A friend and mentor in the field introduced me to Wazuh. An open source, free to use tool for security. He was looking at the tool to understand some of it’s inner functionality for his own projects, but when I was reviewing it with him I was impressed by it’s feature set. First off, being open source means that Wazuh has source code published online that anyone can use, review, or extend.

Cloudflare offers some amazing, and free, products to secure personal use, self-hosted applications and devices. Last week, I set up a server at home running docker containers. By using Cloudflare I can securely make those docker containers internet accessible. Previously in order to do that, I’d have to open a port through my home router and accept any traffic from the internet on that port. This is visible and allows a home IP to appear in use to anyone who scans it.

This blog post is a record of what I did to spin up a home server that uses Docker for various side projects and fun. One of the pain points of having projects that involve computer applications, websites, or code is that it needs to be hosted somewhere to run. Our personal computers are not usually online for projects that could be running all the time. Creating physical servers or paying for cloud hosting can get expenive fast for passion projects or proof of concepts.

Every computer, social media platform, or online tool requries some level of authentication. This usually requires a username and password. Correctly managing these credentials can be a defining point in defending yourself from an online attacker. What if I told you that a hand written log of passwords is not the most insecure means of password management? Key requirements of credentials Lets start with the basics. A username is a value that is used to identify a user and a password is a secret that is used to verify a user is who they claim to be.

In this post, we will review the basics of phishing as a part of cybersecurity month. Many organizations, goverments, and infosec companies prepare ways to inform the general public on how to prevent falling victim to these kinds of attacks. Hopefully by the end of this, you will know what phishing is and have a few things to review falling victim to criminals that may be targeting you. What is Phishing?

The month of October is Cybersecurity Awareness Month. The National Cybersecurity Alliance (NCA) has partnered with US government agencies to promote understanding of security topics. Many communities and security companies use this month as an opportunity to reach out to the general public as well. This year, I have partnered with NCA as a awareness champion to promote four topics with my readers. On top of that I will be reposting related threads on Twitter and sharing about additional opportunities that could benefit you.

Words of inspiration for many and an explanation to others who only see hackers as problems. Maybe one day I’ll base this manifesto to write my own. First it’s important to dig deep and see what’s going on then find how to put it into one clear document. Copied from Phrack Magazine <pre class="wp-block-preformatted">==Phrack Inc.== Volume One, Issue 7, Phile 3 of 10 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= The following was written shortly after my arrest.

On Wednesday April 10th, Misec Lasning held a panel to discuss getting into infosec. Four members of the infosec community shared their stories and advice. I was honored to be on the panel with three others; Kyle Andrus, Melissa Terwilliger, and Brian Martinez. Check out the recorded presentation below to see everyone’s answers! Transitioning from other disciplines to infosec, how should it be done? There is no wrong way to get into infosec.

A lot of people ask “How do I get into infosec?” but that is a tough question to answer. There is not one path to follow and there is not one destination either. However if you ask anyone who’s already in the position you’re searching for. A common theme arises, that is years of experience or thousands of dollars for training. Until you’re able to join a company to pay for that training.

Have you ever wondered how web applications do validation on forms? How does the app know when your input is really an email address? In most PHP applications, this is done using regular expressions (Regex). I’ve previously posted about how to defend against XSS and SQL injection. Checking strings with a white list of allowed characters is one of the easiest changes a developer can make. Regex makes this easy in most programming languages.

I hope you’ve been enjoying my posts. I know that writing these posts have been a good outlet for all I have learned over the last few years. This website is hosted on a VM, but it’s still a server that’s vulnerable to your every day hacks. For instance, every day someone pings my server, finds the SSH port and attempts to brute force into it. Now while there’s nothing here for them to steal, there’s still 20GB of free internet storage for whatever they want and the only thing stopping that brute force attack is that they can’t guess my password.

This is an article about defending from attacks, but we can use it as the “7 steps of hacking”. This shows the basic categories of where we can exploit vulnerabilities. So use this for ideas as to how you can break into a network but beware because it’s also how people defend against us. EDIT: Don’t get ahead of yourselves, if this looks completely foreign to you, keep working at things that are simpler.

If you’ve never played with BASH/terminal or you don’t know what Linux is. I suggest you read into that first before you get much further into hacking. Most of Kali’s toys are based off of the terminal, so in order to run them, you will be typing commands like “nmap -A http://your-ip-address”. This link is Offensive Security’s website where they have some awesome documentation about what’s available on Kali.

Everyone wants to break into their neighbors wifi or steal someones password at Starbucks, but depending on National, State, and local law, even packet sniffing could be illegal. So how do we safely practice how to hack before we are ready to find Sony’s back door? We set up a environment for virtual machines on our local computer or server! For those of you who don’t know what a Virtual Machine is, it’s a “computer” inside your computer.

Step 2: Learn the basics Google and the internet is your friend. If you can’t take a class, there is a multitude of online resources you can use. Whether you’re trying to learn programming and use Stackoverflow or you’re learning about basic hacking skills and want to use Hacking Highschool; you really do need to have some understanding of how things work before you try to hack them.