Tweet Greetings, Occasionally with a very busy site, being behind a hefty web stack does not always have enough capacity to mitigate a significant surge in artificial (DoS) requests. Detecting and mitigating denial of service attacks is an important and time sensitive exercise that will determine the next mitigating steps that you may need to [...] Read More
Security Penetration Testing Series : SQL Injection
Tweet I am starting a series of blog posts that detail security related strategies, penetration testing and best practice methodologies. To start our series, I am going to delve into the world of SQL injection techniques and a general overview for those who are looking to learn a little more about this method of injection. [...] Read More
Integrate your custom IPTables script with Linux
A custom iptables script is sometimes necessary to work around the limitations of the Red Hat Enterprise Linux firewall configuration tool. Read More
Scheduled antivirus scans to prevent viral injections on user generated content
Tweet When dealing with high traffic sites, especially media based or community based sites, there is always the risk of javascript, virus, XSS or other malicious injection of badness when giving a community of users the ability to upload files to your site. There are several things to consider when evaluating all “points of entry” [...] Read More
Script to distribute SSH Keys across many servers
The idea behind this script is to have a centralized, highly secure and restricted key repository server. Each server in your environment would run this script to "pull" the updated key list from the central server. The script would run as a cron job and can run as often as you like. Ideally every 5-10 minutes would allow for quick key updates / distribution. Read More
Shell Script to Report On Hacking Attempts
It is always a good idea , when implementing open source firewall implementations (iptables, pf, etc), to build in as much reporting and verbosity as possible. Somewhere along the line, we wrote a script to provide daily reports on intrusion attempts to penetrate our network -- this usually happens when someone exceeds certain connection thresholds. Read More
Network Audit Bash Script Using Netbios and Nmap
In order to quickly audit a network , I created this bash script to scan selected IPs, read from a configuration file, and compile a simple report to be emailed. The script can be modified to suit your needs, such as exporting the data to a database or perhaps an HTML report for a web based reporting site. Read More
Testing for weak SSL ciphers for security audits
Weak ciphers allow for an increased risk in encryption compromise, man-in-the-middle attacks and other related attack vectors. Read More
Detect ARP poisoning on LAN
Occasionally during security audits it may be necessary to check your LAN for rogue machines. All the potential rogue machine in your LAN needs to do is poison your ARP cache so that the cache thinks that the attacker is the router or the destination machine. Read More
Monitoring raw traffic on a Juniper Netscreen
Tweet Occasionally I will run into situations where the only way to definitively diagnose network related problems is to perform raw traffic dumps on a main internal / external interface. The reasons for needing to perform this could be anything. I thought I’d share the quick and easy steps to perform in order to do [...] Read More