Modern days IT needs are changed according to 80’s and 90’s. In the old days just operating IT was enough for success but today’s situation it is changed. We need to secure the IT environment to in order to be successful. There are different methodologies, standard, architectures to design, plan, implement, evolve the security of the corporates. Penetration tests provide very useful input and metrics for different type of the practical...
Windows ecosystem generally works with 3 party applications easily while installing and running them. This creates some risk especially for the novice users. Windows administrators generally want to restrict users applications and executables to make their operating system more secure. Windows recently launched a feature named AppLocker . As its name suggests it simply restricts the executables and applications those can run on the system or user account. Features Applocker provides...
Windows provides different tools to list and get information about processes. The task manager can be used to list and manage process. But task manager have limited capabilities. So if we are a pentester or system administrator who lives in deep water we can use process explorer for more functionality. Download Process explorer is provided as Sysinternal utilities and downloaded from following link as zipped file. https://download.sysinternals.com/files/ProcessExplorer.zip In order to...
Trusted Platform Module or TPM is an international standard for a secure cryptoprocessor. This standard is developed by Trusted Computing Group and standardized by International Organizational Standardization (ISO) and International Electrotechnical Commission (IEC) with number ISO/IEC 11889 in 2009. Versions TCG continues to revise the TPM specification. Latest version is released at October 2014 with number 2.0 Manufacturing TPM hardware is manufactured by different manufacturers. Important thing while buying and...
WordPress is very popular Content Management System (CMS). It is used by diverse range of users by different purposes and areas. This makes WordPress project very dynamic and rich. The security of the wordpress is important because of the its user base. There are also a lot of different plugins which can create security holes in the wordpress sites. In this tutorial we will look very good tool to scan...
limits.conf configuration file is used to limit user, domain, process related metrics. Limits.conf is related with pam_limits module. Configuration File There is configuration file named limits.conf and located at /etc/security/ . The default content of this file is like below.
#<domain> <type> <item> <value>
#* soft core 0
#root hard core 100000
#* hard rss 10000
#@student hard nproc 20
#@faculty soft nproc 20
#@faculty hard nproc 50
#ftp hard nproc 0
#ftp - chroot /ftp
#@student - maxlogins 4
As we can see all configurations are commented so they are not effective. There is also a directory which is use to store configuration files in a separate files to maintain easily. This...
Ssh is a secure and popular protocol for managing different type of IT devices like Linux systems, Network devices etc. What makes ssh secure is the encryption of the network traffic. Network traffic is encrypted with different type of encryption algorithms. There is also user authentication done with encryption algorithms. These algorithms needs keys to operate. Keys are generally produced with auxiliary tools. ssh-keygen is defacto tool used by ssh...
In today IT world everything connected and a lot of data in being downloaded from internet or over networks. This may create some minor problems. The data downloaded may be corrupted or there may be some intruders in network and with man of the middle attack may change our files. There are different solutions for this but simplest and fastest solution is using hash algorithms to verify file integrity. There...
RSA is an algorithm used for Cryptography. It was patented until 2000 in USA (not whole world) where now it can be used freely. RSA has a lot of usage examples but it is mainly used for encryption of small pieces of data like key and Digital signatures. RSA is based integer factorization problem. As it is known that asymmetric ciphers are very slow against symmetric ciphers. So it is...
I have an application and I have complex requests tot the server. There are a lot of database operations. Managing them can become very hard some times. In this situation how can I prevent sql injection attacks to my application. Use Prepared Statements Prepared statements are the way to bind client side provided values with database queries. Prepared Data Object (PDO) acts middle proxy and prevents sql injections. PDO is...