Collaborate Disseminate
We have the following configuration of the /etc/network/interfaces file which was setup by somebody else on this system. It has worked well by allowing other systems on LAN (and the internet) to connect to an nginx/apache run server on tha… Continue reading Assigning static IP address other than 127.0.0.0/8 to loopback interface
Using a web server with Nginx + ModSecurity + OWASP ModSecurity Core Rules…
On the OWASP config file crs-setup.conf is the order of the config section SecAction important or can i order them differently from the example config file?
… Continue reading Is `SecAction` order important for an OWASP ModSecurity config file?
Recently I started creating a CTF challenge based on Drupal 8. I want to create a REST API parameter that will be vulnerable to SQLi. Even if this isn’t something I should ask for here, I decided to do it in case anyone who knows Drupal is… Continue reading Drupal 8 – Create REST API vulnerable to SQL Injection for CTF purposes
With millions working, learning and collaborating remotely due to COVID-19 challenges, there’s an explosion of remote endpoints running Zoom and other collaboration and productivity applications such as Outlook, Teams, Webex, Slack, Office 365 an… Continue reading Secure Remote Endpoints from Vulnerabilities in Video Conferencing & Productivity Applications like Zoom
We’re using argon2-jvm to use Argon2id on our Java TCP Server.
Because its argon2id instance is thread-safe, we plan to only create a single instance for the lifetime of our app and have each request handler call it whenever necessary (e…. Continue reading Configuring Argon2id for Multiple Threads
I read an article about how to use Argon2id in C# here.
Below is the code they wrote (slightly edited):
using System;
using System.Diagnostics;
using System.Linq;
using System.Security.Cryptography;
using System.Text;
using Konscious.Sec… Continue reading Argon2id Configuration
A number of years ago now, still well into the 2000s, I was very naive. Especially in terms of computer security.
To make a long, painful story which I don’t even remember myself all too well, the basic gist is that I set up a FreeBSD ser… Continue reading Why did/does PostgreSQL, MongoDB and probably other database softwares allow such dangerous configurations?
What is the legal status of the old configuration file on the purchased used network equipment?
Is the sell of equipment equals to granting permissions to read/publish/resell the content (the configuration file) of that equipment?
Are c… Continue reading Legal status of configuration file from used network equipment [closed]
I’ve been asked to disable the use of all SSL, and TLS < TLS 1.2, globally on one of my Centos boxes. Its been suggested that I should be able to do this in the openssl library.
I’m reasonably familiar with SSL/TLS, ciphersuites, etc, … Continue reading How to globally disable protocols < TLS 1.2 at openssl library level
Is there anyway to export a configuration profile from an IOS device that you have root on? So I have a device with an MDM profile with login credentials for a wifi network, VPN, and email authentication certificates. Is ther… Continue reading Export IOS Certificates and Configuration Profiles