central place to hit to erase the word's debt. Theoretically if you had enough skilled people and enough organizational power you might kill all the banks including the central banks. But theoretically if i had a bunch of nukes i could wipe out the banks and the cities they're in too. It's not realistic.
or you just need one AI to replicate itself and target data servers all over the world at the same time.
i wonder if they stil use tape backups. -
2021-07-09 at 9:29 PM UTC
-
2021-07-09 at 10:30 PM UTCCan you make me an OS that I can control with my butt?
-
2021-07-12 at 10:29 AM UTC
-
2021-07-12 at 10:33 AM UTC
Originally posted by vindicktive vinny or you just need one AI to replicate itself and target data servers all over the world at the same time.
i wonder if they stil use tape backups.
I have actually worked on an Offensive Security Framework that employs Machine Learning to go about target acquisition, recon, and exploitation. No clones needed, just a lot of processing power and high bandwidth. As of now it wouldn't scale to highly secure facilities. But it's still pretty good and can work at scale with end user boxes, IoT and such granted you have reasonably adequate hardware. -
2021-07-12 at 4:19 PM UTC
Originally posted by Sophie I have actually worked on an Offensive Security Framework that employs Machine Learning to go about target acquisition, recon, and exploitation. No clones needed, just a lot of processing power and high bandwidth. As of now it wouldn't scale to highly secure facilities. But it's still pretty good and can work at scale with end user boxes, IoT and such granted you have reasonably adequate hardware.
and then they develop AIs to deal with this and identify signs of exploit recons and then there will be AI arms race.
AIs will be used to make better AIs that render them obsolete and the cycle repeat exponentially.
singularity is nigh. -
2021-07-12 at 4:46 PM UTC
Originally posted by vindicktive vinny and then they develop AIs to deal with this and identify signs of exploit recons and then there will be AI arms race.
AIs will be used to make better AIs that render them obsolete and the cycle repeat exponentially.
singularity is nigh.
Yeah it might be, i am just happy that i get to enjoy it from a more 'insider' perspective if you know what i mean? -
2021-07-12 at 4:50 PM UTC
