Education
Some friends and I did some testing this evening with TOX clients. We wanted to take a look at PERSEC/OPSEC considerations for using TOX. I also had a sneaky suspicion that it might out of the box leak more than people would appreciate (just a hunch and you don’t know until you test right!).
So, we setup a test. In the test we had:
Read more “Some TOX Clients Leak Egress IP addresses”
Education
Whilst the common person will largely link the words “hacker/hackers” to criminal the reality is hackers are scientists/artists/creators/ComputerOperators and the choice of being a criminal or not is down to actions and consequences. So the debate about if you identify as “hacker” does that make you a criminal, well it’s nonsense isn’t it. I could call myself a pony but it won’t make me one, much like I could call myself a criminal and I could be entirely law abiding.
Read more “Am I a criminal or am I a cybersecurity crime fighter?”
Guides
I was doing some WordPress foo on the site (I know right, shockingly I don’t want to hand craft a website and I’d rather be helping customers or really anything else really) and I came into this error when I was installing the wpforms plugins:
file_put_contents(/var/www/wordpress/wp-content/uploads/wpforms/cache/addons.json): failed to open stream: Permission denied in /var/www/wordpress/wp-content/plugins/wpforms-lite/src/Helpers/CacheBase.php on line 215
Education
Do you ever get the feeing you are being watched? What about listening to it? Do you ever talk about a subject and then see it appear in adverts despite never using a computer to search for it?
Well don’t worry there’s lots of reasons as to why this can occur, and whilst you might want to think someone is spying on you, the truth is they probably aren’t looking for you, but they might be harvesting your data.
Read more “Is my house spying on me?”
IOT
The digital explosion, the consumerization of technology and the world of internet connected fridges leads to a range of security and privacy risks.
There’s lots of work that’s occurred in this space, for example there is the : Code of Practice for Consumer IoT Security
Read more “IoT Security”
Threat Intel
Ransomware this, ransomware that! The problem is, you can be tired of the subject but that doesn’t mean the threat has gone away! So what are the currently active ransomware groups posting victims?
Well here’s a list of currently active group (Both Ransomware and Marketplaces) names who have ONLINE “DARK WEB” (TOR) hidden services online and who are posting victims or are markets:
Read more “Active Cybercrime Groups”
Threat Intel
https://www.icann.org/resources/pages/dnssec-what-is-it-why-important-2019-03-05-en
Ok read all that good. What we are talking about here is signing a DNS zone to “assure” that the client is getting DNS responses from the right ZONE data. DNSSEC does not encrypt the conversation between DNS client and DNS server. It does enable the client to be able to check if the data it gets back is valid. In short what we are doing is validating that the “data” being returned is authorized and not tampered with.
Read more “DNSSEC – why not having a signed zone is almost never going to lead to you getting pwn3d”
Education
There are major questions that must be answered here!
Getting into Cyber
Quick, I’ll tell you a little secret… to get into CYBER you must first follow this guide:
Now if you are going to GET INTO CYBER you need to have a range of things:
Right ok, so let’s get some Hacking Skills!
Head over to KALI LINUX and download KALI
Read more “How to get into Cyber? It’s EASY!”
Threat Intel
Thousands of ESXi hosts around (some of the) globe have been encrypted by cyber criminals. This post is a fast publish showing some of what has occurred, it’s impact and now includes limited remedial advice.
If you have been affected by this ransomware event there is an attempted recovery script by CISA
https://github.com/cisagov/ESXiArgs-Recover/blob/main/recover.sh
Read more “ESXiARGS Ransomware – Global Incident”