The Ramblings of a Developer, Project Manager, Sys Admin and Tech Junkie
As some may know I run my home lab primarily on a beefy PowerEdge server running on VMWare’s free ESXi hypervisor. I also have some raspberry pi’s doing small tasks. Firstly why have a home lab at all? It’s great for learning new skills. A home lab provides an excellent opportunity to learn new skills…
Another day and another major CVE is uncovered. This is a nasty one. Libwebp is used to decode webp images, though not as popular as jpg, is still fairly common. The vulnerability has been fixed in the latest release. The vulnerability is a heap buffer overflow in it’s compression algorithm in earlier versions of Chrome(prior…
A deadly combination, with bad actors currently targeting badly maintained/secured instances of Microsoft SQL Server (MSSQL), of which there are many in the wild. Freeworld, like most ransomware’s it is designed to encrypt a user’s files to deny them access and asks for payment in order to restore. Files are appended with “.FreeWorldEncryption“. Contact details…
In the ever-evolving landscape of IT operations and infrastructure management, automation tools have emerged as the heroes of efficiency and consistency. Among these tools, Ansible stands tall, offering a wide array of functionalities to simplify complex tasks. One such feature, the lineinfile function, proves to be a valuable asset when it comes to managing files…
To set up Remote Desktop Protocol (RDP) on an Ubuntu system, you can use a program called “xrdp,” which allows you to access your Ubuntu desktop remotely from another computer. Here are the steps to install and configure RDP on Ubuntu: 1. Update your system: Open a terminal (Ctrl+Alt+T) and run the following commands to…
As you have probably gathered I am a big fan of virtualisation. Most of my home server/cyber lab is built on a Dell Poweredge server, allowing me to build and serve VMs, APIs, docker containers, etc. I am addicted to learning and playing with technology so a home lab was a no brainer. Spin up…
Critical Infrastructure at Risk as Thousands of VNC Instances Exposed
Introduction Web application security is of paramount importance in today’s digital landscape, with cyber threats becoming increasingly sophisticated. To safeguard sensitive data and maintain the trust of users, developers and security professionals need effective tools for identifying and mitigating vulnerabilities. In this blog post, we’ll introduce two popular web application security testing tools for beginners:…
Do you go around remembering trying to remember seldom used server details? What was that server name or IP again? We use connection managers for that sort of thing. But what if I’m away from my PC. One could use the built in ssh config file option and make it portable in some way, e.g.…
What was it? The Log4j flaw refers to a critical security vulnerability in the Apache Log4j library, which is a widely used Java-based logging utility. The vulnerability, officially designated as CVE-2021-44228, was discovered in December 2021. It allowed attackers to execute arbitrary code remotely by exploiting the way Log4j processed user-supplied data that included specially…