Trending
Docker is an incredibly popular platform to quickly create, deploy and host web applications, databases, and other business-critical solutions. The adoption of Docker continues to grow by companies and organizations, and raises an important question, how should users better secure their Docker containers? The process of securing Docker is multi-faceted and requires a procedural approach […] More
The OSSU curriculum is a complete education in computer science using online materials. It’s not merely for career training or professional development. It’s for those who want a proper, well-rounded grounding in concepts fundamental to all computing disciplines, and for those who have the discipline, will, and (most importantly!) good habits to obtain this education largely on their own, […] More
Learn how to secure web applications and databases Join us for our latest Linode LIVE series, Securing Commonly Used Web Apps. We’ve invited HackerSploit back for this two-part series covering securing your web pages, databases, and server management tools. When deploying web applications and services, security should be evaluated throughout. A solid understanding of the fundamentals […] More
Secure Your Personal Linux Servers with HackerSploit Event Website This 12-episode Linux Security series will work as a practical guide for anyone that wants to learn how to effectively secure their servers. At a high level, viewers will learn how to set up, secure, and audit Linux servers. HackerSploit: Linux Security Server Series Part 1 […] More
Installing Lynis Lynis is an extensible security audit tool for computer systems running Linux, FreeBSD, macOS, OpenBSD, Solaris, and other Unix derivatives. It assists system administrators and security professionals with scanning a system and its security defenses, with the final goal being system hardening. Lynis is available as a package for most Linux distributions, we […] More
Fail2Ban is an intrusion prevention framework written in Python that protects Linux systems and servers from brute-force attacks. We can set up Fail2Ban to provide brute-force protection for SSH on our server, this will ensure that the server is secure from brute-force attacks and it also allows us to monitor the strength of the brute-force […] More
Welcome to the Cybertalk podcast! My co-host is Cristi Vlad and together where we will be covering all your questions related to Infosec and Cyber-security. If you want your question answered/featured in the next episode, you can post them in the Google form linked below. Google form (Post your questions here): YouTube Channel: […] More
The OverTheWire Bandit wargame is aimed at absolute beginners. It will teach the basics needed to be able to play other wargames. Link: https://overthewire.org/wargames/bandit/ This wargame is focused on Linux essentials and is a great way to learn and practice your Linux skills. Note for beginners This game, like most other games, is organized in […] More
Welcome to the Cybertalk podcast! My co-host is Cristi Vlad and together where we will be covering all your questions related to Infosec and Cyber-security. If you want your question answered/featured in the next episode, you can post them in the Google form linked below. Google form (Post your questions here): YouTube Channel: […] More
In this walkthrough, I will be taking you through some intermediate Windows exploitation and privilege escalation. The machine we will be targeting is called Devel, this is an intermediate box that requires a good understanding of enumeration, generating payloads with Msfvenom and Windows privilege escalation. From the machine matrix, we are able to deduce that […] More
In this walkthrough, I will be taking you through the basics of Windows enumeration and exploitation. The machine we will be targeting is called Legacy, this is a fairly easy machine to exploit and is recommended for beginners to pentesting as it offers a quick and simple way to get your hands dirty with tools […] More
In this walkthrough, I will be taking you through the basics of Linux enumeration and exploitation. The machine we will be targeting is called Lame, this is a fairly easy machine to exploit and is recommended for beginners to pentesting as it offers a quick and simple way to get your hands dirty with tools […] More
This guide is aimed at helping you migrate your virtual machines from VirtualBox to VMware. By default, VirtualBox utilizes the VDI (Virtual Disk Image) format for storage, whereas VMware uses the VMDK format, this can make migrating from one hypervisor to another quite cumbersome as you will have to reinstall/reconfigure your VM’s. However, we can […] More
Nmap – Scan Timing & Performance Nmap allows you to speed up and slow down scans based on the type of environment you are working in or targeting. This is very important as you may be dealing with network/business-critical infrastructure that might not be able to handle heavy/noisy scans, on the other hand, you may […] More
About Kioptrix VM Image Challenges: The Kioptrix VM’s offer simple challenges. The object of the game is to acquire root access via any means possible (except actually hacking the VM server or player). The purpose of these games is to learn the basic tools and techniques in vulnerability assessment and exploitation. There are more ways […] More
The problem with Linux packages Software and package distribution on Linux has always been extremely fragmented, primarily because of the multiplicity of package managers like apt, yum, and pacman and app image solutions available to a user. This is because Linux distributions follow their own philosophy and as a result, will end up using a […] More
Welcome to the Cybertalk podcast! My co-host is Cristi Vlad and together where we will be covering all your questions related to Infosec and Cyber-security. If you want your question answered/featured in the next episode, you can post them in the Google form linked below. Google form (Post your questions here): YouTube Channel: […] More
Exploiting Common Linux security flaws In this post, we will be taking a look at some common Linux security flaws, how they are exploited, and how to fix them and secure the server from future exploitation. We will be using all the information and the security policy we created in the previous section as a […] More
Developing a security policy A security policy is extremely important for companies and organizations as it outlines the various security threats that face the company and it’s assets and outlines the strategies to be implemented to mitigate these threats. What is a security policy? A security policy is a set of rules that outlines the […] More
Vulnerability Details: Release date: 14th October 2019 CVE ID: CVE-2019-14287 Affected Versions: Versions prior to <= 1.8.28 https://www.sudo.ws/alerts/minus_1_uid.html Brief description of the vulnerability The security policy bypass vulnerability that allows users on a Linux system to execute commands as root, while the user permissions in the sudoers file explicitly prevents these commands from […] More