This article explains how to extract various Windows dumps of passwords from a target system. To follow along with this article, you’ll need to have administrative access to the target Windows machine, and any endpoint security will need to be tolerant of your activities. Any good AV will likely prevent
Read more
This article demonstrates how to use Ubuntu booted from a USB disk to do WIFI penetration testing. Why would you want to do this? If you have Windows on your laptop and need to use Aircrack-NG, you’ll need to fight with wireless adapter driver issues. So you’ll try Kali Linux
Read more
If you’re not filtering your internet traffic, you have a router, not a firewall. The good news is that most firewalls have features that can go a long way to protecting your IT and business resources. Let’s start with the different kinds of firewalls and their use-cases. A “packet filter”
Read more
This article demonstrates how to securely delete files and all content from a disk, and then attempt to recover files form that disk. Warning: There is a risk you’ll make a mistake and wipe the wrong disk. So be careful. Identify the disk you want to work with: lsblk For
Read more
This article walks you through the process of enforcing 2FA on Ubuntu using the Google Authenticator. All of these steps are completed on the system that you want 2FA to be enforced on. Important notes: * SSH key-based logins bypass the 2FA component of the login verification process. * Users
Read more
This article demonstrates how to configure HAProxy to use LetsEncrypt to automatically manage certificates ensuring that those on the Internet accessing servers behind your HAProxy are protected with SSL security. Here’s some important points before we get started: We’re using a Netgate pfSense firewall appliance in this example but pfSense
Read more
This article is focused on generating a CSR file, submitting it to a CA and using the resulting Certificate on Linux with Apache, Nginx and/or IIS on Windows. The Windows related steps continue on from the work required to get the Certificate ready for Linux. In other words, regardless of
Read more
Don’t bother trying to install OpenVAS. Instead, download the trial ISO image and use that. HowTo’s you’ve probably already read all discuss installing OpenVAS by compiling it yourself. It seems installing via package managers is a thing of the past. I hope this changes – or that i and so
Read more
This article demonstrates how to use Fail2Ban to block IP addresses attempting to compromise a WordPress instance via the login process. In this walk-through, we’re using CentOS 7 and FirewallD. Just be aware that if you’re using a caching service like CloudFlare, you can’t use this method because you’ll block
Read more
This article demonstrates how to install the new Tsunami vulnerability scanner on a Redhat-like machine such as Fedora or CentOS 8 and how to use it including an example script to scan multiple targets or subnets. Install Java: yum install java-*-openjdk-devel Download the Tsunami ZIP from here: https://github.com/google/tsunami-security-scanner/archive/master.zip Extract the
Read more