philjr + security   154

Penetration Testing Cheat Sheet For Windows Machine
In the event that your Windows machine has been compromised or for any other reason, this cheat sheet is intended to help.Penetration Testing Cheat Sheet
cheatsheet  security  windows 
7 days ago by philjr
FedRAMP Templates | FedRAMP
Readiness Assessment Phase Template Download Updated The FedRAMP High RAR Template and its underlying assessment are intended to enable FedRAMP
government  infosec  security  IT  templates  @wa 
4 weeks ago by philjr
Treason Against the United States. -
By Section 110 of Article III. of the Constitution of the United States, it is declared that:
politics  security  history  1861  espionage  Government  law  legal  vocabulary 
5 weeks ago by philjr
Extreme Security Measures for the Extra Paranoid
You've covered the basics. You've checked off the more-than-basics. But you still can't fight a nagging feeling that it's not quite enough. At a certain point, if a nation-state wants to compromise your devices or your privacy badly enough, it's going to find a way. You can at least make it harder for them. Here are a few measures designed to do just that.
security  Advice  via:SecurityFeed 
5 weeks ago by philjr
Yubikey and SSH via PAM
The purpose of this document is to guide readers through the configuration steps to use two factor authentication for SSH using Yubikey. This document assumes that the reader has advanced knowledge and experience in Linux system administration, particularly for how PAM authentication mechanism is configured on a Linux platform.
guide  how-to  security  yubico  yubikey  linux  pam  authentication 
6 weeks ago by philjr
How To Install Elasticsearch, Logstash, and Kibana (ELK Stack) on Ubuntu 14.04 | DigitalOcean
In this tutorial, we will go over the installation of the Elasticsearch ELK Stack on Ubuntu 14.04—that is, Elasticsearch 2.2.x, Logstash 2.2.x, and Kibana 4.4.x. We will also show you how to configure it to gather and visualize the syslogs of your sys
devops  logging  tutorial  logstash  Sys_Admin  security  how-to 
8 weeks ago by philjr
File audit script : PowerShell
I posted on this yesterday and I want to base this around event ID 5145 This doesn't work, I can't get the replace.value piece to work. I enable...
powershell  code  example  security  script 
8 weeks ago by philjr
Digital Ocean

How To Install and Configure OpenLDAP and phpLDAPadmin on Ubuntu 16.04
how-to  security  ldap  linux 
october 2017 by philjr
Equifax Breach Fallout: Your Salary History
At issue is a service provided by Equifax’s TALX division called The Work Number. The service is designed to provide automated employment and income verification for prospective employers, and tens of thousands of companies report employee salary data to it. The Work Number also allows anyone whose employer uses the service to provide proof of their income when purchasing a home or applying for a loan.
security  via:SecurityFeed 
october 2017 by philjr
Testing U2F Security Keys
Security Keys implement the FIDO U2F spec, which borrows a lot from ISO 7816-4. Each possible transport (i.e. USB, NFC, or Bluetooth) has its own spec for how to encapsulate the U2F messages over that transport (e.g. here's the USB one). FIDO is working on much more complex (and more capable) second versions of these specs, but currently all security keys implement the basic ones...
security  via:SecurityFeed 
october 2017 by philjr
So, Equifax says your data was hacked—now what? | Ars Technica
143 million now face identity theft threat, so here's what to do if you're one of them.
money  government  security  privacy 
september 2017 by philjr
European Court Limits Employers’ Right to Monitor Workers
Europe’s human rights court on Tuesday limited the ability of companies to read employees’ email, overturning an earlier ruling that seemed to give them broad leeway in monitoring workplace communications.
security  Government  politics  privacy  business  via:SecurityFeed 
september 2017 by philjr
How to Record Calls on Your Smartphone | WIRED
We look at TapeACall, Google Voice, and other software and hardware options.
how-to  security  smartphone  phones 
august 2017 by philjr
How to Switch UAC Levels with scripts
Includes a SwitchUACLevel PowerShell module
(UAC = User Account Controls; ie: the annoying prompts.)
security  powershell  script  sysadmin 
july 2017 by philjr
Python Secure FTP module
Overview In the previous post we covered the ftplib module in Python, which you can read more about here. In ...
python  tutorial  security  network 
july 2017 by philjr
Does my site need HTTPS?
"But my site doesn't have forms or collect information from users."

Doesn't matter. HTTPS protects more than just form data! HTTPS keeps the URLs, headers, and contents of all transferred pages confidential.

"There's nothing sensitive on my site anyway."

Your site is a liability! Just because your site is hosted safely in your account doesn't mean it won't travel through cables and boxes controlled by who knows how many corporate- and state-owned entities. Do you really want someone injecting scripts, images, or ad content onto your page so that it looks like you put them there? Or changing the words on your page? Or using your site to attack other sites? This stuff happens: on airlines (a lot, and again), in China, even ISPs do it (a lot). And HTTPS prevents all of it. It guarantees content integrity and the ability to detect tampering. If we encrypt only secret content, then we automatically paint a target on those transmissions. Keep which of your transmissions contain secrets secret by encrypting everything.

