ModSecurity is an embeddable web application firewall or WAF. It can be installed as part of your existing web server infrastructure.
ModSecurity is available as a package for different Linux distributions but these versions are often outdated. I installed ModSecurity from source on Ubuntu 12.0.4 LTS.
Start by downloading the source tarball from the ModSecurity website. The full code is available via GitHub and the links to the tarballs are available from the home page.
… Read more.
I was reading on DNS rebinding and how browsers protect us with DNS pinning.
I was curious how public DNS servers reply when you do a query for a host that is binded to an RFC1918 address.
DNS rebinding basically works as follows.
Attackers control the DNS of a domain (‘www.example.com’); A user is lured (phishing, web commment, …) into visiting a site controlled by the attacker, the DNS response is a public IP … Read more.
From the CERT.be website : Open DNS resolvers are frequently being abused to conduct efficient DDoS attacks towards websites, infrastructure and services..
You can detect open resolvers on your network with a vulnerability information management tool (for example Qualys), via the Open Resolver Project or manually with an nmap command.
Keeping track of the different output files becomes more difficult if you have to do this often. I wrote a script that imports the nmap … Read more.
STeBB ( Security Testing Browser Bundle ) is an all in one web security toolkit for web application security testers. Built over Mozilla Firefox, this Linux based open source browser bundle comes with a vast array of awesome tools that help you secure your web application. STeBB runs in Debian based Linux distributions and can be used to thoroughly security test the web applications, especially the OWASP Top 10 risks. Basically it’s a web pen … Read more.
I recently bought a new Philips television 32PFL5008H/12. Most new televisions are ‘smart’ and this device is nothing different. It can connect to the Internet via a wired or wireless connection. I used the wired connection and disabled wireless. I also disabled most of the ‘smart’ features because they are not useful for my usage.
According to the included licenses this device is build on a Linux Kernel 3.0.13 and includes a number of open … Read more.
For a new project I needed a tool that could scan a web server for the http status code of different URLs and have the results listed in a easily parseable result. The URLs are typical Linux resources (f.e. the password file, the hostname, services file, …) that could lead to disclosing sensitive system information.
There are already a number of tools that can achieve this but none really provided the output that I needed. … Read more.
Adobe recently suffered from a break-in where intruders were able to get hold of Adobe users’data, containing email addresses, encrypted passwords, password hint names, etc.
This break-in was acknowledged by Adobe (note that the acknowledgement page from Adobe does not have a date or timestamp, at least not on Nov-17, it only mentions ‘recently’).
The posting on the Sophos blog by Paul Ducklin provides a very interesting overview on the cryptographic blunders made by Adobe. … Read more.
This post demonstrates how relatively easy it is to setup a system that harvests user credentials (username and password) for different web services (Facebook, Twitter, Yahoo).
For this exercise we’ll use two machines :
An end-user laptop or desktop with a browser; Kali Linux with a number of pentesting tools. The Kali Linux machine needs at least one network interface with internet connection.
The exercise scenario involves three major steps :
Have … Read more.
Web applications have become important assets in a company infrastructure. If you need to do a penetration test then it is essential that you have a basic understanding of how to analyse and test these web applications.
Many, if not all, require some form of authentication. Sometimes this happens via Basic Authentication where the user needs to enter credentials in some form of popup in the web browser. More often though the authentication happens via … Read more.
A list of 20 different digital forensic investigation tools. The list is taken from http://www.gfi.com/blog/top-20-free-digital-forensic-investigation-tools-for-sysadmins/.
Added this post as a reminder-to-self.
SANS SIFT ProDiscover Basic Volatility The Sleuth Kit (+Autopsy) FTK Imager Linux ‘dd’ CAINE Oxygen Forensic Suite 2013 Standard Free Hex Editor Neo Bulk Extractor DEFT Xplico LastActivityView Digital Forensic Framework Mandiant RedLine PlainSight HxD HELIX3 Free NetSleuth P2 eXplorer Free
Graphs made with cudeso posts stats
By continuing to use the site, you agree to the use of cookies. more information
An HTTP cookie, is a small piece of text sent from a website and stored in your web browser. Cookies are a reliable mechanism for websites to remember your preferences and improve your browsing experience.
If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.