Traffic mirroring in Linux

It comes in hand when analyzing traffic to forward a copy of the traffic to a specific IP where a machine is listening and running Wireshark & stuff. It’s very useful for routers that don’t have the capabilities to run network analysis tools (like DD-WRT). Just run the following commands replacing the field with the… Continue reading Traffic mirroring in Linux

Permanent IP forwarding in Linux

We usually do # echo 1 > /proc/sys/net/ipv4/ip_forward when we want to enable forwarding in Linux. If you want to make this change permanent, you need to edit the /etc/sysctl.conf file and add or uncomment the following line net.ipv4.ip_forward = 1

Password policies in Windows

To access the password policy in Windows just go to Start and type in the search box secpol.msc. Click on secpol and you’ll be presented with the security policy. Go to Account Policies, then click on Password Policy. The options, explained: History – how many passwords will Windows store (you won’t be able to reuse… Continue reading Password policies in Windows

OWASP Romania

If you are an English speaker, well, this is a post announcing and promoting the Romanian Chapter of OWASP. You can join your local chapter or the global effort of OWASP to improve information security. ### OWASP (The Open Web Application Security Project) are acum deschisa o organizatie locala si in Romania. Suntem in cautare de noi… Continue reading OWASP Romania

Techniques to play with custom and encrypted protocols

An interesting presentation from DEFCON20 provided by Elie Bursztein and Patrik Samy called “Fuzzing Online Games” touches areas of application security where traffic analysis is not enough to perform a penetration test. As stated by the authors: “In a nutshell the lack of direct access to the game server and having to deal with clients… Continue reading Techniques to play with custom and encrypted protocols

Webmin and Virtualmin installation on Debian

Now that we have a fresh and clean Debian installation we can proceed to Webmin and Virtualmin installation. Althou installing Apache, MySQL and other stuff needed for a web server by hand is not hard and you can find a lot of support I prefer installing Webmin and Virtualmin to ease the administrative tasks. If… Continue reading Webmin and Virtualmin installation on Debian

Install a clean Debian on Virtualbox

I don’t test my ‘ideas’ on live servers, nor do I keep unnecessary hardware around the house to play with them. So I use the other option in hand, a virtual machine. Despite the fact that this will be a VM installation of Debian, the idea for a very clean and basic installation is the… Continue reading Install a clean Debian on Virtualbox