█ SecBSD

Open source volunteer project to develop security focused UNIX-like operating system based upon OpenBSD for security researchers, pentesters, bug hunters, cybersecurity folks, hacktivists and paranoid dudes. Inside, the development process follows the same philosophy as OpenBSD, we believes in strong security, privacy and cryptography by default.

█ Advantage

• A new kernel is generated with randomized addresses at every boot, install and upgrade.
• No telemetry. No tracking.
• No mic recording sound by default. No webcam access by default.
• Memory can be written to or executed, but no both, that prevents malicious code from producing buffer overflows.
• Anti-ROP, the order of symbols in libc.so are randomized at boot time to prevent "return oriented programming".
• Memory allocation randomization. This make attacks harder because each runs has a different memory layout.
• Position independent executable. An executable and its dependencies are loaded into random memory locations within virtual memory. This make it hard for an attacker to predict a binary behaviour.
• Disabled simultaneous multi-threading by default. Holds separate page tables for the kernel and userland to mitigate hardware vulnerabilities as meltdown and spectre.
• The file utility is sandboxed and runs as the "_file" user by default.
• Unveil and Pledge.
• Privilege separation.