2018

securitylinux

Sunday 8 July 2018 (2018-07-08)

🇬🇧

Block automated scanners from scanning a website

Disclaimer# This post describes how to block automated scanners from scanning a website. Requirements# You will need: fail2ban nginx (another web server can work too but this will need some modificat

security

Wednesday 9 May 2018 (2018-05-09)

🇬🇧

Types of SQL Injection

SQL Injection, also known as SQLi, is one of the most common vulnerabilities in web application. Goal of the article# The goal of this article is not to explain what is an SQL injection or how they wo

2017

security

Sunday 25 June 2017 (2017-06-25)

🇬🇧

Client Side Certificate Authentication in Nginx with Elliptic Curve Cryptography

We will setup a client side certificate authentication in Nginx with Elliptic curve cryptography using ECDSA (curve secp384r1) for certificates and a self signed Certificate Authority (CA). Create Ser

2016

securitywindows

Monday 5 December 2016 (2016-12-05)

🇬🇧

Privilege Escalation (EoP) on Windows Server 2012 via PowerShell (PS)

Download this powershell script and save it 39719.ps1. Open an unprivileged powershell terminal. Go to the folder location where you saved the script. Source the script: . .\39719.ps1. Then type Invo

securitywindows

Thursday 13 October 2016 (2016-10-13)

🇬🇧

2 less known tricks of spoofing extensions on Windows

Well-known tricks# Malware often tries to hide itself from being an obvious executable. Windows malwares may: have crafted icons that are pretending to be real document files. use double extensions s

security

Wednesday 21 September 2016 (2016-09-21)

🇬🇧

Common upload flaws

If a remote web server let you upload and execute scripts so this is beginning to turn turn bad. Here are some common upload flaws: extensions blacklist double extensions MIME type Null Byte Extensi

security

Saturday 9 July 2016 (2016-07-09)

🇬🇧

Local File Inclusion (LFI) and Remote Code Execution (RCE) vulnerabilities for PHP

Local File Inclusion (LFI) is a type of vulnerability concerning web server. It allow an attacker to include a local file on the web server. It occurs due to the use of not properly sanitized user inp

security

Thursday 7 July 2016 (2016-07-07)

🇬🇧

Nikto : protect your Apache server against a LFI vulnerability

Goal# How to protect your apache server against a LFI vulnerability that can be found with Nikto . /autohtml.php?op=modload&mainfile=x&name=/etc/passwd : php-proxima 6.0 and below allows arbit

securitynews

Tuesday 21 June 2016 (2016-06-21)

🇬🇧

Hardened Tor Browser with Selfrando

6 June 2016, the Tor Project announced a hardened version of Tor Browser: 6.5a1-hardened. Here some links: Download page for hardened builds (only avaible for Linux at this time). Distribution direct

security

Monday 13 June 2016 (2016-06-13)

🇬🇧

Hide AES-256 encrypted zip file in a JPEG image

This how-to was made for Linux user. The user will need p7zip, exiv2 and optionally exif, exiftool, unzip. Create an AES-256 encrypted zip file# 7z (p7zip for Linux) can produce zip-format archives wi

Category: security