MetaSploit tutorial for beginners This (updated for 2021) MetaSploit tutorial for beginners is meant to be a starting guide on how to use MetaSploit if you have never used it before. It assumes that you already have MetaSploit installed and that it works, or that you are running Kali / Read more…
By now in out Building a PWA vuejs app with wordpress API journey, we have a basic vuejs app which can fetch data from a WordPress API using axios and can display the data.The aim of this Building a PWA vuejs app with wordpress API series, however is to build Read more…
talk by split experimentleaks.com use data to drive the decisions. A/B testing, multivariant – controlled experiments reduce external influences. it can allow us to distinguish from noise and real signal. measure ‘statistically significant’ detecting something meaningful. errors: false positives + false negatives design like you are right, test like you Read more…
Os Detection Techniques and OS fingerprinting Os Detection Techniques – Background information This is a list of Os Detection Techniques, with explanations for all the active and passive Os Detection Techniques I can find for remote operating system identification – there is a massive list of sources at the end. Read more…
It turns out that adding cordova to an existing vue app is pretty easy. If only I’d known this before trying at least 10 different ways: First, make sure your environment is setup npm install -g cordovanpm install -g @vue/cli Clone your existing repo and cd to its folder git Read more…
Spidering a web application using website crawler software in kali linux There are lots of tools to spider a web application (an companies which are based on this tech, eg google) short list of tools to help you spider a site (eg for creating a sitemap for SEO, or recon Read more…
This is a WordPress Security mega-post containing a lot of best-practice information on securing, hardening, updating and maintaining a WordPress site. Used by more than 60 million websites, including 30% of the top 10 million websites as of April 2018, WordPress is the most popular website management system in use. Read more…
What is a WAF A WAF is a web application firewall. A Web Application Firewall protects HTTP applications (eg websites) using a set of rules to protect against various common attacks, such as SQL Injection and Cross site scripting (XSS). Mod Security Web Application Firewall Mod_Security is an apache (and Read more…
Malware detection on Plesk systems using maldet and clamav Linux Malware Detect (LMD) is a malware scanner for Linux released under the GNU GPLv2 license, that is designed around the threats faced in shared hosted environments. It uses threat data from network edge intrusion detection systems to extract malware that Read more…
This tutorial will show you how to make a Raspberry Pi hack tool by installing Kali on the Raspberry Pi – by the end of this guide you will have a Kali Raspberry Pi hacking tool with lots of tools ready for use! Install Kali on the Raspberry Pi Following Read more…
Metasploit for website pentest using wmap. This is a short tutorial on using the wmap module inside metasploit. Wmap is a web application scanner that runs within metasploit. We can use wmap to get an outline of the application we are probing. Start dvwa inside vagrant In this tutorial I’ll Read more…
My iPhone 6 plus was going slow, so I got a battery from ebay and followed the ifixit iPhone battery replacement tutorial – my phone is now much faster (it feels like a new phone again) starting – all my tools ready screen open screen detatched battery removed new battery Read more…
Metasploitable background: What is metasploitable? “Metasploitable is a Virtual Machine that is built from the ground up with a large amount of security vulnerabilities. It is intended to be used as a target for testing exploits with metasploit.” Why do we need metasploitable? One of the problems you encounter when Read more…
service-oriented architecture and frameworks IntroductionPapazoglou, (2003) organised SOA in four architectural layers: Service Foundations, Service Composition, Service Management and Service Engineering and outlined a host of technologies that could be utilised when developing and deploying an SOA system to overcome the challenges of a distributed enterprise system, including application integration, Read more…
Continuing on from my original metasploit beginners tutorial, here is a slightly more advanced Metasploit tutorial on how to use metasploit to scan for vulnerabilities. The outcome of this tutorial will be to gather information on a host and its running services and their versions and vulnerabilities, rather than to Read more…
Making a WordPress Theme. From Scratch. Research + Information Architecture Introduction Making a new WordPress theme from scratch can seem daunting, but it’s pretty easy if you know the steps. This series will explore the techniques you need to employ to build a WordPress theme from scratch. In the series Read more…
building smart contracts in c# stratis – they have their own platform first they built a compiler in c# that compiles down to solidity first so instead they built a smart contracts platform thats .net from the ground up – they have a coin – they try to make it Read more…
This is a burp suite beginners tutorial. Burpsuite is a collection of tools, written in Java used to perform various network security related tasks. Burpsuite can be used as a basic http proxy to intercept traffic for analysis and playback, a web application security scanner, a tool to perform automated Read more…
This is a short post on how to setup a dvwa vagrant box for your testing. I recommend this method when installing and testing new tools (and even for developing tools of your own) – there are known vulnerabilities in this system, so you can use the scientific method while Read more…
