Collaborate Disseminate
I’ve been reading about the new tls-crypt options for OpenVPN 2.4, but I’m not sure if I correctly understand it.
I’ve read the manual pages and the security overview for OpenVPN (which seems to be missing the tls-crypt opti… Continue reading OpenVPN’s new tls-crypt option
I found a reflected XSS in an application during a test, where I define the string passed to:
<script language=’JavaScript’>
document.location=’/this-is-my-input’
</script>
Some input sanitisation occurs, for i… Continue reading Prevent change of document.location, when injecting the document.location JavaScript command
I’m testing a VM from vulnhub and was able to enumerate samba shares with nmap –script smb-enum-shares -p445 <IP>.
The result tells me that there’s the share C:\tmp with read/write access for the guest user.
root@ka… Continue reading Accessing a samba share on a black box
I’ve found myself in a Windows environment recently and unable to use msfvenom or msfpescan, as I’m used to a linux environment.
I’ve tried to run these commands in the msfconsole in the GUI, but it states ” Permission denie… Continue reading How to run Msfvenom and Msfpescan on Windows [on hold]
How much does the choice of the domain registrar and the TLD impact the security of my information?
I’ve learned that some registrars will require more personal information than others. I even had a case where a registrar de… Continue reading Information security point of view when registering a domain and chosing a TLD
My webserver has been up for < 25 hours and has already been crawled for various default pages, just to name one /administrator/index.php.
I understand that this is very common and it’s not really an issue for me, as I have secured the… Continue reading Giving malicious crawlers and scripts a hard time
I’ve recently looked a bit into the MS vulnerability CVE-2012-0002/MS12-020, released in 2012.
In March 2012, Symantec posted a screenshot of a supposedly RCE PoC for the vulnerability, but today I still can’t find a decent … Continue reading Is there a RCE PoC for the CVE-2012-0002/MS12-020?