Collaborate Disseminate
Is allow_url_fopen always a security risk or only when you let others to insert URL?
like when you want to set video stream links from your another server, and the only way to add new URL is from your Admin area, and the only… Continue reading Is allow_url_fopen always a security risk?
i have the XML configuration file of a sophos XG firewall. Nipper doesn’t support this device type. Any suggestions for other softwares that can do the same work as nipper? thank you
Continue reading Sophos XG Firewall Configuration Files Auditor
I have a web server with many virtual hosts, config files, etc.
I’d like to track all of my web server & PHP config files using Git and have them hosted on a public GitHub repository, as this will make managing and backi… Continue reading What are the security implications of publishing my web server & PHP config files?
I’m backing up some switches and I’m wondering if this config file should be kept secure. It is in binary so I do not know what it contains.
What do the config files contain?
Continue reading Do HP ProCurve 1810G Config files have password hashes or other sensitive info?
I am trying to intercept the https request, but I getting this error while searching anything in URL.it’s hitting my burp, but I can’t get any response after clicking forward button,it comes with this error. I did all cofiguration.
Coul… Continue reading Failed to connect to www.google.co.in:443 error in burp suite?
I recently am trying to find my windows password after seeing some anti-virus software asked for my Windows credentials for me to log into my computer. So I thought I might be able to reach my own credentials too.
After maki… Continue reading Cannot open System File in Windows 10
I am applying configuration management to a VPS hosted by a VPS hosting company. Changing the hosting company is not an option, unfortunately.
This VPS has the following properties:
when newly-imaged or re-imaged, it gener… Continue reading SSH to IP instead of to fully qualified hostname: does this reduce MITM risk?
In a previous post by my colleague Irfahn Khimji, he spoke about how ensuring devices on your network is a great way to minimize the attack surface of your infrastructure. Organizations like the Center for Internet Security (CIS) provide guidelines on … Continue reading What is Configuration Drift?
I use Ubuntu 16.04 and I’ve installed SSHGuard (sudo apt-get install sshguard -y) to protect from Brute Force Attacks (BFAs) on whatever user.
From reading about the program in ArchLinux wikipedia and in the SSHguard website… Continue reading SSHguard: Does one to change any configuration for basic usage of the program?
A shell script (myscript) will be run as root, by cron. It reads IP addresses from a configuration file, and updates iptables to whitelist those IPs for inbound connections.
myscript uses a regexp (regular expression) to par… Continue reading Permissions for configuration file for program run as root that must be modifiable by SFTP