We will setup a client side certificate authentication in Nginx with Elliptic curve cryptography using ECDSA (curve secp384r1) for certificates and a self signed Certificate Authority (CA). Create Ser
Download this powershell script and save it 39719.ps1. Open an unprivileged powershell terminal. Go to the folder location where you saved the script. Source the script: . .\39719.ps1. Then type Invo
Well-known tricks# Malware often tries to hide itself from being an obvious executable. Windows malwares may: have crafted icons that are pretending to be real document files. use double extensions s
If a remote web server let you upload and execute scripts so this is beginning to turn turn bad. Here are some common upload flaws: extensions blacklist double extensions MIME type Null Byte Extensi
Local File Inclusion (LFI) is a type of vulnerability concerning web server. It allow an attacker to include a local file on the web server. It occurs due to the use of not properly sanitized user inp
Goal# How to protect your apache server against a LFI vulnerability that can be found with Nikto . 1/autohtml.php?op=modload&mainfile=x&name=/etc/passwd : php-proxima 6.0 and below allows arbi
6 June 2016, the Tor Project announced a hardened version of Tor Browser: 6.5a1-hardened. Here some links: Download page for hardened builds (only avaible for Linux at this time). Distribution direct
This how-to was made for Linux user. The user will need p7zip, exiv2 and optionally exif, exiftool, unzip. Create an AES-256 encrypted zip file# 7z (p7zip for Linux) can produce zip-format archives wi
The list of security related OS is now part of Rawsec's CyberSecurity Inventory!
Clipboard hijacking# It as been possible for a long time to use css (-9999px position trick) to append malicious content to the clipboard. Users doesn't notice anything and may execute unwanted comman