Using Yasuo to Scan for Vulnerable Web Apps

Streamline your Penetration Testing with Yasuo 0xsauby saw that he was repeating many common steps for detecting vulnerable web applications during penetration tests and decided to create a tool to automate that process. He later enlisted the help of logicalsec to enhance it. Yasuo also searches for far more vulnerabilities…

Create Your Own Security Lab - Project AVATAR

Tony Robinson, a.k.a. da_667 has created a guide you can use to set up your own Security Lab. He guides you through the setup with several different hypervisors. This is another post Kurt (kph) put me onto. da_667 covers deploying a pretty comprehensive lab environment in…

Add SSL to Your Server with LetsEncrypt for Free

Set up SSL on your server quickly and easily LetsEncrypt Configuring SSL on your server(s) can be tedious and can cost you money if you don't know about free, intuitive alternatives to the 'normal way' like LetsEncrypt. This is another cool utility Kurt (kph) told me about. Why use…

Using Your Modern Honeynet (MHN)

What you'll see when running a server and sensors In previous posts, I covered creating an MHN Server and deploying MHN Sensors. This post shows you some of MHN's capabilities. Server Side On the server, you can observe the following via the web interface. Map See a map updated near…

Deploying Modern Honeynet (MHN) Sensors

My last post was about deploying a MHN Server. This one is about deploying MHN Sensors which feed their data on real-time attacks to the server. To deploy a sensor, spin up an Ubuntu 16.04 reasonably secure Droplet. This should have been done during your server build, but make…

Deploying a Modern Honeynet (MHN) Server

Watch real-time attacks with a Modern Honeynet (MHN) Server and MHN sensors Honeypots are servers specifically designed to catch malicious traffic and users in action. Honeynets are networks for catching them. The Modern Honeynet project's goal is to make honeynets accessible to anyone willing to give them a try. Once…

Mitigate WannaCry Ransomware

WannaCry or WannaCrypt is encrypting many systems. Don't be a victim. Patch your systems WannaCry is ransomware that infects systems via a vulnerability that was patched in March, 2017, MS17-010. To protect yourself from the current version of WannaCry, patch all your systems immediately and make sure MS17-010 is applied.…

Create a Reasonably Secure Ubuntu Base Build

Generate a fairly secure Ubuntu virtual machine Many of my posts present things you may want to practice or do yourself. This article is about creating a reasonably secure Ubuntu base build on DigitalOcean. Once generated, you can save a snapshot you can then use over and over anytime you…

Using Lynis to Audit Linux Security

Audit your Linux Security with Lynis A friend of mine, Kurt (kph), recently brought an open source Linux security auditing tool called "Lynis" to my attention. Lynis is no doubt a play on Linus Torvalds' first name. Linus is the creator and maintainer of the Linux kernel. [update]…

Protect Your Windows and MAC From Ransomware

RansomWhere? for MAC and RansomFree for Windows help protect you from ransomware Ransomware is a growing problem. Protect yourself with knowledge and free tools. What is Ransomware? Ransomware is malicious software that infects your computer, encrypts your files, then demands a ransom to have the files unencrypted. Why do bad…