Collaborate Disseminate
Last week, the United States Cybersecurity & Infrastructure Security Agency (CISA) advised on initial steps to take in response to the SolarWinds software that was compromised by advanced persistent threat actors. While federal agencies were under … Continue reading Continue Clean-up of Compromised SolarWinds Software
If they are doing that to stop threat actors then they only halted the normal users …. and if they are doing that to hide secrets and hard coded passwords then they are only obstructing the pentesters and security researchers.
I can’t fi… Continue reading Why do routers manufacturer tend to encrypt the router config even though it would be helpful if customers could view and modify it on the go? [closed]
pfSense is a very popular free and open source firewall solution. It does not only provide classic firewall services but has plenty of features like VPN server or can offer DNS, DHCP, proxy services… and many more. pfSense is also proposed by some companies as a commercial service with support.
The post pfSense Firewall Configuration Audit with pfAudit appeared first on /dev/random.
Continue reading pfSense Firewall Configuration Audit with pfAudit
I have setup squid proxy on a CentOs server where I set forwarded_for to delete and denied request headers on the /etc/squid/squid.conf file. However, whilst connected to the proxy, if I visit http://ip-check.net/detect-proxy.php it still … Continue reading How to make Squid Proxy undetectable by ip-check.net?
A number of high-profile data breaches have resulted directly from misconfigured permissions or unpatched vulnerabilities. For instance, the 2017 Equifax breach was the result of exploiting an unpatched flaw in Apache Struts allowing remote code execut… Continue reading Shared Responsibility and Configuration Management in the Cloud: SecTor 2020
I’ve used cleanbrowsing.org as a DNS filter, created an administrator account, logged in into that account, changed my usual (admin) account to a normal user and set the new admin account with a long password that I can’t remember (copy pa… Continue reading Configuring a macbook for a specific case
Tripwire’s Brent Holder and Stephen Wood discuss recent study findings that provide a snapshot of what organizations are doing (and not doing) to secure their cloud. Spotify: https://open.spotify.com/episode/5wXKv9DiQjfsZNf6heXg67 Stitcher: https://www… Continue reading Podcast Episode 9 – Cloud Misconfigurations: Simple Mistakes, Big Consequences
I want to run an automatic scan on a web application made with Angular and JSNode. On this one I have access to different types of accounts. On ZAP OWASP I can select the POST request, it detects the parameters in the request, I show it wh… Continue reading Auto-login to refresh token in Burp Suite 2
My router can be configured by going to 192.168.1.1:80 when connected either by WiFi or by Ethernet cable.
Can the same configuration web interface be accessed from the external interface (the public IP of the router)?
Some background:
I h… Continue reading Can a router be configured from outside the local network?
For security and privacy purposes, it’s best to keep WebRTC disabled if you aren’t using it. Firefox makes this easy by simply setting media.peerconnection.enabled to false.
Due to COVID-19, the use of teleconferencing has increased drama… Continue reading What, if anything, are the consequences of temporarily enabling and then disabling WebRTC in Firefox?