The Ramblings of a Developer, Project Manager, Sys Admin and Tech Junkie
As some may know I run my home lab primarily on a beefy PowerEdge server running on VMWare’s free ESXi hypervisor. I also have some raspberry pi’s doing small tasks. Firstly why have a home lab at all? It’s great for learning new skills. A home lab provides an excellent opportunity to learn new skills…
Another day and another major CVE is uncovered. This is a nasty one. Libwebp is used to decode webp images, though not as popular as jpg, is still fairly common. The vulnerability has been fixed in the latest release. The vulnerability is a heap buffer overflow in it’s compression algorithm in earlier versions of Chrome(prior…
A deadly combination, with bad actors currently targeting badly maintained/secured instances of Microsoft SQL Server (MSSQL), of which there are many in the wild. Freeworld, like most ransomware’s it is designed to encrypt a user’s files to deny them access and asks for payment in order to restore. Files are appended with “.FreeWorldEncryption“. Contact details…
As you have probably gathered I am a big fan of virtualisation. Most of my home server/cyber lab is built on a Dell Poweredge server, allowing me to build and serve VMs, APIs, docker containers, etc. I am addicted to learning and playing with technology so a home lab was a no brainer. Spin up…
Introduction Web application security is of paramount importance in today’s digital landscape, with cyber threats becoming increasingly sophisticated. To safeguard sensitive data and maintain the trust of users, developers and security professionals need effective tools for identifying and mitigating vulnerabilities. In this blog post, we’ll introduce two popular web application security testing tools for beginners:…
Do you go around remembering trying to remember seldom used server details? What was that server name or IP again? We use connection managers for that sort of thing. But what if I’m away from my PC. One could use the built in ssh config file option and make it portable in some way, e.g.…
What was it? The Log4j flaw refers to a critical security vulnerability in the Apache Log4j library, which is a widely used Java-based logging utility. The vulnerability, officially designated as CVE-2021-44228, was discovered in December 2021. It allowed attackers to execute arbitrary code remotely by exploiting the way Log4j processed user-supplied data that included specially…
For any of us running servers it is critical that we keep on top of security. As soon as I provision a new server I receive hundreds of attacks, even before any website or front-facing service is installed on the server. Why? Because there are so many bots scanning IP ranges for machines to compromise.…
What is an SSL Cert? SSL stands for Secure Sockets Layer, a cryptographic method that was developed in the mid-90s to add a layer of encryption to web communications. You’ve probably seen that most we addresses take the form of http://website.com or https://website.com. The former is the usual, non-encrypted version and the latter is the…
755, 666, 777, What does it all mean? I don’t know what it is about this subject but many people are completely baffled by unix permissions, like 777, 666 and 755 particularly if one is used to using a PC or Mac but don’t have any unix or linux background. So why is it important for…