Security

Last Modified: ; Created:

Security

2WIRE router and strange default password choice

ATT Uverse 2Wire modem shows wireless network key anonymously

AWS Security Architecture work I've done

BSides Oklahoma 2017

Bypassing CSP XSS Protection

CAPTCHA used to cause worse security

CVE-2015-8503 SecurityCenter .audit File Upload Stored XSS

CVE-2019-5615 Rapid7 insightVM (Nexpose) clear text password exposure

CVE-2019-5630

Calix GigaSpire router and unexpected TR-069 listening port

Chapter I wrote for the OpenStack Security Guide

Compile Netcat on Windows using MinGW

Cracking Metasploitable2 Root Password Hash

Distributed rainbow table lookup of WPA passwords

Good explanation of when and why to use HMAC

Good site to find security tools

Google Spreadsheet Vuln - CSRF and JSON Hijacking allows data theft

Google domain phishing weakness

Hacking shell ioctl workaround

How OpenSSH checks for locked Linux accounts

How to port scan check for OpenVPN over UDP port

IPMI recent public vulnerabilities

Installing Linux (OpenWRT) on a home router with remote VPN access

LastPass security bug on Android

MFA (2FA) to Standalone Windows Pro Local Account via Remote Desktop (RDP)

Making App Password Changes Easier

McAfee Denial of Service bug I found

Mitigating attacks against FDE (BitLocker, TrueCrypt, etc) via Firewire, Thunderbolt, or DMA

Parallel ZIP password recovery program

Programming an attiny85 for BadUSB Rubber Ducky

Protecting against MITM and sslstrip attacks

Restrict YouTube in OpenWrt

Restricting HTTP methods in Java J2EE 6

Scanning your ftp server?

Secure SSL/TLS settings for Apache 2.4

Shadow IT In The Cloud

Slack announcement-only channel post restriction bypass

Stats from an SSH Honeypot

Test your DNS malware filter is blocking correctly

Tinkering with ISP autogenpassword ZyXel EMG2926-Q10A wifi router

Toggle drive readonly for ransomware protection

Unattended, Unlocked, Unprotected Terminals - User Security Training with USB Rubber Ducky

Understanding Cryptographic Key Sizes

Useful sites for security testing

Why suid scripts aren't safe

XSS (Cross-site Scripting) and Flash

aws-api-key-auto-rotator and InnoTech OKC presentation

reCAPTCHA weakened

sslstrip on OpenWRT (Linux) wireless router