Category: Security

Let’s Encrypt? Let’s revoke 3 million HTTPS certificates on Wednesday, more like: Check code loop blunder strikes

Let’s Encrypt? Let’s revoke 3 million HTTPS certificates on Wednesday, more like: Check code loop blunder strikes

Tons of TLS certs need to be tossed immediately after Go snafu On Wednesday, March 4, Let’s Encrypt – the free, automated digital certificate authority – will briefly become Let’s Revoke, to undo the issuance of more than three million flawed HTTPS certs. In a post to the service’s online forum on Saturday, Jacob Hoffman-Andrews, senior staff…

What is Network Penetration Testing

What is Network Penetration Testing

This tutorial briefly explains what is network penetration testing, lists some of the main tools used to carry out pen tests and gives some practical examples in real scenarios. What is Network Penetration Testing? Outdated code, the addition of features, wrong configurations, or the development of innovative offensive methods may result in  “weaknesses” exploitable by…

File carving tools

File carving tools

In computers, file carving consists of recovering and rebuilding, reconstructing or reassembling fragmented files after a disk was formatted, its filesystem or partition corrupted or damaged or the metadata of a file removed. All files contain metadata, metadata means: “data that provides information about other data”. Among more information, files metadata contains the location and…

Nmap scan specific udp port

Nmap scan specific udp port

This tutorial starts by showing how to carry out UDP scans and identify vulnerable candidates to execute RDDOS (Reflective Denial of Service) attacks.  This tutorial is optimized for readers looking for a fast implementation. For a little theoretical information on the UDP protocol check the end of the article, you can also read Nmap Flags…

Email Header Analysis

Email Header Analysis

Analyzing email headers is one of the most common tasks in computer forensics, and it can help us if we doubt the authenticity of an email sender. An example of professional practical use of a mail header analysis may be the assurance an indicated player in court was the sender or receiver of an email,…

Driftnet command tutorial and examples

Driftnet command tutorial and examples

Sniffing consists of intercepting packets through a network to get their content. When we share a network, intercepting the traffic going through it is pretty easy with a sniffer, that’s why protocol encryption such as https is so important, when traffic is unencrypted even credentials go in plain text and can be intercepted by attackers….

Disable Unnecessary Services Debian Linux

Disable Unnecessary Services Debian Linux

This article aims to help you increase performance and decrease vulnerabilities by reducing the number of services at minimal level as possible. By reducing the services instructed in this tutorial, domestic users who need regular access to the internet shouldn’t experience problems but only improvements, even if not visible. This article is optimized for those…

BlueTooth Security Risks

BlueTooth Security Risks

Security risks involving bluetooth vulnerabilities include techniques known as:  bluebugging, bluesnarfing, bluejacking, denial of service and exploits for different holes. When a device is configured in discoverable an attacker may try to apply these techniques. Today mobile security was strongly increased and most attacks fail, yet sometimes security holes are discovered and new exploits emerge….