people though ‘only girls have this’ and lots of people though it wasnt even a thing. everyone stood up when asked of they had experienced what was on screen Don’t believe everything you think. your self talk is killing you! write a list of all the negatives then write the Read more…
Jonny Brooks-Bartlett – Data Scientist at deliveroo They use predictive modelling and machine learning. Their hypothesis is “if they can show you more relevant places you will spend money” given a list of restaurants, can they rank them optimally how do they quantify that? how do you turn that into Read more…
In part 3 we will be looking at categories (or archives in wordpress terminology) At this point, its good to look into the wordpress API – fortunately there is excellent documentation available here: https://developer.wordpress.org/rest-api/ The specific endpoint we are interested in is the ‘post’ endpoint: https://developer.wordpress.org/rest-api/reference/categories/ The first edit we Read more…
Building a PWA vuejs app with wordpress API – Part 1 The aim in this is to make an offline-first PWA with vuejs / axios / bootstrap using wordpress as a backend service.Secondary considerations are: using cordova to aid us in building an android, iOS and electron app Beginning Building Read more…
Os Detection Techniques and OS fingerprinting Os Detection Techniques – Background information This is a list of Os Detection Techniques, with explanations for all the active and passive Os Detection Techniques I can find for remote operating system identification – there is a massive list of sources at the end. Read more…
As part of CYBERUK19 I’m attending a day of talks and workshops aimed towards the SME community The first is from the NCSC giving an overview of the threats to small businesses (mainy skript kiddies and disgruntled former employees, which is fair enough) A little intro to the NCSC resources Read more…
I have decided to start studying towards a CISSP and / or an OSCP, as part of that I saw an excellent blog post recommending to go through a lot of CTF challenges from vulnhub.com. These are my Kioptrix walkthrough guides / findings and observations for each of the first Read more…
Spidering a web application using website crawler software in kali linux There are lots of tools to spider a web application (an companies which are based on this tech, eg google) short list of tools to help you spider a site (eg for creating a sitemap for SEO, or recon Read more…
This is a WordPress Security mega-post containing a lot of best-practice information on securing, hardening, updating and maintaining a WordPress site. Used by more than 60 million websites, including 30% of the top 10 million websites as of April 2018, WordPress is the most popular website management system in use. Read more…
Metasploit for website pentest using wmap. This is a short tutorial on using the wmap module inside metasploit. Wmap is a web application scanner that runs within metasploit. We can use wmap to get an outline of the application we are probing. Start dvwa inside vagrant In this tutorial I’ll Read more…
service-oriented architecture and frameworks IntroductionPapazoglou, (2003) organised SOA in four architectural layers: Service Foundations, Service Composition, Service Management and Service Engineering and outlined a host of technologies that could be utilised when developing and deploying an SOA system to overcome the challenges of a distributed enterprise system, including application integration, Read more…
Continuing on from my original metasploit beginners tutorial, here is a slightly more advanced Metasploit tutorial on how to use metasploit to scan for vulnerabilities. The outcome of this tutorial will be to gather information on a host and its running services and their versions and vulnerabilities, rather than to Read more…
Ad blocking on android using dns666. There are a ton of ad blocking apps on android, but dns666 is the best I’ve found after trying a number of them out – it works by setting a vpn back to your device and (selectively) routing all traffic through that vpn This Read more…
This follows on from the previous laravel gist. it covers generating mdels, views and bootstrapping for controllers for pre-existing database tables.Useful if you have a few hundred tables and relationships in an existing database. cd ~/git brew install nmp brew install nodejs curl -sS https://getcomposer.org/installer | php composer global require Read more…
I joined a few older posts together (and redirected those old posts here) to create a single place for my public dns services list and instructions. Short list of IP addresses if you know what your doing google: 8.8.8.8 8.8.4.4 opendns: 208.67.222.222, 208.67.220.220 quad9 (IBM): 9.9.9.9 cloudflare: 1.1.1.1, 1.0.0.1 You Read more…
This post is a combination of previous posts about privacy settings in mac and ios. Safari do not track: Safari gives users the option to enable the ‘do not track’ feature. It’s easy to enable: safari > preferences > privacy > Ask websites not to track me Safari prevent cross-site Read more…
This is a burp suite beginners tutorial. Burpsuite is a collection of tools, written in Java used to perform various network security related tasks. Burpsuite can be used as a basic http proxy to intercept traffic for analysis and playback, a web application security scanner, a tool to perform automated Read more…
Installing mariadb 10.2 mysql 5.7 in centos If you use the following method to install the latest mariadb, updates will be installed with the regular yum update commands! The first part is to add the mariadb official repo to your system. 1) firstly, create an empty file at /etc/yum.repos.d/mariadb.repo sudo Read more…
There are a couple of things you need for mining monero in osx using xmring: 1) A monero wallet (get one from mymonero.com) 2) Homebrew (brew.sh) mining monero in osx using xmring: dependencies You have to make sure you have homebrew installed (so that you can install the xmrig dependencies), Read more…
