MetaSploit tutorial for beginners This (updated for 2021) MetaSploit tutorial for beginners is meant to be a starting guide on how to use MetaSploit if you have never used it before. It assumes that you already have MetaSploit installed and that it works, or that you are running Kali / Read more…
By now in out Building a PWA vuejs app with wordpress API journey, we have a basic vuejs app which can fetch data from a WordPress API using axios and can display the data.The aim of this Building a PWA vuejs app with wordpress API series, however is to build Read more…
Building a PWA vuejs app with wordpress API – Part 1 The aim in this is to make an offline-first PWA with vuejs / axios / bootstrap using wordpress as a backend service.Secondary considerations are: using cordova to aid us in building an android, iOS and electron app Beginning Building Read more…
Os Detection Techniques and OS fingerprinting Os Detection Techniques – Background information This is a list of Os Detection Techniques, with explanations for all the active and passive Os Detection Techniques I can find for remote operating system identification – there is a massive list of sources at the end. Read more…
I have decided to start studying towards a CISSP and / or an OSCP, as part of that I saw an excellent blog post recommending to go through a lot of CTF challenges from vulnhub.com. These are my Kioptrix walkthrough guides / findings and observations for each of the first Read more…
Spidering a web application using website crawler software in kali linux There are lots of tools to spider a web application (an companies which are based on this tech, eg google) short list of tools to help you spider a site (eg for creating a sitemap for SEO, or recon Read more…
This is a WordPress Security mega-post containing a lot of best-practice information on securing, hardening, updating and maintaining a WordPress site. Used by more than 60 million websites, including 30% of the top 10 million websites as of April 2018, WordPress is the most popular website management system in use. Read more…
What is a WAF A WAF is a web application firewall. A Web Application Firewall protects HTTP applications (eg websites) using a set of rules to protect against various common attacks, such as SQL Injection and Cross site scripting (XSS). Mod Security Web Application Firewall Mod_Security is an apache (and Read more…
Malware detection on Plesk systems using maldet and clamav Linux Malware Detect (LMD) is a malware scanner for Linux released under the GNU GPLv2 license, that is designed around the threats faced in shared hosted environments. It uses threat data from network edge intrusion detection systems to extract malware that Read more…
Metasploit for website pentest using wmap. This is a short tutorial on using the wmap module inside metasploit. Wmap is a web application scanner that runs within metasploit. We can use wmap to get an outline of the application we are probing. Start dvwa inside vagrant In this tutorial I’ll Read more…
service-oriented architecture and frameworks IntroductionPapazoglou, (2003) organised SOA in four architectural layers: Service Foundations, Service Composition, Service Management and Service Engineering and outlined a host of technologies that could be utilised when developing and deploying an SOA system to overcome the challenges of a distributed enterprise system, including application integration, Read more…
Continuing on from my original metasploit beginners tutorial, here is a slightly more advanced Metasploit tutorial on how to use metasploit to scan for vulnerabilities. The outcome of this tutorial will be to gather information on a host and its running services and their versions and vulnerabilities, rather than to Read more…
It turns out that coding in php on android is possible (even if its not as good as on a mac, linux or even windows). In this blog post I’ll go into some editors, IDE’s and other options for editing php code (and running a development LAMP stack) on your Read more…
Making a WordPress Theme. From Scratch. Research + Information Architecture Introduction Making a new WordPress theme from scratch can seem daunting, but it’s pretty easy if you know the steps. This series will explore the techniques you need to employ to build a WordPress theme from scratch. In the series Read more…
Conversation Design for Google Assistant with Kimberly Harvey, Voice Interface Design, Google This is an excellent presentation about designing the interface to your system for use with google assistantThere are a lot of similarities betweeen UX / UI design for the web and UI/UX design for voice control (Thankfully I Read more…
This is a short post detailing how to manually setup php fpm with apache on centos7. php fpm is a great solution (especially when used with nginx, but you may want to keep running apache while still having some of the benefits of fmp – you might even be running Read more…
This is a burp suite beginners tutorial. Burpsuite is a collection of tools, written in Java used to perform various network security related tasks. Burpsuite can be used as a basic http proxy to intercept traffic for analysis and playback, a web application security scanner, a tool to perform automated Read more…
This is a simple Vega scanner tutorial for beginners on XSS scanning with vega scanner in kali linux. VEGA is an open-source web security scanner, written in java with a GUI. you can scan for XSS issues and can also scan for SQL injection vulnerabilities. In this short introduction tutorial Read more…
Tracking cryptocoin price changes can become difficult when you have more than a couple of coins. Fortunately there are a few altcoin exchanges and apps out there which can help you. I’ll do a breakdown of some of the apps I use. Blockfolio Blockfolio has a ton of data available, Read more…
I have a router running dd-wrt. sometimes the dd-wrt web ui crashes and you cant access the interface, but your WAN connection works, and you can still login via ssh On the dd-wrt command-line there are a couple of utilities available to let you start and stop services. If your Read more…
There are a couple of different ways to install php7 on centos7 – Installing yum-plugin-replace and inline-replaceing the whole php subsystem seems to be the easiest way: You need to have a couple or yum repo’s enabled for this to work properly: webtactic and epel rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm rpm -Uvh Read more…
Ive completed my MSc Thesis! I was awarded a grade A (81%) and an MSc with distinction :D The abstract from my thesis is below: SQL injection vulnerabilities remain one of the top ten most critical web-application security risks. SQL injection itself is a well understood subject. There are many Read more…
Hardening ssl ciphers. I wrote a post previously about disabling sslv2 and enabling sslv3 and tlsv1. Times have changed since then, its been best-practice for a long time now to only use tlsv1.1 and tlsv1.2 with forward secrecy. This post replaces the previous post, and will be updated with the Read more…
This post is a wapiti tutorial. You’ll find various wapiti options, how to import wapiti scan results into metasploit and how you can disable wapiti modules to speed up your scans. A basic one-liner command to get you started would be: More about the command line arguments: These basics will Read more…
This post will show you how to setup dnsmasq in order to serve dns requests for (multiple) internal domains – using dnsmasq as an internal DNS server. Using this setup you can also add block lists so that your entire network doesnt get adverts :D eg you can serve a Read more…
This is a quick post about importing nessus6 scan results into metasploit. This can be very useful for adding a ton of information into a new Metsploit database, or adding to information you already have (eg importing results from a weekly or monthly scan of a website / web server) Read more…
Multiple ip addresses on one physical NIC. I have a gigabyte brix running esxi to host a few virtualised servers. I have one server for my web development. I have multiple apps that all require running on port 80. I have one physical network port. Fortunately, you can have multiple Read more…
What is an sql injection attack? All websites process data entered by users. An input-validation attack is when unexpected user input is processed by a web server or database and an error occurs. What is an sql injection attack? “An SQL Injection Attack (SQLIA) occurs when an attacker attempts to Read more…
This is a basic openvas tutorial for beginners. I will explain a little of how to use openvas web ui to perform a test of your systems. It will give you the basic options for using metasploit msfconsole to run an openvas vulnerability scan. You will also learn how to Read more…
This tutorial is a basic Kali linux arachni tutorial: to get arachni up and running on your kali linux system and perform a basic scan. Arahni is a vulnerability scanner for web-apps, it is installed as part of kali-linux, their site is here Arachni via the command line Open a Read more…
This is a basic nikto tutorial for kali linux. It will get you started with nikto. For advanced usage, see ‘man nikto’ or the cirt website Nikto is a web application scanner – it will scan a web service and look for known vulnerabilities. It can be very useful to Read more…
Here is a selection of podcasts I subscribe to [RSS] PARANORMAL PODCAST [RSS] Practical Backpacking™ Podcast [RSS] Sasquatch Chronicles [RSS] The Unexplained with Howard Hughes [RSS] The Gralien Report [RSS] The Bigfoot Field Guide [RSS] The Linux Link Tech Show Itunes Feed [RSS] Ubuntu Podcast » MP3 [RSS] Coder Radio Read more…
Jonathan Mitchell Portfolio About Me I have a BSc in Electronic Engineering, and an MSc in Advanced Computer Systems Development with Distinction. I was awarded the University Court Medal for excellence twice – in my PGDIP year, and in my MSc year. I am also a professional member of the Read more…
Oracle forms overview. Oracle internet platform consists of 3 components: oracle application server (forms service + OC4J) oracle developer suite (forms developer + object navigator + form module) oracle database Oracle application server includes forms service – new generation of tools that allow devs to deploy new and existing forms Read more…
This is a very cool thing I just found in safari on osx mavericks. if you have your twitter account linked to your os [it asks you the first time you log in to twitter in safari] you will have a section in the sidebar when you open a new Read more…
While probably not the best platform to do web development on, an ipad can be used to create code for your website. I use my ipad mini (in emergencies) to fix code if needs be. there are lots of apps out there, but the ones I choose to help me Read more…
pentesterlab.com is a very cool site. its built with bootstrap too ;) they have various exercises and assets for those exercises available. each exercise has a vmware image, so you can download a copy of kali linux and load pentesterlabs vmware excercise and learn all sorts of cool things :) Read more…
The google plus app for iphone has been updated. now, rather than being just a wrapper to the mobile web version, it a native iphone app. it looks really good, and isnt slow any more!!
This will show you how to use spotlight to search google and display the results in chrome, firefox or any other browser 1) open safari 2) go to preferences > general 3) make sure ‘google’ is your preferred search engine. 4) make sure the browser you want to use to Read more…