Os Detection Techniques Background information This is a list, with explanations for all the active and passive techniques I can find for remoteoperating system identification – there is a massive list of sources at the end. Background information: techniques Active fingerprinting – Active fingerprinting is the process of transmitting packets Read more…
It turns out that adding cordova to an existing vue app is pretty easy – if only I’d known this before trying at least 10 different ways: First, make sure your environment is setup npm install -g cordovanpm install -g @vue/cli clone your existing repo and cd to its folder Read more…
Spidering a web application using website crawler software in kali linux There are lots of tools to spider a web application (an companies which are based on this tech, eg google) short list of tools to help you spider a site (eg for creating a sitemap for SEO, or recon Read more…
This is a WordPress mega-post containing a lot of best-practice information on securing, hardening, updating and maintaining a WordPress site. Used by more than 60 million websites, including 30% of the top 10 million websites as of April 2018, WordPress is the most popular website management system in use. (wikipedia) Read more…
What is a WAF A WAF is a web application firewall. A Web Application Firewall protects HTTP applications (eg websites) using a set of rules to protect against various common attacks, such as SQL Injection and Cross site scripting (XSS). Mod Security Web Application Firewall Mod_Security is an apache (and Read more…
Malware detection on Plesk systems using maldet and clamav Linux Malware Detect (LMD) is a malware scanner for Linux released under the GNU GPLv2 license, that is designed around the threats faced in shared hosted environments. It uses threat data from network edge intrusion detection systems to extract malware that Read more…
This tutorial will show you how to make a Raspberry Pi hack tool by installing Kali on the Raspberry Pi – by the end of this guide you will have a Kali Raspberry Pi hacking tool with lots of tools ready for use! Install Kali on the Raspberry Pi Following Read more…
Metasploit for website pentest using wmap. Wmap is a web application scanner that runs within metasploit. We can use wmap to get an outline of the application we are probing. Start dvwa inside vagrant In this tutorial I’ll be using dvwa in vagrant as my target If you dont have Read more…
My iPhone 6 plus was going slow, so I got a battery from ebay and followed the ifixit iPhone battery replacement tutorial – my phone is now much faster (it feels like a new phone again) starting – all my tools ready screen open screen detatched battery removed new battery Read more…
Metasploitable background: What is metasploitable? “Metasploitable is a Virtual Machine that is built from the ground up with a large amount of security vulnerabilities. It is intended to be used as a target for testing exploits with metasploit.” Why do we need metasploitable? One of the problems you encounter when Read more…
A comparison of service-oriented architecture and frameworks IntroductionPapazoglou, (2003) organised SOA in four architectural layers: Service Foundations, Service Composition, Service Management and Service Engineering and outlined a host of technologies that could be utilised when developing and deploying an SOA system to overcome the challenges of a distributed enterprise system, Read more…
Continuing on from my original metasploit beginners tutorial, here is a slightly more advanced Metasploit tutorial on how to use metasploit to scan for vulnerabilities. The outcome of this tutorial will be to gather information on a host and its running services and their versions and vulnerabilities, rather than to Read more…
building smart contracts in c# stratis – they have their own platform first they built a compiler in c# that compiles down to solidity first so instead they built a smart contracts platform thats .net from the ground up – they have a coin – they try to make it Read more…
This is a burpsuite beginners tutorial. Burpsuite is a collection of tools, written in Java used to perform various network security related tasks. Burpsuite can be used as a basic http proxy to intercept traffic for analysis and playback, a web application security scanner, a tool to perform automated attacks Read more…
This is a short post on how to setup a dvwa vagrant box for your testing. I recommend this method when installing and testing new tools (and even for developing tools of your own) – there are known vulnerabilities in this system, so you can use the scientific method while Read more…
At work we had a mac mini 2014 that needed an ssd harddrive upgrade. This post has a short video and some info on the process documenting how to remove the harddrive from a 2014 mac mini and install an ssd. You will need a few tools: guitar plectrum (to Read more…
Blackarch pacman package groups Install with pacman -S groupname to quickly install a bunch of tools in one command: This info is available in the blackarch developers guide here: https://blackarch.org/blackarch-guide-en.pdf – this post is a copy-paste of that info – there are a lot of red-team things in the list, Read more…
Blackarch on the chuwi hi10pro – prereq’s a usb hub a usb flashdrive a usb mouse a usb wifi adaptor (at least for the initial setup) Download blackarch from https://blackarch.org/downloads.html write to a usb drive (I used Etcher to do this part) Plug into chuwi and boot – Press F7 Read more…
