REMEDIATION Guides

Remediation Guides

These remediation guides are a combination of materials we have gathered since 2006 and guides we have written from scratch as new vulnerabilities and exploits get released. 

If you feel there is a guide missing that would really benefit you, use the form at the bottom of the page to get in touch and let and us know. We typically get them added within seven days.

The remediation Guides

Howto VPn

In our “How to securely” series we asked our followers what tools they would like a simple guide on to help them stay secure online. There seemed to be a lot of confusion as to what a VPN is and why you should or should not use one. So we asked Peter to help.

Read More »

How To Whatsapp Safely

WhatsApp is among the fastest-growing instant messengers out there, and almost a social network in its own way. But if you are using it, there are some steps you should take to protect your security and privacy.

Read More »

How To: Securing Zoom

In this guide we are looking at how to go about securing zoom. Since the onset of the global pandemic, we have seen surge in “zoom bombing”. This is where people with malicious intent look for in-progress zoom meetings to join and cause trouble.

Read More »

Near Perfect SSH Configuration

On many vulnerability scans we see SSH being reported as a medium risk vulnerability due to insecure ciphers and poor configurations. In penetration tests we often find we are able to use SSH once we have a set of user credentials, especially where the service is linked through to a centralised password management solution such as Active Directory.

Read More »

Securing Apache: security.conf

Apache is probably the most common webserver used and despite there being well documented guides on how to secure apache, we come across web server header issues and very poor SSL configurations on a daily basis. To aid in the remediation, here is Peter Bassill’s recommended configuration for the apache global security file, /etc/apache/conf-enabled/security.conf:

Read More »

Backup Script

Originally copied from https://voorburg.home.xs4all.nl/backup.html about 10 years ago. Still good.

Read More »

Fixing SMB Signing not required

Implementing SMB signing should be done with care. An excellent guide to implementing SMB signing can be found on Jose Barreto’s blog here. Should it ever vanish, I have copied it below.

Read More »

Web Application Potentially Vulnerable to Clickjacking

A very common issue seen in vulnerability scan reports and to an extent, on Penetration Tests. The risk posed by clickjacking varies by who you talk to. For example, Hacker1 say it isn’t important at all and can be ignored. We believe that as a vulnerability, it is simple stupid to ignore it. Especially as

Read More »

How To Upgrade to PHP 7

Introduction PHP 7, which was released on December 3, 2015, promises substantial speed improvements over previous versions of the language, along with new features like scalar type hinting. This guide explains how to quickly upgrade an Apache or Nginx web server running PHP 5.x (any release) to PHP 7. Warning: As with most major-version language releases,

Read More »

Fixing SSL Medium Strength Cipher Suites Supported

Nessus Summary Nessus Plugin ID: 42873 CVSS v3.0 Base Score: 5.3 Nessus Description: The remote host supports the use of SSL ciphers that offer medium strength encryption. Nessus regards medium strength as any encryption that uses key lengths at least 64 bits and less than 112 bits, or else that uses the 3DES encryption suite.

Read More »

Fixing SSL Null Cipher Suites Supported

Nessus Summary Nessus Plugin ID: 66848 CVSS v3.0 Base Score: 5.3 Nessus Description: The remote host supports the use of SSL ciphers that offer no encryption at all. Note: This is considerably easier to exploit if the attacker is on the same physical network. How to Fix Null cipher suites is where a zero level

Read More »

Fixing Weak Cipher Suites

Nessus Summary Nessus ID: 26928 CVSS v3.0 Base Score: 5.3 Nessus Description: The remote host supports the use of SSL ciphers that offer weak encryption.Note: This is considerably easier to exploit if the attacker is on the same physical network. How to Fix This vulnerability is cased by a weak strength cipher being present in

Read More »

Fixing SSL RC4 Cipher Suites Supported (Bar Mitzvah)

Nessus Summary Nessus ID: 65821 CVSS v3.0 Base Score: 2.6 Nessus Description: The remote host supports the use of RC4 in one or more cipher suites. The RC4 cipher is flawed in its generation of a pseudo-random stream of bytes so that a wide variety of small biases are introduced into the stream, decreasing its

Read More »

Fixing SSL Certificate Chain Contains RSA Keys Less Than 2048 bits

Nessus Summary Nessus ID: 69551 CVSS v3.0 Base Score: 1.4 Nessus Description At least one of the X.509 certificates sent by the remote host has a key that is shorter than 2048 bits. According to industry standards set by the Certification Authority/Browser (CA/B) Forum, certificates issued after January 1, 2014 must be at least 2048

Read More »

Get in touch

Do you have any questions or comments about our remediation guides? Or maybe you feel there are one or more remediation guides missings? Let us know using the form below.

We would like to keep you informed about our services. Please tick the options below to receive occasional updates via

Scroll to Top