"The site is HTTP, but our forms are submitted over HTTPS."

This is as bad as not using any HTTPS at all! All the attacker has to do is change the link or form action to a URL on his/her own server. There's no way to detect this because it happens over the wire with plain HTTP. Encrypt the WHOLE site and redirect HTTP to HTTPS.
security  webdev  via:popular 
july 2017 by philjr
Company fired an employee, he shut down water utility providers' networks
A former employee was sentenced to one year and one day in prison for damaging the IT networks of several water utility providers across the US East Coast.
security  via:SecurityFeed 
june 2017 by philjr
DRA firm left 1.1 TB of data unsecured on an Amazon S3, 198 million US voter records exposed
Chris Vickery revealed the DRA firm used by the GOP left 1.1 TB of data unsecured on an Amazon S3, 198 million US voter records exposed.
security  politics  via:SecurityFeed 
june 2017 by philjr
Travel (Linux) laptop setup -
The Linux Foundation Open Source Summit is happening in Beijing next week, and some of the topics I've had to cover in my capacity as "the security person" were from members of the IT staff asking my advice about the best strategy for bringing laptops and being able to do work while in China. This is a quick write-up covering my recommendations that others can hopefully benefit from. It is not too China-specific and can be used for any other international conference travel.
via:popular  advice  precautions  best  practices  travel  security  laptop 
june 2017 by philjr
Errata Security: How The Intercept Outed Reality Winner
The problem is that most new printers print nearly invisibly yellow dots that track down exactly when and where documents, any document, is printed. Because the NSA logs all printing jobs on its printers, it can use this to match up precisely who printed the document.

In this post, I show how.
security  Printers  privacy 
june 2017 by philjr
EFF: List of Printers Which Do or Do Not Display Tracking Dots

(Added 2015) Some of the documents that we previously received through FOIA suggested that all major manufacturers of color laser printers entered a secret agreement with governments to ensure that the output of those printers is forensically traceable. Although we still don't know if this is correct, or how subsequent generations of forensic tracking technologies might work, it is probably safest to assume that <b>all</b> modern color laser printers do include some form of tracking information that associates documents with the printer's serial number. (If any manufacturer wishes to go on record with a statement to the contrary, we'll be happy to publish that here.)

This is a list of color laser printer models that do or do not print yellow tracking dots on their output.
security  Printers  reference  privacy  Government 
june 2017 by philjr
FBI Releases Article on Protecting Business Email Systems
The Federal Bureau of Investigation (FBI) has released an article on Building a Digital Defense with an Email Fortress. FBI warns that scammers commonly target business email accounts with phishing and social engineering schemes. Strategies for preventing email compromises include avoiding the use of free web-based email accounts; using multi-factor authentication; and updating firewalls, antivirus programs, and spam filters.
security  Government  via:SecurityFeed 
june 2017 by philjr
« earlier      
per page:    204080120160

related tags

!lol  1password  2fa  @automation  @comparison  @keyboard_maestro  @ranking  @wa  advice  amazon  analysis  analytics  android  api  apple  Apps  aps  arc  article  authentication  authorization  awesome  aws  best  best-practices  bestpractices  bitcoin  blog  botnet  breach  browser  bsd  business  cheatsheet  checklist  cis269  citizenlab  cloud  code  codinghorror  comparison  compromised  console  container  containers  conversion  converter  corpus  crack  cryptography  csv  culture  cybersecurity  data  database  dataBrokers  DBA  ddos  dev  development  devops  DNS  docker  dockerhub  dropbox  eff  election  email  embedded  encrypted  encryption  espionage  example  examples  excel  facebook  Feedly  filesharing  firewall  github  glitch_video  gmail  go  google  government  govtech  guide  hack  hacked  Hacking  hardware  history  horrorstories  how-to  howto  html  humor  iam  identity  ifttt  infosec  injection  Instapaper  intel  internet  iOS  iot  IT  javascript  k8s  kernel  kubernetes  laptop  law  ldap  legal  linux  logging  logstash  mac  macos  malware  manuals  mobile  money  Mozilla  netsec  network  networking  news  Nginx  nist  nsa  oauth  oauth2  openssh  ops  osx  pam  password  passwords  pentest  pentesting  performance  phones  politics  ports  powershell  practices  precautions  Printers  privacy  programming  Projects  python  quote  random  ransomware  raspberrypi  reference  review  Root  router  russia  script  secrets  security  site  smartphone  software  spooks  sql  sql-injection  ssh  starwars  storage  surveillance  sysadmin  sysinternals  sys_admin  tech  technology  templates  tool  tools  tracking  travel  troubleshooting  tutorial  ubuntu  UI  utility  vaneck  via:amy  via:garyleatherman  via:popular  via:SecurityFeed  via:tremendo  via:WickedGood  vm  vocabulary  voting  vpn  web  webdev  web_dev  wifi  windows  wireless  wpa2  yubico  yubikey 

Copy this bookmark: