Collaborate Disseminate
This morning, talking to a colleague, we were discussing the correction of assigning a CVSS to a bad configuration. Specifically, we were discussing whether using HTTP instead of HTTPS should have an associated vector.
From … Continue reading Is it correct to assign a CVSS to a misconfiguration?
Pieces of web applications such as WordPress or moodle require to specify the URL that the user will provide in order to visit the site. For example, in moodle has the $CFG->wwwroot config parameter that takes the value of… Continue reading Why modern php web application requires to specify the application’s url?
I have REST server (Spring Boot) runs on Windows 10 and frontend which runs on IIS web server. I need to configure rules as secure as possible. Web-server and REST server runs on the same computer on the local network.
Appl… Continue reading Running application with minimal privileges on Win 10
I am a beginner with openssl but want to get rid of my ignorance. So I downloaded openssl from https://indy.fulgan.com/SSL/ for Windows. When I executed
openssl version -d
I get
OPENSSLDIR: “/usr/local/ssl”
Of course, s… Continue reading openssl version -d prints non existing directory. Should I be worried?
Truism: Doing security right, is subtle and full of snags for the clueless.
Concern: I haven’t ever set up a connection between 2 computers using RSA/SSH keys or certificates, in my life. Realistically, I’m very aware of the… Continue reading Step by step guide for doing Wireguard VPN security and setup properly, for Android phone to OPNSense/pfSense LAN
Is it so easy to hack mongodb database?
I created a mongodb database and added users. If I want to allow access only to these users I need to add the following parameters to the config file:
security:
authorization: enabl… Continue reading Is it so easy to hack mongodb database?
Like what I put in the boxes for “Static Addresses: Address, Netmask, Gateway”; and under the “wifi tab” like “Cloned mac address, Band”?
I recently installed openvas9 following this guide.
I can log into the web interface on port 4000 just fine, and I ran a scan on my metasploitable VM for testing, and it seems good. Now I wanted to import the results into met… Continue reading metasploit openvas plugin not connecting to OpenVAS9-Manager
the curl commend used to download the file
curl “http://192.168.1.1/html/management/downloadconfigfile.conf?RequestFile=/html/management/cfgfile.asp” -H “Cookie: SessionID_R3=dsadwdwqdasdwasdawd” –data “csrf_token=saddasdwa… Continue reading Is it possible to exfiltrate a router config file to server using csrf ajax?
When I tried logging into the interface of my router today, I noticed that it had the default username and password set. I want to change it given the obvious dangers it posed by exposing my home network. Should I just login … Continue reading Can I change the router username and password provided by the ISP? [on hold]