GoPhish as a service over SSL on Ubuntu

Recently I needed to setup a GoPhish instance which needed to run as a service and also present its landing page via a fully qualified domain name over SSL. I coouldn’t find a succinct gide which had all the steps … Continue Reading

Ethical Hacking Reconnaissance Plan: Port Scanning with nmap

Port Scanning is the next phase in an Ethical Hacking Reconnaissance Plan and follows on from the footprinting phase. Traditional ethical hacking plans have ‘Scanning’ follow ‘Reconnaissance’ which is quite confusing. The key differentiation to take note of here is … Continue Reading

Ethical Hacking Reconnaissance Plan: Active Footprinting

This post is a continuation of the tools and techniques used during the Ethical Hacking Reconnaissance phase. In the previous post I highlighted the passive footprinting techniques. In this post I will discuss the active footprinting techniques. Active footprinting involves … Continue Reading

PFSense – Suricata 4.0.0 Service Starts and then Fails – Resolved

I recently ran into an issue installing Suricata on PFSense which took some time and a team effort to resolve. To save you time I am posting the resolution here. Symptom Suricata installs without any errors but once you define … Continue Reading

Removing Crypto-Mining Malware from Windows using SysInternals Tools

I recently had a Hyper-V server commissioned in a data center for a specific project. Unfortunately the engineers who commissioned the server did not install any Windows Updates and ‘secured’ the server with a very weak password. As a result, … Continue Reading

PFSense – Enabling Administration via the WAN Interface

About PFSense PFsense is an open source firewall and routing solution which is built on FreeBSD. This firewall solution is the unsung hero of open source firewalls so if you have not seen it, get your hands dirty and you … Continue Reading

Hardening WordPress – Robots.txt

WordPress possesses a virtual robots.txt file which means that no actual file is present on the web server, WordPress generates this file each time someone visits your site. A robots.txt file is a good idea to make your site search … Continue Reading

Hardening WordPress – Hiding Directory Listing

A common WordPress configuration error is permitting directory listing or directory browsing as it is also known. Unless you have a specific use case where you have to have directory listing enabled, this should be disabled as it is information … Continue Reading

Hardening WordPress – PHP Configuration

WordPress is written in PHP. In order to properly secure WordPress one needs to ensure that your server’s global PHP settings are configured in a secure manner in order to mitigate any security risks that may exist. In a shared … Continue Reading