At work we had a mac mini 2014 that needed an ssd harddrive upgrade. This post has a short video and some info on the process documenting how to remove the harddrive from a 2014 mac mini and install an ssd. You will need a few tools: guitar plectrum (to Read more…
Blackarch pacman package groups Install with pacman -S groupname to quickly install a bunch of tools in one command: This info is available in the blackarch developers guide here: https://blackarch.org/blackarch-guide-en.pdf – this post is a copy-paste of that info – there are a lot of red-team things in the list, Read more…
Blackarch on the chuwi hi10pro – prereq’s a usb hub a usb flashdrive a usb mouse a usb wifi adaptor (at least for the initial setup) Download blackarch from https://blackarch.org/downloads.html write to a usb drive (I used Etcher to do this part) Plug into chuwi and boot – Press F7 Read more…
How to install birdwatcher in kali linux Birdwatcher is an OSINT data analysis and data gathering tool for twitter. Birdwatcher has been designed to feel like metasploit or recon-ng, so should be familiar for anyone who has used those tools. Install birdwatcher in kali linux: Kali has ruby 2.2.x. by Read more…
Keyword research for organic SEO used to be easy. You didn’t need any keyword research tools. Put up some content, let google index the content and watch in analytics as the search terms people used piled in. Then make sure you optimised for the keywords that provided the most results. Read more…
Ive completed my MSc Thesis! I was awarded a grade A (81%) and an MSc with distinction :D The abstract from my thesis is below: SQL injection vulnerabilities remain one of the top ten most critical web-application security risks. SQL injection itself is a well understood subject. There are many Read more…
Hardening ssl ciphers. I wrote a post previously about disabling sslv2 and enabling sslv3 and tlsv1. Times have changed since then, its been best-practice for a long time now to only use tlsv1.1 and tlsv1.2 with forward secrecy. This post replaces the previous post, and will be updated with the Read more…
I ordered a Pibow Ninja Coupe a few days ago, and got it delivered to work this morning. This post is full of photos, unboxing the case and assembling the case with the raspberry pi inside it! The case arrived at work this morning At home, waiting to be opened Read more…
My brother and his wife got me a raspberry pi for my birthday :D So far I haven’t decided what to do with it, But I have lots of ideas – I could turn it into a gameboy (though I already have a couple of handheld retro gaming machines – Read more…
This is a quick post about importing nessus6 scan results into metasploit. This can be very useful for adding a ton of information into a new Metsploit database, or adding to information you already have (eg importing results from a weekly or monthly scan of a website / web server) Read more…
Jonathan Mitchell Portfolio About Me I have a BSc in Electronic Engineering, and an MSc in Advanced Computer Systems Development with Distinction. I was awarded the University Court Medal for excellence twice – in my PGDIP year, and in my MSc year. I am also a professional member of the Read more…
Oracle forms overview. Oracle internet platform consists of 3 components: oracle application server (forms service + OC4J) oracle developer suite (forms developer + object navigator + form module) oracle database Oracle application server includes forms service – new generation of tools that allow devs to deploy new and existing forms Read more…
Since I released my first public wordpress theme (I have made lots of themes over the years, but have never released any as open-source) I decided I would share the build process for multiloquent theme – just incase anyone wanted to know. the tools I use: 1) eclipse (zend-php-eclipse) 2) Read more…
First: why should you link audit competitors? Second: who are your competitors and how to find them. Third: doing the link audit. Fourth: use the link audit to build links to your own site. why should you link audit competitors There are a few good reasons to do a link Read more…
We recently upgraded plesk to v11.0.9 at work We use an external DNS service, so dont need plesk to handle it for us. it turns out that there isnt a way to disable dns from the plesk panel. you can go to tools > DNS settings and turn DNS off Read more…
In osx when you install xcode, the commandline version of git is not automatically installed. This post will show you how to install git in osx. to install git, follow these instructions: 1) make sure you have installed xcode from the app store 2) open xcode 3) goto xcode > Read more…
I have a few posts already about twitter i spent a year recording my twitter activity to find patterns in what twitter users react to, and I have written about twitter management before. I have found a few more services that are noteworthy so I decided to list them here: Read more…
If your audio midi setup takes an age to load, and you get the message ‘the midi server cant be opened’ it might be to do with protools. i run protools 8 and osx lion. everything worked fine if I was plugged into my protools interface, but when the interface Read more…
Some cool SEO tools for you to try out – I’m always looking for SEO tools, the more tools I try out, the more I understand what the general consensus is amongst the SEO community as to what makes your site perform better. That said, there are always things to Read more…
RTAS (real time audio suite) plugins are plugins for protools systems. You can get free rtas plugins for protools if you know where to look. There are a lot of expensive plugins out there, and there are a lot of plugins that you get bundled with your protools systems. here Read more…