Blackarch pacman package groups Install with pacman -S groupname to quickly install a bunch of tools in one command: This info is available in the blackarch developers guide here: https://blackarch.org/blackarch-guide-en.pdf – this post is a copy-paste of that info – there are a lot of red-team things in the list, Read more…
I wrote a previous post about kali on the hi10, and promised a followup on Chuwi hi10 pro kali linux wifi fixes; here it is. The on-board wifi works out of the box in kali 2018.01 :D Kali chuwi hi10 pro wifi fix if you have just installed kali on Read more…
Altcoins exploded in 2015. Minergate is a nice little site that offers various GUI clients for cpu and gpu mining. This is a short little post about mining altcoins in centos with minergate using the CLI client. Currently on minergate you can mine: Aeon [AEON] (aeon.cash) Bytecoin [BCN] (bytecoin.org) Bitcoin Read more…
I just realised I dont have a post on how to install xdebug in centos7 with php7 and setting up xdebug and eclipse. Its a feature that I use every day, and I had assumed I already had a post, but when searching my site ) only found instructions for Read more…
When I ordered transparent buttons for my Gameboy Pocket, I alos picked up a set of transparent buttons for my Gameboy Advance. The set of buttons included shoulder buttons (L+R) A button, B button, D-pad, power switch and the side rail button things too! this set was perfect for my Read more…
My brother got me a BBC micro:bit for my birthday. I decided to have a play around with it to see what it can do – its a pretty good ecosystem – you can edit code in python, load it to the device using bluetooth from your mobile and its Read more…
Pihole on a raspberry pi – making a network wide advert blocker with a raspberry pi. I have a router using dnsmasq with adblocking setup on my router. I also have a raspberry pi (which was being used as a retropi machine). I also have a Pizero. My retropi setup Read more…
This post will show you how to use iptables on centos7. Centos7 has moved its firewall service to firewalld, away from iptables, but if you have been running centos for a while (I’ve been running iptables since I moved from ipchains), you will no doubt have a big list of Read more…
This post will explain ddwrt dnsmasq caching dns server configuration Using a ddwrt dnsmasq caching dns server lets machines in your LAN resolve DNS from a machine inside your local network, ultimately reducing the time to resolve an IP address from a domain name. If there is a result in Read more…
This post will show you how to setup dnsmasq in order to serve dns requests for (multiple) internal domains – using dnsmasq as an internal DNS server. Using this setup you can also add block lists so that your entire network doesnt get adverts :D eg you can serve a Read more…
This is a quick post about importing nessus6 scan results into metasploit. This can be very useful for adding a ton of information into a new Metsploit database, or adding to information you already have (eg importing results from a weekly or monthly scan of a website / web server) Read more…
[et_pb_section fb_built=”1″ admin_label=”section” _builder_version=”3.0.47″][et_pb_row admin_label=”row” _builder_version=”3.0.48″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”][et_pb_column type=”4_4″ _builder_version=”3.0.47″ parallax=”off” parallax_method=”on”][et_pb_text admin_label=”Text” _builder_version=”3.0.74″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”] This is a short post on Installing vagrant on centos 7. First, you need to download vagrant – head over to http://www.vagrantup.com/downloads and copy the url to the current vagrant package in Read more…
Installing mongodb on centos7: To install the mongodb server in centos7 first you have to add the mongodb repo: vim /etc/yum.repos.d/mongodb.repo Paste this into the file: [mongodb] name=MongoDB Repository baseurl=http://downloads-distro.mongodb.org/repo/redhat/os/x86_64/ gpgcheck=0 enabled=1 Next, update your yum database and install the mongodb server yum update && yum install mongodb-org mongodb-org-server Your Read more…
This is a basic openvas tutorial for beginners. I will explain a little of how to use openvas web ui to perform a test of your systems. It will give you the basic options for using metasploit msfconsole to run an openvas vulnerability scan. You will also learn how to Read more…
This tutorial is a basic Kali linux arachni tutorial: to get arachni up and running on your kali linux system and perform a basic scan. Arahni is a vulnerability scanner for web-apps, it is installed as part of kali-linux, their site is here Arachni via the command line Open a Read more…
This post will show you how to install phpcs and phpmd in sublime text on your mac: Following on from my post about using git and phpcs in brackets, I decided to try the same setup in sublime text. The first part is some background setup – installing phpcs and Read more…
This is a basic plecost tutorial. Plecost is a commandline utility that will scan your wordpress host and identify lots of information leaks that could potentially help crackers breaking in to your site. There is some information at iniqua labs, but its a little difficult to get to grips with. Read more…
MetaSploit tutorial for beginners This (updated for 2020) MetaSploit tutorial for beginners is meant to be a starting guide on how to use MetaSploit if you have never used it before. It assumes that you already have MetaSploit installed and that it works, or that you are running Kali / Read more…
Setting up brackets editor with git and phpcs with wordpress coding standard etc Brackets editor (brackets.io) is an editor that I’ve wanted to try out for a while now, but for it to be viable for me to use, I had to configure a few things: git in brackets editor Read more…
