Collaborate Disseminate
Truism: Doing security right, is subtle and full of snags for the clueless.
Concern: I haven’t ever set up a connection between 2 computers using RSA/SSH keys or certificates, in my life. Realistically, I’m very aware of the… Continue reading Step by step guide for doing Wireguard VPN security and setup properly, for Android phone to OPNSense/pfSense LAN
Is it so easy to hack mongodb database?
I created a mongodb database and added users. If I want to allow access only to these users I need to add the following parameters to the config file:
security:
authorization: enabl… Continue reading Is it so easy to hack mongodb database?
Like what I put in the boxes for “Static Addresses: Address, Netmask, Gateway”; and under the “wifi tab” like “Cloned mac address, Band”?
I recently installed openvas9 following this guide.
I can log into the web interface on port 4000 just fine, and I ran a scan on my metasploitable VM for testing, and it seems good. Now I wanted to import the results into met… Continue reading metasploit openvas plugin not connecting to OpenVAS9-Manager
the curl commend used to download the file
curl “http://192.168.1.1/html/management/downloadconfigfile.conf?RequestFile=/html/management/cfgfile.asp” -H “Cookie: SessionID_R3=dsadwdwqdasdwasdawd” –data “csrf_token=saddasdwa… Continue reading Is it possible to exfiltrate a router config file to server using csrf ajax?
When I tried logging into the interface of my router today, I noticed that it had the default username and password set. I want to change it given the obvious dangers it posed by exposing my home network. Should I just login … Continue reading Can I change the router username and password provided by the ISP? [on hold]
recently I noticed that OVAL definition files released by Ubuntu security team has changed significantly.
specifically, definition file for Ubuntu Xenial and above changed. they added 4 digits of zeroes before the last 3 dig… Continue reading Ubuntu OVAL ID format changed. for what reason?
I’m arguing with a colleague about the security of storing encrypted password on GitHub.
Our process is currently to commit a configuration file with environment variables including username and passwords. Username and passw… Continue reading Committing encrypted passwords but not usernames
I read recently about whether you should store your database passwords in config files, environment variables, docker secrets, etc. But if somebody can steal it from those places, then s/he can already inject code into your s… Continue reading Why would a hacker bother with stealing your database password?
In the last few years, organizations have been subject to extortion through ransomware. Now, hackers are bypassing the nasty business of trying to get people to give them cryptocurrency to simply hijacking your processor to mine for cryptocurrency. As … Continue reading Malware: Three Industry Problems and How to Solve Them