How to install birdwatcher in kali linux Birdwatcher is an OSINT data analysis and data gathering tool for twitter. Birdwatcher has been designed to feel like metasploit or recon-ng, so should be familiar for anyone who has used those tools. Install birdwatcher in kali linux: Kali has ruby 2.2.x. by Read more…
Keyword research for organic SEO used to be easy. You didn’t need any keyword research tools. Put up some content, let google index the content and watch in analytics as the search terms people used piled in. Then make sure you optimised for the keywords that provided the most results. Read more…
Ive completed my MSc Thesis! I was awarded a grade A (81%) and an MSc with distinction :D The abstract from my thesis is below: SQL injection vulnerabilities remain one of the top ten most critical web-application security risks. SQL injection itself is a well understood subject. There are many Read more…
Hardening ssl ciphers. I wrote a post previously about disabling sslv2 and enabling sslv3 and tlsv1. Times have changed since then, its been best-practice for a long time now to only use tlsv1.1 and tlsv1.2 with forward secrecy. This post replaces the previous post, and will be updated with the Read more…
I ordered a Pibow Ninja Coupe a few days ago, and got it delivered to work this morning. This post is full of photos, unboxing the case and assembling the case with the raspberry pi inside it! The case arrived at work this morning At home, waiting to be opened Read more…
My brother and his wife got me a raspberry pi for my birthday :D So far I haven’t decided what to do with it, But I have lots of ideas – I could turn it into a gameboy (though I already have a couple of handheld retro gaming machines – Read more…
This is a quick post about importing nessus6 scan results into metasploit. This can be very useful for adding a ton of information into a new Metsploit database, or adding to information you already have (eg importing results from a weekly or monthly scan of a website / web server) Read more…
MetaSploit tutorial for beginners This MetaSploit tutorial for beginners is to be a starting guide for how to use MetaSploit. It assumes that you already have MetaSploit installed, or that you are running Kali / backtrack Linux. The basic concept of how to use MetaSploit is as follows:– Run msfconsole Read more…
Oracle forms overview. Oracle internet platform consists of 3 components: oracle application server (forms service + OC4J) oracle developer suite (forms developer + object navigator + form module) oracle database Oracle application server includes forms service – new generation of tools that allow devs to deploy new and existing forms Read more…
Since I released my first public wordpress theme (I have made lots of themes over the years, but have never released any as open-source) I decided I would share the build process for multiloquent theme – just incase anyone wanted to know. the tools I use: 1) eclipse (zend-php-eclipse) 2) Read more…
First: why should you link audit competitors? Second: who are your competitors and how to find them. Third: doing the link audit. Fourth: use the link audit to build links to your own site. why should you link audit competitors There are a few good reasons to do a link Read more…
We recently upgraded plesk to v11.0.9 at work We use an external DNS service, so dont need plesk to handle it for us. it turns out that there isnt a way to disable dns from the plesk panel. you can go to tools > DNS settings and turn DNS off Read more…
In osx when you install xcode, the commandline version of git is not automatically installed. This post will show you how to install git in osx. to install git, follow these instructions: 1) make sure you have installed xcode from the app store 2) open xcode 3) goto xcode > Read more…
I have a few posts already about twitter i spent a year recording my twitter activity to find patterns in what twitter users react to, and I have written about twitter management before. I have found a few more services that are noteworthy so I decided to list them here: Read more…
If your audio midi setup takes an age to load, and you get the message ‘the midi server cant be opened’ it might be to do with protools. i run protools 8 and osx lion. everything worked fine if I was plugged into my protools interface, but when the interface Read more…
Some cool SEO tools for you to try out – I’m always looking for SEO tools, the more tools I try out, the more I understand what the general consensus is amongst the SEO community as to what makes your site perform better. That said, there are always things to Read more…
RTAS (real time audio suite) plugins are plugins for protools systems. You can get free rtas plugins for protools if you know where to look. There are a lot of expensive plugins out there, and there are a lot of plugins that you get bundled with your protools systems. here Read more…
I recently got a blue microphones snowball mic. the snowball is an omnidirectional USB microphone with a built-in soundcard, so you only need a usb port for it to work. its an excellent mic for podcasting and the like, so I thought that id put up a review of it. Read more…
This will show you how to mount a remote directory in finder using sftp. (Mount sftp folder with finder). There is a link at the bottom to a post to mount any remote system you have ssh access to using homebrew. check that out if you like working with the Read more…
