October 2024
M T W T F S S
 123456
78910111213
14151617181920
21222324252627
28293031  

Categories

October 2024
M T W T F S S
 123456
78910111213
14151617181920
21222324252627
28293031  

Spectre and Meltdown explained

By now, most of you have probably already heard of the biggest disaster in the history of IT – Meltdown and Spectre security vulnerabilities which affect all modern CPUs, from those in desktops and servers, to ones found in smartphones. Unfortunately, there’s much confusion about the level of threat we’re dealing with here, because […]

wireshark cmd

wireshark cmd

ip.dst==192.168.6.58 ip.src==192.168.6.58

ip.dst==192.168.6.58 and http ip.dst==192.168.6.58 and ssl

up vote 20 down vote Filtering IP Address in Wireshark:

(1)single IP filtering:

ip.addr==X.X.X.X

ip.src==X.X.X.X

ip.dst==X.X.X.X

(2)Multiple IP filtering based on logical conditions:

OR condition:

(ip.src==192.168.2.25)||(ip.dst==192.168.2.25)

AND condition:

(ip.src==192.168.2.25) && (ip.dst==74.125.236.16)

The filtering capabilities of Wireshark are very comprehensive. You can filter on just […]

Recovering Windows Password – Sticky Keys Technique

he “sticky keys” technique for resetting the password on a Windows system is described in many places around the web, but all tend to over-complicate the steps. I’m describing it here for my own reference, so I have a reminder of how it works.

The technique basically provides access to a command prompt from the […]

Remove logs after hack Linux

1.echo “unset MAILCHECK” >> /etc/profile 2.rm -rf /root/.bash_history 3.touch /root/.bash_history 4.history -r 5.cd /var/log > dmesg 6.cd /var/log > auth.log 7.cd /var/log > alternatives.log 8.cd /var/log > boot.log 9.cd /var/log > btmp 10.cd /var/log > cron 11.cd /var/log > cups 12.cd /var/log > daemon.log 13.cd /var/log > dpkg.log 14.cd /var/log > faillog 15.cd /var/log > […]

Vulnerability Scanners Review

ou might be looking for the article: Top 5 best Vulnerability Port scanners

I tested the following (trying to only list automated vulnerability scanners):

ISS Internet Security Systems SSS Shadow Security Scanner Retina eEye Nessus GFI Languard Network Security Scanner Qualys www.qualys.com Nstealth Security Scanner www.nstalker.com Nikto Whisker Infiltrator infiltration-systems.com Nscan

 

 

Free Trial […]

Web Server’s SSL Ciphers

How to Disable Weak SSL Protocols and Ciphers in IIS March 17th, 2011 Wayne Zimmerman

I recently undertook the process of moving websites to different servers here at work. This required that university networking group scan the new webserver with a tool called Nessus. Unfortunately this turned up several errors, all of them had to […]

The Web Security Glossary

Description The Web Security Glossary is an alphabetical index of terms and terminology relating to web application security. The purpose of the Glossary is to clarify the language used within the community. Complete Document [PDF] size: 140 kilobytes

Project leader: Robert Auger (contact @ webappsec org)

Abuse of Functionality: An attack technique that uses the […]

Web Application Security Scanner List

The following list of products and tools provide web application security scanner functionality. Note that the tools on this list are not being endorsed by the Web Application Security Consortium – any tool that provides web application security scanning functionality will be listed here. If you know of a tool that should be added to […]

Network Attacks

Network Attacks

Your networks and data are vulnerable to any of the following types of attacks if you do not have a security plan in place.

Eavesdropping In general, the majority of network communications occur in an unsecured or “cleartext” format, which allows an attacker who has gained access to data paths in your […]

How To do “Man in Middle” Attack using Ettercap

How To do “Man in Middle” Attack using Ettercap

 

“Man in Middle” Attack is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection when in fact the entire […]