Data sets of the top 1 million Internet sites are simply compiled lists of web sites (or domains) that are found to have the most traffic. What follows are some of the most popular and well known data sets of the Top 1 Million Sites. Depending on the methodology used, the results can have significant […]
Building a network-based intrusion detection capability can be done in just 5 minutes. Install Suricata to monitor network traffic and look for security events that can indicate an attack or compromise. Suricata is based around the Snort IDS system, with a number of improvements. Suricata performs multi-threaded analysis, natively decode network streams, and assemble files […]
These three enumeration techniques are a very fast way to identify users of a WordPress installation. With valid usernames effective brute force attacks can be attempted to guess the password of the user accounts. WordPress User Enumeration via Author Archives Finding users by iterating through the author archives is a common technique that works in […]
As of December 2018 PHP 5 and 7.0 became End of Life. It is now July 2019 and up to 74% of PHP powered sites in the top 1 million are running software that is End of Life. This means there is no support and more importantly if new vulnerabilities are discovered, there will be […]
In the beginning there were Google Dorks, as far back as 2002 security researchers discovered specific Google queries revealed Internet-connected devices. Seventeen years later, it is still possible to find thousands of unsecured remotely accessible security cameras and printers via simple Google searches. Now, using search engines such as Shodan.io and Censys.io, it has become […]
CMS Detection Methodology The methodology used to determine the underlying technology of web sites is to search for specific strings within the HTML, or the HTTP Headers provided by the web server. For WordPress, our process is a simple matter of downloading the headers and page source from all sites in the Alexa top 1 […]
In this setup guide, we step through the process of getting OpenVAS (GVM) running on Kali 2019. Installing OpenVAS into a Kali-based system is made much easier by the inclusion of a quick setup script. When using Kali Linux for OpenVAS scanning, resource usage should always be taken into account. Whether running Kali in a […]
Practical SSH examples to take your remote system admin game to the next level. Commands and tips to not only use SSH but master ways to move around the network. Knowing a few ssh tricks will benefit any system administrator, network engineer or security professional.
Configuring two factor authentication on SSH is actually quite straightforward. Using Google Authenticator we can get setup and running in about 8 minutes. If we were to use another method such as a hardware based token we would have to wait for delivery of the token (for example YubiKey) - that would take way longer. […]
Practical tcpdump examples to lift your network troubleshooting and security testing game. Commands and tips to not only use tcpdump but master ways to know your network. Knowing tcpdump is an essential skill that will come in handy for any system administrator, network engineer or security professional.