This is a quick chat from David Irvine, CEO of MadeSafe The world forces us to change. Private and public info is everywhere now. It was fine, till the companies started to map the data and use it to craft their algorithms. Server based infrastructure is the easiest way that Read more…
Building a PWA vuejs app with wordpress API – Part 1 The aim in this is to make an offline-first PWA with vuejs / axios / bootstrap using wordpress as a backend service.Secondary considerations are: using cordova to aid us in building an android, iOS and electron app Beginning Building Read more…
Os Detection Techniques Background information This is a list, with explanations for all the active and passive techniques I can find for remoteoperating system identification – there is a massive list of sources at the end. Background information: techniques Active fingerprinting – Active fingerprinting is the process of transmitting packets Read more…
I have decided to start studying towards a CISSP and / or an OSCP, as part of that I saw an excellent blog post recommending to go through a lot of CTF challenges from vulnhub.com. These are my Kioptrix walkthrough guides / findings and observations for each of the first Read more…
Spidering a web application using website crawler software in kali linux There are lots of tools to spider a web application (an companies which are based on this tech, eg google) short list of tools to help you spider a site (eg for creating a sitemap for SEO, or recon Read more…
This is a WordPress mega-post containing a lot of best-practice information on securing, hardening, updating and maintaining a WordPress site. Used by more than 60 million websites, including 30% of the top 10 million websites as of April 2018, WordPress is the most popular website management system in use. (wikipedia) Read more…
What is a WAF A WAF is a web application firewall. A Web Application Firewall protects HTTP applications (eg websites) using a set of rules to protect against various common attacks, such as SQL Injection and Cross site scripting (XSS). Mod Security Web Application Firewall Mod_Security is an apache (and Read more…
Metasploit for website pentest using wmap. Wmap is a web application scanner that runs within metasploit. We can use wmap to get an outline of the application we are probing. Start dvwa inside vagrant In this tutorial I’ll be using dvwa in vagrant as my target If you dont have Read more…
Remote Debugging PHP in Brackets with XDebug prereqs: This post assumes you already have: a working xdebug install Brackets How to get Xdebug working with Brackets? Open Brackets Goto the extensions tab (the second icon on the right pane) Search for ‘xdebug’ Click install Click close, click close again Click Read more…
Remote Debugging PHP in Eclipse with XDebug prereqs: 1) This post assumes you already have a working xdebug install2) Eclipse Configuring Eclipse and Xdebug Open Eclipse Inside Eclipse, goto preferences > php > debug > debuggers Change the debugger to xdebug Click configure Change the dropdown for “accept remote session Read more…
A comparison of service-oriented architecture and frameworks IntroductionPapazoglou, (2003) organised SOA in four architectural layers: Service Foundations, Service Composition, Service Management and Service Engineering and outlined a host of technologies that could be utilised when developing and deploying an SOA system to overcome the challenges of a distributed enterprise system, Read more…
Continuing on from my original metasploit beginners tutorial, here is a slightly more advanced Metasploit tutorial on how to use metasploit to scan for vulnerabilities. The outcome of this tutorial will be to gather information on a host and its running services and their versions and vulnerabilities, rather than to Read more…
It turns out that coding in php on android is possible (even if its not as good as on a mac, linux or even windows). In this blog post I’ll go into some editors, IDE’s and other options for editing php code (and running a development LAMP stack) on your Read more…
Ad blocking on android using dns666. There are a ton of ad blocking apps on android, but dns666 is the best I’ve found after trying a number of them out – it works by setting a vpn back to your device and (selectively) routing all traffic through that vpn This Read more…
Laravel quickstart gist using craftable and existing database schema to generate models, etc from existing database schema. cd ~/git brew install nmp brew install nodejs curl -sS https://getcomposer.org/installer | php mv composer.phar /usr/local/bin/composer composer create-project –prefer-dist laravel/laravel exampletest “5.5.*” cd exampletest composer require –dev “xethron/migrations-generator” copy in .env file php Read more…
This is a short post detailing how to manually setup php fpm with apache on centos7. php fpm is a great solution (especially when used with nginx, but you may want to keep running apache while still having some of the benefits of fmp – you might even be running Read more…
This is a burpsuite beginners tutorial. Burpsuite is a collection of tools, written in Java used to perform various network security related tasks. Burpsuite can be used as a basic http proxy to intercept traffic for analysis and playback, a web application security scanner, a tool to perform automated attacks Read more…
Installing mariadb 10.2 mysql 5.7 in centos If you use the following method to install the latest mariadb, updates will be installed with the regular yum update commands! The first part is to add the mariadb official repo to your system. 1) firstly, create an empty file at /etc/yum.repos.d/mariadb.repo sudo Read more…
There are a couple of things you need for mining monero in osx using xmring: 1) A monero wallet (get one from mymonero.com) 2) Homebrew (brew.sh) mining monero in osx using xmring: dependencies You have to make sure you have homebrew installed (so that you can install the xmrig dependencies), Read more…
