Defense Evasion

MAC Address and OUI Status

Check current MAC addresses

ip link show

Check if MAC randomization is active

nmcli device wifi list
nmcli connection show --active

Check NetworkManager MAC randomization settings

cat /etc/NetworkManager/NetworkManager.conf | grep -A5 "\[device\]"

Properly Configure MAC Address Randomization

Enable full MAC randomization in NetworkManager

sudo tee -a /etc/NetworkManager/NetworkManager.conf << EOF
[device]
wifi.scan-rand-mac-address=yes

[connection]
wifi.cloned-mac-address=random
ethernet.cloned-mac-address=random
connection.stable-id=\${CONNECTION}/\${BOOT}
EOF

Restart NetworkManager

sudo systemctl restart NetworkManager

For more aggressive randomization, change OUI as well

Install macchanger

sudo pacman -S macchanger

Create script to randomize MAC with random OUI

sudo tee /usr/local/bin/randomize-mac.sh << 'EOF'
#!/bin/bash
for interface in $(ip link show | grep -E '^[0-9]+:' | grep -v lo | cut -d: -f2 | tr -d ' '); do
    if [[ $interface =~ ^(wlan|eth|enp) ]]; then
        ip link set $interface down
        macchanger -r $interface
        ip link set $interface up
    fi
done
EOF

sudo chmod +x /usr/local/bin/randomize-mac.sh

SELinux

Display mode

getenforce

Disable SELinux

sudo setenforce 0

PreviousAWS NextConfirming and Verifying RCE

Last updated 21 days ago