Category: Security
Let’s Encrypt? Let’s revoke 3 million HTTPS certificates on Wednesday, more like: Check code loop blunder strikes
Tons of TLS certs need to be tossed immediately after Go snafu On Wednesday, March 4, Let’s Encrypt – the free, automated digital certificate authority – will briefly become Let’s Revoke, to undo the issuance of more than three million flawed HTTPS certs. In a post to the service’s online forum on Saturday, Jacob Hoffman-Andrews, senior staff…
What is Network Penetration Testing
This tutorial briefly explains what is network penetration testing, lists some of the main tools used to carry out pen tests and gives some practical examples in real scenarios. What is Network Penetration Testing? Outdated code, the addition of features, wrong configurations, or the development of innovative offensive methods may result in “weaknesses” exploitable by…
File carving tools
In computers, file carving consists of recovering and rebuilding, reconstructing or reassembling fragmented files after a disk was formatted, its filesystem or partition corrupted or damaged or the metadata of a file removed. All files contain metadata, metadata means: “data that provides information about other data”. Among more information, files metadata contains the location and…
Nmap scan specific udp port
This tutorial starts by showing how to carry out UDP scans and identify vulnerable candidates to execute RDDOS (Reflective Denial of Service) attacks. This tutorial is optimized for readers looking for a fast implementation. For a little theoretical information on the UDP protocol check the end of the article, you can also read Nmap Flags…
Email Header Analysis
Analyzing email headers is one of the most common tasks in computer forensics, and it can help us if we doubt the authenticity of an email sender. An example of professional practical use of a mail header analysis may be the assurance an indicated player in court was the sender or receiver of an email,…
Driftnet command tutorial and examples
Sniffing consists of intercepting packets through a network to get their content. When we share a network, intercepting the traffic going through it is pretty easy with a sniffer, that’s why protocol encryption such as https is so important, when traffic is unencrypted even credentials go in plain text and can be intercepted by attackers….
How to Detect if Your Linux System has been Hacked
When there is suspicion a system was hacked the only safe solution is to install everything from the beginning, especially if the target was a server or a device containing information exceeding the user or admin personal privacy. Yet you may follow some procedures to try to realize if your system was really hacked or…
Disable Unnecessary Services Debian Linux
This article aims to help you increase performance and decrease vulnerabilities by reducing the number of services at minimal level as possible. By reducing the services instructed in this tutorial, domestic users who need regular access to the internet shouldn’t experience problems but only improvements, even if not visible. This article is optimized for those…
Debian Firewall Setup Best Practices for Security
Restrictive vs Permissive Firewall Policies In addition to the syntax you need to know to manage a firewall, you will need to define the firewall’s tasks to decide what policy will be implemented. There are 2 main policies defining a firewall behavior, and different ways to implement them. When you add rules to accept or…
BlueTooth Security Risks
Security risks involving bluetooth vulnerabilities include techniques known as: bluebugging, bluesnarfing, bluejacking, denial of service and exploits for different holes. When a device is configured in discoverable an attacker may try to apply these techniques. Today mobile security was strongly increased and most attacks fail, yet sometimes security holes are discovered and new exploits emerge….