Running this command resulted with the list of ciphers which supports rc4:
/usr/bin/openssl ciphers -v | grep -i "rc4"
What’s the easiest way and how to remove specifically ciphers that supports rc4 that I need to execute or whe… Continue reading Way to remove rc4 from Linux Cipher Suites
Was thinking to use Ambassador design pattern and filter each request through Nginx with Waf (mod_security or Naxsi) in reverse proxy and ACL, authentication and authorization to pod.
What are the best practices?
How to prevent "soft … Continue reading How to implement zero trust concept on a pod running in Kubernetes?
We would like to use an hardened rabbitmq3.8-alpine Docker Image and we could not find any resources about an hardened image nor information about how to harden a RabbitMQ container.
Among others, we would like to run the container as a no… Continue reading Harden RabbitMQ Docker Container
We would like to harden our Docker Image and remove redundant software from it. Our Devs and Ops asked to keep some Linux tools used for debugging on the containers running on our Kubernetes Prod environment.
I’ve read this post:
https://w… Continue reading Is it possible to run commands that exist only on the host on a docker container?
I recently started the Offensive Security AWAE course.
On their connectivity guide page, they warn about the hazards of connecting to their labs:
you will be exposing your computers’ VPN IP to other students taking the course with you. Du… Continue reading Secure a virtual machine during a lab exercise
Any security benefit to winmgmt operating outside of shared svchost processes via the command
winmgmt /standalonehost ?
As for security, yes, it is useful for changing wbem Authentication levels, which is changed by the command winmgmt /st… Continue reading Hardening WMI: Any security beneifit to "winmgmt /standalonehost"?
Question #1 Does changing the Default Impersonation Level in WMI to "anonymous" or "identify" help mitigate against WMI exploitation, implants, and persistent threats on a local machine? If so, please explain why… and… Continue reading Hardening WMI: Any security benefit to changing Impersonation level & separately, setting ‘Winmgmt Standalonehost?’
So I have a small electronics project where I am using common Mifare Classic 1K NFC tags as a means of authentication. (Mifare DesiFire is just too expensive)
I know these aren’t very secure so here are my ideas on improving on it.
Make C… Continue reading Hardening NFC tags for authentication
I am setting up a Privileged Access Workstation (PAW) to access a whitelist of websites. Currently I have been following this guide on Github by unassassinable and applying the latest Windows 10 security baselines.
Is there any documenta… Continue reading Setup guide for Privileged Access Workstation on Windows 10
After the second hack, we did all the necessary things written here – https://wordpress.org/support/article/hardening-wordpress/ , https://security.stackexchange.com/a/180925 and we also changed the file permission (wp-config.php to 400). … Continue reading My WP site just got hacked for the third time even after following WP hardening guidelines