[NetSec] Keeping Authentication Tokens Safe

An authentication token should not be left as it is in the database; that's common sense. But, applying a heavy hashing algorithm to secure it, also doesn't make much sense. Why? Authentication token, if it is created properly (128bits etc), is already very secure by itself. And by its nature, it doesn't contain any username… Continue reading [NetSec] Keeping Authentication Tokens Safe

Advertisements

[CTF] CTFLearn.com – Basic Injection

Ok, here is the solution for the very basic SQL injection CTF located on https://web.ctflearn.com/web4/. When you load the page you see this: There is nothing to do here, except entering some inputs, which leads nowhere. So, I checked the source code of the webpage. Very simple stuff, but look at that comment line. I tried… Continue reading [CTF] CTFLearn.com – Basic Injection

[NetSec] Firewall Bursting

Firewalls these days are packed with wide range of UTM capabilities like IPS, anti-virus, application filtering and web filtering.  All these features might add huge constraint on the device itself, as they require higher CPU and memory resources than simple packet filtering by ip addresses and port numbers. This might become an even bigger problem… Continue reading [NetSec] Firewall Bursting

[NetSec] Beware of the “D” State

When you issue the top command on a Fortigate firewall, you see the states of the processes along with the other information such as CPU and memory usage. Here is an example: Run Time: 356 days, 7 hours and 13 minutes 13U, 0N, 22S, 65I; 15972T, 7794F, 1013KF ipsengine 12441 S < 27.4 1.0 ipsengine… Continue reading [NetSec] Beware of the “D” State

[WriteUp] – OVERTHEWIRE – LEVIATHAN

Level 0 ssh leviathan0@leviathan.labs.overthewire.org -p 2223 User / Pass : leviathan0 / leviathan0 leviathan0@leviathan:~$ ls -la total 28 drwxr-xr-x 4 leviathan0 leviathan0 4096 Aug 30 19:22 . drwxr-xr-x 11 root root 4096 Aug 30 19:22 .. drwxr-x--- 2 leviathan1 leviathan0 4096 Jun 15 11:38 .backup -rw-r--r-- 1 leviathan0 leviathan0 220 Apr 9 2014 .bash_logout -rw-r--r--… Continue reading [WriteUp] – OVERTHEWIRE – LEVIATHAN

[Retro] WiModem232 For The Amiga

Another glorious day for my beloved Amiga. Jim Drew is testing his new Amiga device called WiModem232, and it is a wireless modem for all Amigas via RS-232. As it is known, Amiga's serial port is fairly slow for today's standards, but fortunately, there are some serial device driver replacements which provide up to 115.2Kbps… Continue reading [Retro] WiModem232 For The Amiga