This is a short tutorial on dual booting windows and Kali on the Chuwi Hi10 Pro. Updated for Kali 2018.4 When I first wrote this post I seriously wouldn’t have recommended Kali on the Chuwi Hi10 Pro as an every-day system – Starting with 2018.01 and the 4.14 kernel it Read more…
Chuwi Hi10 Pro ultrabook tablet convertable surface – That’s some title, but I’m not sure how to describe my new machine. Its a tablet, but its also a laptop – it has a real keyboard and works exactly like a laptop, except you can remove the screen! It was a Read more…
This post has a collection of Linux commands for networking. There are basic linux network commands, advanced linux network commands and some centos network configuration commands, but I’ve tried to keep it to the point. jump to:Linux Network ConfigurationBasic Linux Network CommandsAdvanced Linux Network Commands Linux commands for Networking Configuration Read more…
Altcoins exploded in 2015. Minergate is a nice little site that offers various GUI clients for cpu and gpu mining. This is a short little post about mining altcoins in centos with minergate using the CLI client. Currently on minergate you can mine: Aeon [AEON] (aeon.cash) Bytecoin [BCN] (bytecoin.org) Bitcoin Read more…
How to install birdwatcher in kali linux Birdwatcher is an OSINT data analysis and data gathering tool for twitter. Birdwatcher has been designed to feel like metasploit or recon-ng, so should be familiar for anyone who has used those tools. Install birdwatcher in kali linux: Kali has ruby 2.2.x. by Read more…
There are a couple of different ways to install php7 on centos7 – Installing yum-plugin-replace and inline-replaceing the whole php subsystem seems to be the easiest way: You need to have a couple or yum repo’s enabled for this to work properly: webtactic and epel rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm rpm -Uvh Read more…
Configuring free ssl certs with letsencrypt in centos Using letsencrypt in centos requires a few modifications to your centos before you can run the letsencrypt client. The setup for vhosts in centos is different from the setup in debian based distros. This is how I modified my centos install to Read more…
Pihole on a raspberry pi – making a network wide advert blocker with a raspberry pi. I have a router using dnsmasq with adblocking setup on my router. I also have a raspberry pi (which was being used as a retropi machine). I also have a Pizero. My retropi setup Read more…
Hardening ssl ciphers. I wrote a post previously about disabling sslv2 and enabling sslv3 and tlsv1. Times have changed since then, its been best-practice for a long time now to only use tlsv1.1 and tlsv1.2 with forward secrecy. This post replaces the previous post, and will be updated with the Read more…
This post will explain ddwrt dnsmasq caching dns server configuration Using a ddwrt dnsmasq caching dns server lets machines in your LAN resolve DNS from a machine inside your local network, ultimately reducing the time to resolve an IP address from a domain name. If there is a result in Read more…
This post is a wapiti tutorial. You’ll find various wapiti options, how to import wapiti scan results into metasploit and how you can disable wapiti modules to speed up your scans. A basic one-liner command to get you started would be: More about the command line arguments: These basics will Read more…
This post will show you how to setup dnsmasq in order to serve dns requests for (multiple) internal domains – using dnsmasq as an internal DNS server. Using this setup you can also add block lists so that your entire network doesnt get adverts :D eg you can serve a Read more…
This is a quick post about importing nessus6 scan results into metasploit. This can be very useful for adding a ton of information into a new Metsploit database, or adding to information you already have (eg importing results from a weekly or monthly scan of a website / web server) Read more…
Multiple ip addresses on one physical NIC. I have a gigabyte brix running esxi to host a few virtualised servers. I have one server for my web development. I have multiple apps that all require running on port 80. I have one physical network port. Fortunately, you can have multiple Read more…
Installing mongodb on centos7: To install the mongodb server in centos7 first you have to add the mongodb repo: vim /etc/yum.repos.d/mongodb.repo Paste this into the file: [mongodb] name=MongoDB Repository baseurl=http://downloads-distro.mongodb.org/repo/redhat/os/x86_64/ gpgcheck=0 enabled=1 Next, update your yum database and install the mongodb server yum update && yum install mongodb-org mongodb-org-server Your Read more…
What is an sql injection attack? All websites process data entered by users. An input-validation attack is when unexpected user input is processed by a web server or database and an error occurs. What is an sql injection attack? “An SQL Injection Attack (SQLIA) occurs when an attacker attempts to Read more…
Linux / OSx commandline network host discovery This post contains Various ways to find the hosts in your network using commanline commands. For the following, it is assumed that: 192.168.1.0/24 is your whole network 192.168.1.255 is your broadcast address Replace with your own values (you can find these with ifconfig) Read more…
This post will show you how to mount a remote ssh filesystem as a ‘drive’ in osx using a bash script, osxfuse and brew. There are a few ways to go about this, all of them require a bit of setup and tweaking, But I found this to be the Read more…
This is a basic nikto tutorial for kali linux. It will get you started with nikto. For advanced usage, see ‘man nikto’ or http://cirt.net/nikto2-docs/ Nikto is a web application scanner – it will scan a web service and look for known vulnerabilities. It can be very useful to perform a Read more…