2018

0

security

Wednesday 19 December 2018 (2018-12-19)

Check SSH fingerprint

🔗Display the default fingerprint 🔗Of a key You can either use the public key or private key to obtain the fingerprint (default is SHA256 in base64). 1234$ ssh-keygen -lf ./id_ed25519256 SHA256:jISol

0

securitylinux

Sunday 8 July 2018 (2018-07-08)

Block automated scanners from scanning a website

🔗Disclaimer This post describes how to block automated scanners from scanning a website. 🔗Requirements You will need: fail2ban nginx (another web server can work too but this will need some modific

0

security

Wednesday 9 May 2018 (2018-05-09)

Types of SQL Injection

SQL Injection, also known as SQLi, is one of the most common vulnerabilities in web application. 🔗Goal of the article The goal of this article is not to explain what is an SQL injection or how they w

2017

0

security

Sunday 25 June 2017 (2017-06-25)

Client Side Certificate Authentication in Nginx with Elliptic Curve Cryptography

We will setup a client side certificate authentication in Nginx with Elliptic curve cryptography using ECDSA (curve secp384r1) for certificates and a self signed Certificate Authority (CA). Create Ser

2016

0

securitywindows

Monday 5 December 2016 (2016-12-05)

Privilege Escalation (EoP) on Windows Server 2012 via PowerShell (PS)

Download this powershell script and save it 39719.ps1. Open an unprivileged powershell terminal. Go to the folder location where you saved the script. Source the script: . .\39719.ps1. Then type Invo

0

securitywindows

Thursday 13 October 2016 (2016-10-13)

2 less known tricks of spoofing extensions on Windows

🔗Well-known tricks Malware often tries to hide itself from being an obvious executable. Windows malwares may: have crafted icons that are pretending to be real document files. use double extensions

0

security

Wednesday 21 September 2016 (2016-09-21)

Common upload flaws

If a remote web server let you upload and execute scripts so this is beginning to turn turn bad. Here are some common upload flaws: extensions blacklist double extensions MIME type Null Byte 🔗Exten

0

security

Saturday 9 July 2016 (2016-07-09)

Local File Inclusion (LFI) and Remote Code Execution (RCE) vulnerabilities for PHP

Local File Inclusion (LFI) is a type of vulnerability concerning web server. It allow an attacker to include a local file on the web server. It occurs due to the use of not properly sanitized user inp

0

security

Thursday 7 July 2016 (2016-07-07)

Nikto : protect your Apache server against a LFI vulnerability

🔗Goal How to protect your apache server against a LFI vulnerability that can be found with Nikto . 1/autohtml.php?op=modload&mainfile=x&name=/etc/passwd : php-proxima 6.0 and below allows arb

0

securitynews

Tuesday 21 June 2016 (2016-06-21)

Hardened Tor Browser with Selfrando

6 June 2016, the Tor Project announced a hardened version of Tor Browser: 6.5a1-hardened. Here some links: Download page for hardened builds (only avaible for Linux at this time). Distribution direct