September 2017 – Notes for me

Linux

Awesome .htaccess

This .htaccess blocks bots, search engine index, wget, curl, and access to itself. Enable via /etc/apache2/sites-available/whateversite.conf. <Directory “/var/www/html/whateversite”> AllowOverride All </Directory> .htaccess file. <Files .htaccess> deny from all </Files> RewriteEngine on RewriteBase / RewriteCond %{HTTP_USER_AGENT} AhrefsBot [OR] RewriteCond %{HTTP_USER_AGENT} Baiduspider [OR] RewriteCond %{HTTP_USER_AGENT} Ezooms [OR] RewriteCond %{HTTP_USER_AGENT} MJ12bot [OR] Read more…

By Matt Clemons, 7 yearsSeptember 28, 2017 ago

Networking

Defeating MITM

There are a number of things needed to stop ARP poisoning properly in a Cisco environment. DHCP snooping Trusted ports Dynamic ARP inspection A filter for static IPs DHCP snooping prevents rogue DHCP servers and is the groundwork for all this. It builds a database of bindings and specifies where Read more…

By Matt Clemons, 7 yearsSeptember 28, 2017 ago

Security

Optionsbleed – mod_security

It’s easy to stop Optionsbleed with mod_security, unless you need HTTP OPTIONS on your web server. If you’re using CRS, you can uncomment rule number 900200 in crs-setup.conf. The idea here is to only allow what needs to be allowed, and drop everything else. Of course, if you’re not using Read more…

By Matt Clemons, 7 yearsSeptember 21, 2017 ago

Programming

Malware Challenge

This challenge has two phases. The first one involves creative thinking and research. The second one is live malware and reversing. Instructions and hints are built in. Rules and things you’ll need: 1. You need an isolated environment with a Windows Vista/7/10 VM guest, and a snapshot. On the VM, Read more…

By Matt Clemons, 7 yearsSeptember 20, 2017 ago

Linux

DNS over HTTPS

Google and others have been working on implementing DNS over HTTPS. https://tools.ietf.org/id/draft-hoffman-dns-over-https-00.html This allows bypass of things like RPZ, DNS blackholes, and other protections. All the more reason to start thinking about SSL inspection. The right to privacy is understandable, but protecting users, assets, and data is more important. This Read more…

By Matt Clemons, 7 yearsSeptember 19, 2017 ago

Security

Struts CVEs 2017

Struts vulnerable ISOs. https://pentesterlab.com/exercises/s2-045 https://struts.apache.org/docs/s2-045.html – CVE-2017-5638 https://pentesterlab.com/exercises/s2-052 https://struts.apache.org/docs/s2-052.html – CVE-2017-9805 Pentesterlab has over 20 free labs where you can learn some techniques used for some pretty big vulns that happened over the past few years. Pro version is 20 bucks a month. Good to see someone doing this again. Read more…

By Matt Clemons, 7 yearsSeptember 19, 2017 ago

Security

MISP, Bro and RPZ

MISP is free and it’s one of the best threat sharing platforms I could find. The beauty of MISP is how easy it is to integrate with tools like bro, Snort, and RPZ. You can do API calls and pull in only the data that you want to either alert Read more…

By Matt Clemons, 7 yearsSeptember 8, 2017 ago

Networking

Zscaler

I’ve been comparing SSL decryption services and devices, and Zscaler is much more than that. It’s an all-in-one Content Filtering, SSL decrypting, DLP, Bandwidth controlling(quota), IPS, Malware preventing(including sandbox) awesome cloud based solution. AND, It works with mobile devices even if they’re roaming! The solution consists of GRE tunnels out Read more…

By Matt Clemons, 7 yearsSeptember 6, 2017 ago