From the Blog

Data Protection
Peter

Why Clickjacking is bad and some pentest firms are wrong

I work with a fair few ladies and gents who do bug bounties and while sitting on the beach during one of our hack on the beach sessions, I posed the question “How friggin evil is clickjacking, PoC or GTFO.” The challenge was set, and here is what we decided.

Read More »
News
Peter

Linux Kernel Denies Service

Four recent vulnerabilities have been uncovered by the one and only Netflix researchers within the FreeBSD and Linux kernels which may result in denial of service.

Read More »
News
Peter

Google Calendar Attacks Unsuspecting Mobile Users!

A very sophisticated cyber phishing attack targets Gmail users through fraud and unwelcome Google Calendar notifications. This campaign takes advantage of a single common default feature for people using Gmail on their smartphone: “Calendar invites automatically pop up on phones, prompting users to accept or decline them.”

Read More »

Near Perfect SSH Configuration

On many vulnerability scans we see SSH being reported as a medium risk vulnerability due to insecure ciphers and poor configurations. In penetration tests we often find we are able to use SSH once we have a set of user credentials, especially where the service is linked through to a centralised password management solution such as Active Directory.

Read More »

Securing Apache: security.conf

Apache is probably the most common webserver used and despite there being well documented guides on how to secure apache, we come across web server header issues and very poor SSL configurations on a daily basis. To aid in the remediation, here is Peter Bassill’s recommended configuration for the apache global security file, /etc/apache/conf-enabled/security.conf:

Read More »
News
Peter

News Roundup for 28 June 2019

News roundup for 28 July 2019. As the world prepares for another mass worm invasion in the form of BlueKeep, we see more zero days, breaches of privacy and epic fails.

Read More »
Scroll to Top