cjitlal + sec   76

It’s Impossible to Prove Your Laptop Hasn’t Been Hacked. I Spent Two Years Finding Out.
I spent two years trying to get someone to tamper with my laptop, so I could then detect it. Somewhere along the way, I realized this might never happen.
sec  toread  essay 
18 days ago by cjitlal
GitHub - shieldfy/API-Security-Checklist: Checklist of the most important security countermeasures when designing, testing, and releasing your API
API-Security-Checklist - Checklist of the most important security countermeasures when designing, testing, and releasing your API
sec  list 
july 2017 by cjitlal
7 Security Measures to Protect Your Servers | DigitalOcean
When setting up infrastructure, getting your applications up and running will often be your primary concern. However, making your applications to function correctly without addressing the security needs of your infrastructure could have devastating co
DO  sec  tut 
september 2016 by cjitlal
Why ninety-day lifetimes for certificates? - Let's Encrypt - Free SSL/TLS Certificates
Let’s Encrypt is a free, automated, and open certificate authority brought to you by the non-profit Internet Security Research Group (ISRG).
ssl  sec  encrypt  cert 
september 2016 by cjitlal
Linux bug leaves USA Today, other top sites vulnerable to serious hijacking attacks | Ars Technica
"Off-path" attack means hackers can be anywhere with no man-in-the-middle needed.
toread  sec 
august 2016 by cjitlal
Privacy Tools - Encryption against global mass surveillance 🔒
You are being watched! Knowledge, encryption and privacy tools to protect you against global mass surveillance.
sec  tools  toread  hacks 
august 2016 by cjitlal
Building Yourself a DMZ
Eventually, if you get interested enough in information security, you are going to wonder what a DMZ is and why you should or should not have one. DMZ is a
tut  linux  sysadmin  networking  dmz  sec 
august 2016 by cjitlal
You can ask five different people what a stateful firewall is, and you're likely to get at least four answers. The truth is there are only a few types of f
tut  linux  firewall  sysadmin  sec 
august 2016 by cjitlal
Building a Professional Firewall with Linux and Iptables
My first position out of university was working as a firewall engineer for a large credit card processing company. It's where I learned the way of the pack
linux  firewall  sec  tut 
august 2016 by cjitlal
The Birthday Attack
The birthday attack is a statistical phenomenon relevant to (http://en.wikipedia.org/wiki/Information_security "Wikipedia Entry: Information security") tha
tut  sec  toread 
august 2016 by cjitlal
iptables is the packet filtering technology that's built into the 2.4 Linux kernel. It's what allows one to do firewalling, nating, and other cool stuff to
firewall  sec  sysadmin  tut  tools  unix  linux 
august 2016 by cjitlal
The Difference Between Red, Blue, and Purple Teams
There is some confusion about the definitions of Red, Blue, and Purple teams within Information Security. Here are my definitions and concepts associated w
tut  sec 
august 2016 by cjitlal
A Bettercap Tutorial
Installation Options Examples Advanced Summary Sniffing (and performing MiTM on) network traffic is one of the security professional's foundational skills.
networking  sec  tut  toread  linux 
august 2016 by cjitlal
GitHub - FallibleInc/security-guide-for-developers: Security Guide for Developers
security-guide-for-developers - Security Guide for Developers
tut  sec  gh  doc  ref  webdev  sysadmin 
july 2016 by cjitlal
Penetration Testing Tools Cheat Sheet
Penetration testing tools cheat sheet, a high level overview / quick reference cheat sheet for penetration testing.
sec  cheat  sheet  ref  tut 
june 2016 by cjitlal
Coding, Learning and IT Security – Typosquatting programming language package managers
Edit: It seems that the blog post and the thesis caused quite some interest. Please contact me under the following mail address, since my mail server on this VPS is constantly down :/ tschachn [|[at]|] hu-berlin [[|dot|]] de In this blog post I will show how: 17000 computers were forced to execute arbitrary code by typosquatting programming language packages/libraries 50% of these installations were conducted with administrative rights Even highly ...
sec  toread 
june 2016 by cjitlal
ngrep - network grep
Please note that ngrep relies upon the pcap library, which can be downloaded from tcpdump.org for the UNIX version and winpcap.org for the Win32 version. See the INSTALL.txt documentation contained inside the Source Package for more detailed installation instructions.

network  sec  mon  tools  sysadmin 
november 2015 by cjitlal
How Ashley Madison Hid Its Fembot Con From Users and Investigators
One of my colleagues is ex Bloomberg. He tells me there's only one thing I need to know about them: "25 million lines of Fortran !"  Apparently they have 1500 coders firefighting, just keeping that legacy monster alive. And there's a good reason Bloomberg has those 1500 coders keeping those 25M lines of Fortran alive.…
ssay  toread  sec 
september 2015 by cjitlal
Why Security Experts Are Using an Ancient Email Format in 2015 | Motherboard
Command-line email clients are more secure simply by being simpler.
sec  email  tools  mutt 
september 2015 by cjitlal
World’s first (known) bootkit for OS X can permanently backdoor Macs | Ars Technica
Thunderstrike allows anyone with even brief access to install stealthy malware.
mac  sec 
january 2015 by cjitlal
iOS security hole allows attackers to poison already installed iPhone apps | Ars Technica
"Masque attack" could expose banking data, e-mails, and other sensitive data.
ios  sec 
november 2014 by cjitlal
lastpass/lastpass-cli · GitHub
lastpass-cli - LastPass command line interface tool
cli  tools  sec  pw  gh 
october 2014 by cjitlal
​Create a USB Password Stealer to See How Secure Your Info Really Is
Slacking on password security can have horrific consequences. Even so, it's easy to lose track of how many are vulnerable. With just a couple of files, you can steal passwords from nearly everywhere they're stored on a victim's Windows PC, including your own, just to see how secure they really are.
sec  hacks  lifehacker  code 
october 2014 by cjitlal

Copy this bookmark: